Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(federation): auto-accept shares from trusted servers #49973

Merged
merged 7 commits into from
Jan 9, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,6 @@
#[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)]
class RequestHandlerController extends OCSController {

/** @var string */
private $shareTable = 'share';

public function __construct(
string $appName,
IRequest $request,
Expand Down
57 changes: 24 additions & 33 deletions apps/federatedfilesharing/lib/FederatedShareProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -909,99 +909,90 @@ public function userDeletedFromGroup($uid, $gid) {
}

/**
* check if users from other Nextcloud instances are allowed to mount public links share by this instance
*
* @return bool
* Check if users from other Nextcloud instances are allowed to mount public links share by this instance
*/
public function isOutgoingServer2serverShareEnabled() {
public function isOutgoingServer2serverShareEnabled(): bool {
if ($this->gsConfig->onlyInternalFederation()) {
return false;
}
$result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
return ($result === 'yes');
return $result === 'yes';
}

/**
* check if users are allowed to mount public links from other Nextclouds
*
* @return bool
* Check if users are allowed to mount public links from other Nextclouds
*/
public function isIncomingServer2serverShareEnabled() {
public function isIncomingServer2serverShareEnabled(): bool {
if ($this->gsConfig->onlyInternalFederation()) {
return false;
}
$result = $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
return ($result === 'yes');
return $result === 'yes';
}


/**
* check if users from other Nextcloud instances are allowed to send federated group shares
*
* @return bool
* Check if users from other Nextcloud instances are allowed to send federated group shares
*/
public function isOutgoingServer2serverGroupShareEnabled() {
public function isOutgoingServer2serverGroupShareEnabled(): bool {
if ($this->gsConfig->onlyInternalFederation()) {
return false;
}
$result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no');
return ($result === 'yes');
return $result === 'yes';
}

/**
* check if users are allowed to receive federated group shares
*
* @return bool
* Check if users are allowed to receive federated group shares
*/
public function isIncomingServer2serverGroupShareEnabled() {
public function isIncomingServer2serverGroupShareEnabled(): bool {
if ($this->gsConfig->onlyInternalFederation()) {
return false;
}
$result = $this->config->getAppValue('files_sharing', 'incoming_server2server_group_share_enabled', 'no');
return ($result === 'yes');
return $result === 'yes';
}

/**
* check if federated group sharing is supported, therefore the OCM API need to be enabled
*
* @return bool
* Check if federated group sharing is supported, therefore the OCM API need to be enabled
*/
public function isFederatedGroupSharingSupported() {
public function isFederatedGroupSharingSupported(): bool {
return $this->cloudFederationProviderManager->isReady();
}

/**
* Check if querying sharees on the lookup server is enabled
*
* @return bool
*/
public function isLookupServerQueriesEnabled() {
public function isLookupServerQueriesEnabled(): bool {
// in a global scale setup we should always query the lookup server
if ($this->gsConfig->isGlobalScaleEnabled()) {
return true;
}
$result = $this->config->getAppValue('files_sharing', 'lookupServerEnabled', 'yes');
return ($result === 'yes');
return $result === 'yes';
}


/**
* Check if it is allowed to publish user specific data to the lookup server
*
* @return bool
*/
public function isLookupServerUploadEnabled() {
public function isLookupServerUploadEnabled(): bool {
// in a global scale setup the admin is responsible to keep the lookup server up-to-date
if ($this->gsConfig->isGlobalScaleEnabled()) {
return false;
}
$result = $this->config->getAppValue('files_sharing', 'lookupServerUploadEnabled', 'yes');
return ($result === 'yes');
return $result === 'yes';
}

/**
* @inheritdoc
* Check if auto accepting incoming shares from trusted servers is enabled
*/
public function isFederatedTrustedShareAutoAccept(): bool {
$result = $this->config->getAppValue('files_sharing', 'federatedTrustedShareAutoAccept', 'yes');
return $result === 'yes';
}

public function getAccessList($nodes, $currentAccess) {
$ids = [];
foreach ($nodes as $node) {
Expand Down
13 changes: 13 additions & 0 deletions apps/federatedfilesharing/lib/OCM/CloudFederationProviderFiles.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
use OC\Files\Filesystem;
use OCA\FederatedFileSharing\AddressHandler;
use OCA\FederatedFileSharing\FederatedShareProvider;
use OCA\Federation\TrustedServers;
use OCA\Files_Sharing\Activity\Providers\RemoteShares;
use OCA\Files_Sharing\External\Manager;
use OCA\GlobalSiteSelector\Service\SlaveService;
Expand Down Expand Up @@ -66,6 +67,7 @@ public function __construct(
private LoggerInterface $logger,
private IFilenameValidator $filenameValidator,
private readonly IProviderFactory $shareProviderFactory,
private TrustedServers $trustedServers,
) {
}

Expand Down Expand Up @@ -163,6 +165,11 @@ public function shareReceived(ICloudFederationShare $share) {
->setObject('remote_share', $shareId, $name);
\OC::$server->getActivityManager()->publish($event);
$this->notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $ownerDisplayName);

