Skip to content

Commit

Permalink
fixup! fix(federation) Implement new federation method to validate or…
Browse files Browse the repository at this point in the history 
…igin of OCM messages
  • Loading branch information
@nickvergessen
nickvergessen committed Dec 5, 2024
1 parent 5fd1ca5 commit 8079f00
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 7 deletions.
27 changes: 23 additions & 4 deletions lib/Federation/CloudFederationProviderTalk.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
namespace OCA\Talk\Federation;

use Exception;
use NCU\Federation\ISignedCloudFederationProvider;
use OCA\FederatedFileSharing\AddressHandler;
use OCA\Talk\AppInfo\Application;
use OCA\Talk\CachePrefix;
Expand Down Expand Up @@ -36,6 +37,7 @@
use OCA\Talk\Service\ProxyCacheMessageService;
use OCA\Talk\Service\RoomService;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Db\MultipleObjectsReturnedException;
use OCP\AppFramework\Http;
use OCP\AppFramework\Services\IAppConfig;
use OCP\AppFramework\Utility\ITimeFactory;
Expand All @@ -59,7 +61,7 @@
use Psr\Log\LoggerInterface;
use SensitiveParameter;

class CloudFederationProviderTalk implements ICloudFederationProvider {
class CloudFederationProviderTalk implements ICloudFederationProvider, ISignedCloudFederationProvider {
protected ?ICache $proxyCacheMessages;

public function __construct(
Expand Down Expand Up @@ -639,8 +641,25 @@ public function getSupportedShareTypes(): array {
* @param string $token
* @return string|array
*/
public function getFederationIdFromToken(string $token): string|array {
$invite = $this->invitationMapper->getByAccessToken($token);
return [$invite->getLocalCloudId(), $invite->getInviterCloudId()];
public function getFederationIdsFromSharedSecret(
#[SensitiveParameter]
string $sharedSecret,
array $payload,
): array {
try {
$invite = $this->invitationMapper->getByRemoteServerOnlyWithAccessToken($payload['remoteServerUrl'], $sharedSecret);
return [$invite->getLocalCloudId(), $invite->getInviterCloudId()];
} catch (DoesNotExistException) {
}

try {
$attendee = $this->attendeeMapper->getByAccessToken($sharedSecret);
if (str_ends_with($attendee->getActorId(), $payload['remoteServerUrl'])) {
return [$attendee->getActorId()];
}
} catch (DoesNotExistException|MultipleObjectsReturnedException) {
}

return [];
}
}
13 changes: 13 additions & 0 deletions lib/Model/AttendeeMapper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,19 @@ public function getById(int $id): Attendee {
return $this->findEntity($query);
}

/**
* @throws DoesNotExistException
* @throws MultipleObjectsReturnedException
*/
public function getByAccessToken(string $accessToken): Attendee {
$query = $this->db->getQueryBuilder();
$query->select('*')
->from($this->getTableName())
->where($query->expr()->eq('access_token', $query->createNamedParameter($accessToken)));

return $this->findEntity($query);
}

/**
* @throws DoesNotExistException
* @throws MultipleObjectsReturnedException
Expand Down
7 changes: 5 additions & 2 deletions lib/Model/InvitationMapper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

use OCA\Talk\Room;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Db\MultipleObjectsReturnedException;
use OCP\AppFramework\Db\QBMapper;
use OCP\DB\QueryBuilder\IQueryBuilder;
use OCP\IDBConnection;
Expand Down Expand Up @@ -48,15 +49,17 @@ public function getInvitationById(int $id): Invitation {
* @throws DoesNotExistException
* @internal Does not check user relation
*/
public function getByAccessToken(
public function getByRemoteServerOnlyWithAccessToken(
string $remoteServerUrl,
#[SensitiveParameter]
string $accessToken,
): Invitation {
$qb = $this->db->getQueryBuilder();

$qb->select('*')
->from($this->getTableName())
->where($qb->expr()->eq('access_token', $qb->createNamedParameter($accessToken)));
->where($qb->expr()->eq('remote_server_url', $qb->createNamedParameter($remoteServerUrl)))
->andWhere($qb->expr()->eq('access_token', $qb->createNamedParameter($accessToken)));

return $this->findEntity($qb);
}
Expand Down
16 changes: 15 additions & 1 deletion tests/psalm-baseline.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<files psalm-version="5.26.0@4787eaf414e16c661902b94dfe5d882223e5b513">
<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0">
<file src="lib/AppInfo/Application.php">
<MissingDependency>
<code><![CDATA[CloudFederationProviderTalk]]></code>
</MissingDependency>
<UndefinedClass>
<code><![CDATA[BeforeTemplateRenderedEvent]]></code>
<code><![CDATA[BeforeTemplateRenderedEvent]]></code>
Expand All @@ -26,6 +29,17 @@
<code><![CDATA[$this->request->server]]></code>
</NoInterfaceProperties>
</file>
<file src="lib/Federation/CloudFederationProviderTalk.php">
<UndefinedClass>
<code><![CDATA[ISignedCloudFederationProvider]]></code>
</UndefinedClass>
</file>
<file src="lib/Federation/Proxy/TalkV1/Listener/ResourceTypeRegisterListener.php">
<MissingDependency>
<code><![CDATA[$this->talkProvider]]></code>
<code><![CDATA[protected]]></code>
</MissingDependency>
</file>
<file src="lib/Files/Util.php">
<InvalidArgument>
<code><![CDATA[$fileId]]></code>
Expand Down

0 comments on commit 8079f00

Please sign in to comment.