From c2f81e307da78395b98519e530c751e2553612e2 Mon Sep 17 00:00:00 2001 From: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> Date: Wed, 4 Mar 2026 17:22:20 +0100 Subject: [PATCH 1/2] fix(files_sharing): respect config to skip certificate verification This is important especially for local development, as certificate are self-signed. Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> --- apps/files_sharing/lib/AppInfo/Application.php | 4 +++- apps/files_sharing/lib/External/Manager.php | 11 +++++++++-- apps/files_sharing/lib/External/MountProvider.php | 10 +++++++++- apps/files_sharing/tests/External/ManagerTest.php | 6 +++++- lib/private/Files/Storage/DAV.php | 12 ++++++++++-- 5 files changed, 36 insertions(+), 7 deletions(-) diff --git a/apps/files_sharing/lib/AppInfo/Application.php b/apps/files_sharing/lib/AppInfo/Application.php index df77f88b401e2..43bdca52ca626 100644 --- a/apps/files_sharing/lib/AppInfo/Application.php +++ b/apps/files_sharing/lib/AppInfo/Application.php @@ -46,6 +46,7 @@ use OCP\Group\Events\GroupChangedEvent; use OCP\Group\Events\GroupDeletedEvent; use OCP\Group\Events\UserAddedEvent; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IGroup; use OCP\Share\Events\ShareCreatedEvent; @@ -69,7 +70,8 @@ public function register(IRegistrationContext $context): void { function () use ($c) { return $c->get(Manager::class); }, - $c->get(ICloudIdManager::class) + $c->get(ICloudIdManager::class), + $c->get(IConfig::class), ); }); diff --git a/apps/files_sharing/lib/External/Manager.php b/apps/files_sharing/lib/External/Manager.php index ddc30d28820dc..bb4f6a3779eba 100644 --- a/apps/files_sharing/lib/External/Manager.php +++ b/apps/files_sharing/lib/External/Manager.php @@ -20,6 +20,7 @@ use OCP\Files\NotFoundException; use OCP\Files\Storage\IStorageFactory; use OCP\Http\Client\IClientService; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IGroupManager; use OCP\IUserManager; @@ -72,6 +73,9 @@ class Manager { /** @var LoggerInterface */ private $logger; + /** @var IConfig */ + private $config; + public function __construct( IDBConnection $connection, \OC\Files\Mount\Manager $mountManager, @@ -85,7 +89,8 @@ public function __construct( IUserManager $userManager, IUserSession $userSession, IEventDispatcher $eventDispatcher, - LoggerInterface $logger + LoggerInterface $logger, + IConfig $config, ) { $user = $userSession->getUser(); $this->connection = $connection; @@ -101,6 +106,7 @@ public function __construct( $this->userManager = $userManager; $this->eventDispatcher = $eventDispatcher; $this->logger = $logger; + $this->config = $config; } /** @@ -167,7 +173,8 @@ public function addShare($remote, $token, $password, $name, $owner, $shareType, 'token' => $token, 'password' => $password, 'mountpoint' => $mountPoint, - 'owner' => $owner + 'owner' => $owner, + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'), ]; return $this->mountShare($options); } diff --git a/apps/files_sharing/lib/External/MountProvider.php b/apps/files_sharing/lib/External/MountProvider.php index 5abd3269ac79d..e9c7ab725d756 100644 --- a/apps/files_sharing/lib/External/MountProvider.php +++ b/apps/files_sharing/lib/External/MountProvider.php @@ -11,6 +11,7 @@ use OCP\Federation\ICloudIdManager; use OCP\Files\Config\IMountProvider; use OCP\Files\Storage\IStorageFactory; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IUser; @@ -32,15 +33,21 @@ class MountProvider implements IMountProvider { */ private $cloudIdManager; + /** + * @var IConfig + */ + private $config; + /** * @param \OCP\IDBConnection $connection * @param callable $managerProvider due to setup order we need a callable that return the manager instead of the manager itself * @param ICloudIdManager $cloudIdManager */ - public function __construct(IDBConnection $connection, callable $managerProvider, ICloudIdManager $cloudIdManager) { + public function __construct(IDBConnection $connection, callable $managerProvider, ICloudIdManager $cloudIdManager, IConfig $config) { $this->connection = $connection; $this->managerProvider = $managerProvider; $this->cloudIdManager = $cloudIdManager; + $this->config = $config; } public function getMount(IUser $user, $data, IStorageFactory $storageFactory) { @@ -52,6 +59,7 @@ public function getMount(IUser $user, $data, IStorageFactory $storageFactory) { $data['cloudId'] = $this->cloudIdManager->getCloudId($data['owner'], $data['remote']); $data['certificateManager'] = \OC::$server->getCertificateManager(); $data['HttpClientService'] = \OC::$server->getHTTPClientService(); + $data['verify'] = !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'); return new Mount(self::STORAGE, $mountPoint, $data, $manager, $storageFactory); } diff --git a/apps/files_sharing/tests/External/ManagerTest.php b/apps/files_sharing/tests/External/ManagerTest.php index 9aadbff48c602..92f8c2bf12df1 100644 --- a/apps/files_sharing/tests/External/ManagerTest.php +++ b/apps/files_sharing/tests/External/ManagerTest.php @@ -23,6 +23,7 @@ use OCP\Http\Client\IClientService; use OCP\Http\Client\IResponse; use OCP\ICacheFactory; +use OCP\IConfig; use OCP\IGroup; use OCP\IGroupManager; use OCP\IURLGenerator; @@ -79,6 +80,7 @@ class ManagerTest extends TestCase { private $testMountProvider; /** @var IEventDispatcher|\PHPUnit\Framework\MockObject\MockObject */ private $eventDispatcher; + private IConfig $config; protected function setUp(): void { parent::setUp(); @@ -90,6 +92,7 @@ protected function setUp(): void { ->disableOriginalConstructor()->getMock(); $this->cloudFederationProviderManager = $this->createMock(ICloudFederationProviderManager::class); $this->cloudFederationFactory = $this->createMock(ICloudFederationFactory::class); + $this->config = $this->createMock(IConfig::class); $this->groupManager = $this->createMock(IGroupManager::class); $this->userManager = $this->createMock(IUserManager::class); $this->eventDispatcher = $this->createMock(IEventDispatcher::class); @@ -113,7 +116,7 @@ protected function setUp(): void { $this->userManager, $this->createMock(ICacheFactory::class), $this->createMock(IEventDispatcher::class) - )); + ), $this->config); $group1 = $this->createMock(IGroup::class); $group1->expects($this->any())->method('getGID')->willReturn('group1'); @@ -165,6 +168,7 @@ private function createManagerForUser($userId) { $userSession, $this->eventDispatcher, $this->logger, + $this->config, ] )->setMethods(['tryOCMEndPoint'])->getMock(); } diff --git a/lib/private/Files/Storage/DAV.php b/lib/private/Files/Storage/DAV.php index 3480ee29248f6..0b019f32ceeec 100644 --- a/lib/private/Files/Storage/DAV.php +++ b/lib/private/Files/Storage/DAV.php @@ -48,6 +48,7 @@ class DAV extends Common { protected $host; /** @var bool */ protected $secure; + protected bool $verify; /** @var string */ protected $root; /** @var string */ @@ -102,12 +103,14 @@ public function __construct($params) { $this->authType = $params['authType']; } if (isset($params['secure'])) { + $this->verify = $params['verify'] ?? true; if (is_string($params['secure'])) { $this->secure = ($params['secure'] === 'true'); } else { $this->secure = (bool) $params['secure']; } } else { + $this->verify = false; $this->secure = false; } if ($this->secure === true) { @@ -151,6 +154,9 @@ protected function init() { $this->client->setThrowExceptions(true); if ($this->secure === true) { + if ($this->verify === false) { + $this->client->addCurlSetting(CURLOPT_SSL_VERIFYPEER, false); + } $certPath = $this->certManager->getAbsoluteBundlePath(); if (file_exists($certPath)) { $this->certPath = $certPath; @@ -338,7 +344,8 @@ public function