// If auto-accept is enabled, accept the share
if ($this->federatedShareProvider->isFederatedTrustedShareAutoAccept() && $this->trustedServers->isTrustedServer($remote)) {
$this->externalShareManager->acceptShare($shareId, $shareWith);
}
} else {
$groupMembers = $this->groupManager->get($shareWith)->getUsers();
foreach ($groupMembers as $user) {
Expand All @@ -174,8 +181,14 @@ public function shareReceived(ICloudFederationShare $share) {
->setObject('remote_share', $shareId, $name);
\OC::$server->getActivityManager()->publish($event);
$this->notifyAboutNewShare($user->getUID(), $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $ownerDisplayName);

// If auto-accept is enabled, accept the share
if ($this->federatedShareProvider->isFederatedTrustedShareAutoAccept() && $this->trustedServers->isTrustedServer($remote)) {
$this->externalShareManager->acceptShare($shareId, $user->getUID());
}
}
}

return $shareId;
} catch (\Exception $e) {
$this->logger->error('Server can not add remote share.', [
Expand Down
2 changes: 2 additions & 0 deletions apps/federatedfilesharing/lib/Settings/Admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ public function getForm() {
$this->initialState->provideInitialState('incomingServer2serverGroupShareEnabled', $this->fedShareProvider->isIncomingServer2serverGroupShareEnabled());
$this->initialState->provideInitialState('lookupServerEnabled', $this->fedShareProvider->isLookupServerQueriesEnabled());
$this->initialState->provideInitialState('lookupServerUploadEnabled', $this->fedShareProvider->isLookupServerUploadEnabled());
$this->initialState->provideInitialState('federatedTrustedShareAutoAccept', $this->fedShareProvider->isFederatedTrustedShareAutoAccept());

return new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');
}
Expand Down Expand Up @@ -76,6 +77,7 @@ public function getAuthorizedAppConfig(): array {
'incomingServer2serverGroupShareEnabled',
'lookupServerEnabled',
'lookupServerUploadEnabled',
'federatedTrustedShareAutoAccept',
],
];
}
Expand Down
28 changes: 28 additions & 0 deletions apps/federatedfilesharing/src/components/AdminSettings.vue
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,18 @@
@update:checked="update('lookupServerUploadEnabled', lookupServerUploadEnabled)">
{{ t('federatedfilesharing', 'Allow people to publish their data to a global and public address book') }}
</NcCheckboxRadioSwitch>

<!-- Trusted server handling -->
<div class="settings-subsection">
<h3 class="settings-subsection__name">
{{ t('federatedfilesharing', 'Trusted federation') }}
</h3>
<NcCheckboxRadioSwitch type="switch"
:checked.sync="federatedTrustedShareAutoAccept"
@update:checked="update('federatedTrustedShareAutoAccept', federatedTrustedShareAutoAccept)">
{{ t('federatedfilesharing', 'Automatically accept shares from trusted federated accounts and groups by default') }}
</NcCheckboxRadioSwitch>
</div>
</NcSettingsSection>
</template>

Expand Down Expand Up @@ -74,6 +86,7 @@ export default {
federatedGroupSharingSupported: loadState('federatedfilesharing', 'federatedGroupSharingSupported'),
lookupServerEnabled: loadState('federatedfilesharing', 'lookupServerEnabled'),
lookupServerUploadEnabled: loadState('federatedfilesharing', 'lookupServerUploadEnabled'),
federatedTrustedShareAutoAccept: loadState('federatedfilesharing', 'federatedTrustedShareAutoAccept'),
internalOnly: loadState('federatedfilesharing', 'internalOnly'),
sharingFederatedDocUrl: loadState('federatedfilesharing', 'sharingFederatedDocUrl'),
}
Expand Down Expand Up @@ -111,3 +124,18 @@ export default {
},
}
</script>
<style scoped>
.settings-subsection {
margin-top: 20px;
}

.settings-subsection__name {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: use scss and move this into .settings-subsection?

display: inline-flex;
align-items: center;
justify-content: center;
font-size: 16px;
font-weight: bold;
max-width: 900px;
margin-top: 0;
}
</style>
7 changes: 6 additions & 1 deletion apps/federatedfilesharing/tests/Settings/AdminTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -91,10 +91,14 @@ public function testGetForm($state): void {
->expects($this->once())
->method('isIncomingServer2serverGroupShareEnabled')
->willReturn($state);
$this->federatedShareProvider
->expects($this->once())
->method('isFederatedTrustedShareAutoAccept')
->willReturn($state);
$this->gsConfig->expects($this->once())->method('onlyInternalFederation')
->willReturn($state);

$this->initialState->expects($this->exactly(9))
$this->initialState->expects($this->exactly(10))
->method('provideInitialState')
->withConsecutive(
['internalOnly', $state],
Expand All @@ -106,6 +110,7 @@ public function testGetForm($state): void {
['incomingServer2serverGroupShareEnabled', $state],
['lookupServerEnabled', $state],
['lookupServerUploadEnabled', $state],
['federatedTrustedShareAutoAccept', $state]
);

