Merge pull request #2165 from nextcloud/backport/2161/stable4

[stable4] Add app config to enable trusted domain list usage

docs/federated-editing.md

@@ -37,3 +37,9 @@ Collabora by default only allows embedding from the same remote that the initial
 Assuming gs1.example.com and gs2.example.com are Nextcloud servers:
 
 	coolconfig set net.frame_ancestors "*.example.com"
+
+## Trusted hosts
+
+By default, trusted hosts of Nextcloud will not be allowed for federated editing. This can be enabled through the following app config value:
+
+	occ config:app:set richdocuments federation_use_trusted_domains --value="yes"

lib/AppConfig.php

@@ -16,6 +16,10 @@
 
 class AppConfig {
 
+	public const FEDERATION_USE_TRUSTED_DOMAINS = 'federation_use_trusted_domains';
+
+	public const SYSTEM_GS_TRUSTED_HOSTS = 'gs.trustedHosts';
+
 	private $defaults = [
 		'wopi_url' => '',
 		'timeout' => 15,
@@ -107,4 +111,18 @@ public function getAppSettings() {
 		return $result;
 	}
 
+	/**
+	 * Returns a list of trusted domains from the gs.trustedHosts config
+	 */
+	public function getTrustedDomains(): array {
+		return $this->config->getSystemValue(self::SYSTEM_GS_TRUSTED_HOSTS, []);
+	}
+
+	/**
+	 * Returns if federation trusted domains should be always allowed for federated editing
+	 */
+	public function isTrustedDomainAllowedForFederation(): bool {
+		return $this->config->getAppValue(Application::APPNAME, self::FEDERATION_USE_TRUSTED_DOMAINS, 'no') === 'yes';
+	}
+
  }

lib/Service/FederationService.php

@@ -26,19 +26,17 @@
 
 use OCA\Federation\TrustedServers;
 use OCA\Files_Sharing\External\Storage as SharingExternalStorage;
+use OCA\Richdocuments\AppConfig;
 use OCA\Richdocuments\Db\Direct;
 use OCA\Richdocuments\Db\Wopi;
-use OCA\Richdocuments\Db\WopiMapper;
 use OCA\Richdocuments\TokenManager;
-use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\QueryException;
 use OCP\Files\File;
 use OCP\Files\InvalidPathException;
 use OCP\Files\NotFoundException;
 use OCP\Http\Client\IClientService;
 use OCP\ICache;
 use OCP\ICacheFactory;
-use OCP\IConfig;
 use OCP\ILogger;
 use OCP\IRequest;
 use OCP\IURLGenerator;
@@ -54,21 +52,21 @@ class FederationService {
 	private $logger;
 	/** @var TrustedServers */
 	private $trustedServers;
-	/** @var IConfig */
-	private $config;
+	/** @var AppConfig */
+	private $appConfig;
 	/** @var TokenManager */
 	private $tokenManager;
 	/** @var IRequest */
 	private $request;
 	/** @var IURLGenerator */
 	private $urlGenerator;
 
-	public function __construct(ICacheFactory $cacheFactory, IClientService $clientService, ILogger $logger, TokenManager $tokenManager, IConfig $config, IRequest $request, IURLGenerator $urlGenerator) {
+	public function __construct(ICacheFactory $cacheFactory, IClientService $clientService, ILogger $logger, TokenManager $tokenManager, AppConfig $appConfig, IRequest $request, IURLGenerator $urlGenerator) {
 		$this->cache = $cacheFactory->createDistributed('richdocuments_remote/');
 		$this->clientService = $clientService;
 		$this->logger = $logger;
 		$this->tokenManager = $tokenManager;
-		$this->config = $config;
+		$this->appConfig = $appConfig;
 		$this->request = $request;
 		$this->urlGenerator = $urlGenerator;
 		try {
@@ -114,13 +112,13 @@ public function isTrustedRemote($domainWithPort) {
 			$domainWithPort = parse_url($domainWithPort, PHP_URL_HOST) . ($port ? ':' . $port : '');
 		}
 
-		if ($this->trustedServers !== null && $this->trustedServers->isTrustedServer($domainWithPort)) {
+		if ($this->appConfig->isTrustedDomainAllowedForFederation() && $this->trustedServers !== null && $this->trustedServers->isTrustedServer($domainWithPort)) {
 			return true;
 		}
 
 		$domain = $this->getDomainWithoutPort($domainWithPort);
 
-		$trustedList = array_merge($this->config->getSystemValue('gs.trustedHosts', []), [$this->request->getServerHost()]);
+		$trustedList = array_merge($this->appConfig->getTrustedDomains(), [$this->request->getServerHost()]);
 		if (!is_array($trustedList)) {
 			return false;
 		}