fopen($path, $mode) { 'auth' => [$this->user, $this->password], 'stream' => true, // set download timeout for users with slow connections or large files - 'timeout' => $this->timeout + 'timeout' => $this->timeout, + 'verify' => $this->verify, ]); } catch (\GuzzleHttp\Exception\ClientException $e) { if ($e->getResponse() instanceof ResponseInterface @@ -494,7 +501,8 @@ protected function uploadFile($path, $target) { 'body' => $source, 'auth' => [$this->user, $this->password], // set upload timeout for users with slow connections or large files - 'timeout' => $this->timeout + 'timeout' => $this->timeout, + 'verify' => $this->verify, ]); $this->removeCachedFile($target); From eaed4ff959f678789e13ba7e0d3c092473942e68 Mon Sep 17 00:00:00 2001 From: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> Date: Thu, 19 Mar 2026 12:36:28 +0100 Subject: [PATCH 2/2] chore: apply cs-fixer Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> --- apps/files_sharing/lib/External/Manager.php | 26 ++++++++++----------- lib/private/Files/Storage/DAV.php | 4 ++-- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/apps/files_sharing/lib/External/Manager.php b/apps/files_sharing/lib/External/Manager.php index bb4f6a3779eba..e4587578bd195 100644 --- a/apps/files_sharing/lib/External/Manager.php +++ b/apps/files_sharing/lib/External/Manager.php @@ -77,20 +77,20 @@ class Manager { private $config; public function __construct( - IDBConnection $connection, - \OC\Files\Mount\Manager $mountManager, - IStorageFactory $storageLoader, - IClientService $clientService, - IManager $notificationManager, - IDiscoveryService $discoveryService, + IDBConnection $connection, + \OC\Files\Mount\Manager $mountManager, + IStorageFactory $storageLoader, + IClientService $clientService, + IManager $notificationManager, + IDiscoveryService $discoveryService, ICloudFederationProviderManager $cloudFederationProviderManager, - ICloudFederationFactory $cloudFederationFactory, - IGroupManager $groupManager, - IUserManager $userManager, - IUserSession $userSession, - IEventDispatcher $eventDispatcher, - LoggerInterface $logger, - IConfig $config, + ICloudFederationFactory $cloudFederationFactory, + IGroupManager $groupManager, + IUserManager $userManager, + IUserSession $userSession, + IEventDispatcher $eventDispatcher, + LoggerInterface $logger, + IConfig $config, ) { $user = $userSession->getUser(); $this->connection = $connection; diff --git a/lib/private/Files/Storage/DAV.php b/lib/private/Files/Storage/DAV.php index 0b019f32ceeec..2b1ace039704b 100644 --- a/lib/private/Files/Storage/DAV.php +++ b/lib/private/Files/Storage/DAV.php @@ -168,13 +168,13 @@ protected function init() { $lastRequestStart = 0; $this->client->on('beforeRequest', function (RequestInterface $request) use (&$lastRequestStart) { - $this->logger->debug('sending dav ' . $request->getMethod() . ' request to external storage: ' . $request->getAbsoluteUrl(), ['app' => 'dav']); + $this->logger->debug('sending dav ' . $request->getMethod() . ' request to external storage: ' . $request->getAbsoluteUrl(), ['app' => 'dav']); $lastRequestStart = microtime(true); $this->eventLogger->start('fs:storage:dav:request', 'Sending dav request to external storage'); }); $this->client->on('afterRequest', function (RequestInterface $request) use (&$lastRequestStart) { $elapsed = microtime(true) - $lastRequestStart; - $this->logger->debug('dav ' . $request->getMethod() . ' request to external storage: ' . $request->getAbsoluteUrl() . ' took ' . round($elapsed * 1000, 1) . 'ms', ['app' => 'dav']); + $this->logger->debug('dav ' . $request->getMethod() . ' request to external storage: ' . $request->getAbsoluteUrl() . ' took ' . round($elapsed * 1000, 1) . 'ms', ['app' => 'dav']); $this->eventLogger->end('fs:storage:dav:request'); }); }