$expected = new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');
Expand Down
12 changes: 0 additions & 12 deletions apps/federation/appinfo/routes.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,6 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
return [
'routes' => [
[
'name' => 'Settings#addServer',
'url' => '/trusted-servers',
'verb' => 'POST'
],
[
'name' => 'Settings#removeServer',
'url' => '/trusted-servers/{id}',
'verb' => 'DELETE'
],
],
'ocs' => [
// old endpoints, only used by Nextcloud and ownCloud
[
Expand Down
1 change: 0 additions & 1 deletion apps/federation/composer/composer/autoload_classmap.php
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
'OCA\\Federation\\DAV\\FedAuth' => $baseDir . '/../lib/DAV/FedAuth.php',
'OCA\\Federation\\DbHandler' => $baseDir . '/../lib/DbHandler.php',
'OCA\\Federation\\Listener\\SabrePluginAuthInitListener' => $baseDir . '/../lib/Listener/SabrePluginAuthInitListener.php',
'OCA\\Federation\\Middleware\\AddServerMiddleware' => $baseDir . '/../lib/Middleware/AddServerMiddleware.php',
'OCA\\Federation\\Migration\\Version1010Date20200630191302' => $baseDir . '/../lib/Migration/Version1010Date20200630191302.php',
'OCA\\Federation\\Settings\\Admin' => $baseDir . '/../lib/Settings/Admin.php',
'OCA\\Federation\\SyncFederationAddressBooks' => $baseDir . '/../lib/SyncFederationAddressBooks.php',
Expand Down
1 change: 0 additions & 1 deletion apps/federation/composer/composer/autoload_static.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ class ComposerStaticInitFederation
'OCA\\Federation\\DAV\\FedAuth' => __DIR__ . '/..' . '/../lib/DAV/FedAuth.php',
'OCA\\Federation\\DbHandler' => __DIR__ . '/..' . '/../lib/DbHandler.php',
'OCA\\Federation\\Listener\\SabrePluginAuthInitListener' => __DIR__ . '/..' . '/../lib/Listener/SabrePluginAuthInitListener.php',
'OCA\\Federation\\Middleware\\AddServerMiddleware' => __DIR__ . '/..' . '/../lib/Middleware/AddServerMiddleware.php',
'OCA\\Federation\\Migration\\Version1010Date20200630191302' => __DIR__ . '/..' . '/../lib/Migration/Version1010Date20200630191302.php',
'OCA\\Federation\\Settings\\Admin' => __DIR__ . '/..' . '/../lib/Settings/Admin.php',
'OCA\\Federation\\SyncFederationAddressBooks' => __DIR__ . '/..' . '/../lib/SyncFederationAddressBooks.php',
Expand Down
20 changes: 11 additions & 9 deletions apps/federation/css/settings-admin.css
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,13 @@

#listOfTrustedServers li {
padding-bottom: 10px;
display: flex;
align-items: center;
}

.removeTrustedServer {
display: none;
vertical-align:middle;
vertical-align: middle;
padding-inline-start: 10px;
}

Expand All @@ -26,20 +28,20 @@
}

#listOfTrustedServers .icon {
cursor: pointer;
display: inline-block;
cursor: pointer;
vertical-align: middle;
margin-inline-start: 10px;
}

#ocFederationAddServer #serverUrl {
width: 270px;
}

.serverUrl-block {
max-width: 310px;
display: flex;
flex-direction: row;
align-items: center;
justify-content: space-between;
flex-direction: row;
justify-content: flex-start;
gap: 8px;
}

.serverUrl-block input {
width: 270px;
}
16 changes: 8 additions & 8 deletions apps/federation/js/settings-admin.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,6 @@
});

$inpServerUrl.on("change keyup", function (e) {

console.log("typing away");

var url = $(this).val();

// toggle add-button visibility based on input length
Expand All @@ -79,11 +76,14 @@
OC.msg.startSaving('#ocFederationAddServer .msg');

$.post(
OC.generateUrl('/apps/federation/trusted-servers'),
OC.getRootPath() + '/ocs/v2.php/apps/federation/trusted-servers',
skjnldsv marked this conversation as resolved.
Show resolved Hide resolved
{
url: url
}
).done(function (data) {
},
null,
'json'
).done(function({ ocs }) {
var data = ocs.data;
$("#serverUrl").attr('value', '');
$("#listOfTrustedServers").prepend(
$('<li>')
Expand All @@ -95,13 +95,13 @@
OC.msg.finishedSuccess('#ocFederationAddServer .msg', data.message);
})
.fail(function (jqXHR) {
OC.msg.finishedError('#ocFederationAddServer .msg', JSON.parse(jqXHR.responseText).message);
OC.msg.finishedError('#ocFederationAddServer .msg', JSON.parse(jqXHR.responseText).ocs.meta.message);
});
};

function removeServer( id ) {
$.ajax({
url: OC.generateUrl('/apps/federation/trusted-servers/' + id),
url: OC.getRootPath() + '/ocs/v2.php/apps/federation/trusted-servers/' + id,
type: 'DELETE',
success: function(response) {
$("#ocFederationSettings").find("#" + id).remove();
Expand Down
Loading
Loading