From 1c38f8952fe7e68dd45ca4e495f8070ffad1e0af Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 15 Jan 2024 15:39:45 +0100 Subject: [PATCH] fix(appstore): Only send subscription keys to valid appstores Signed-off-by: Joas Schilling --- lib/private/App/AppStore/Fetcher/Fetcher.php | 11 ++- .../App/AppStore/Fetcher/AppFetcherTest.php | 95 ++++++++++++++++++- 2 files changed, 100 insertions(+), 6 deletions(-) diff --git a/lib/private/App/AppStore/Fetcher/Fetcher.php b/lib/private/App/AppStore/Fetcher/Fetcher.php index 3e76ab2d5dae7..a693804f50fbb 100644 --- a/lib/private/App/AppStore/Fetcher/Fetcher.php +++ b/lib/private/App/AppStore/Fetcher/Fetcher.php @@ -109,10 +109,13 @@ protected function fetch($ETag, $content) { ]; } - // If we have a valid subscription key, send it to the appstore - $subscriptionKey = $this->config->getAppValue('support', 'subscription_key'); - if ($this->registry->delegateHasValidSubscription() && $subscriptionKey) { - $options['headers']['X-NC-Subscription-Key'] = $subscriptionKey; + if ($this->config->getSystemValueString('appstoreurl', 'https://apps.nextcloud.com/api/v1') === 'https://apps.nextcloud.com/api/v1') { + // If we have a valid subscription key, send it to the appstore + $subscriptionKey = $this->config->getAppValue('support', 'subscription_key'); + if ($this->registry->delegateHasValidSubscription() && $subscriptionKey) { + $options['headers'] ??= []; + $options['headers']['X-NC-Subscription-Key'] = $subscriptionKey; + } } $client = $this->clientService->newClient(); diff --git a/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php b/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php index 39b0a699092b5..0f279c6f88423 100644 --- a/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php +++ b/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php @@ -2094,6 +2094,95 @@ public function testSetVersion() { } public function testGetAppsAllowlist() { + $this->config->method('getSystemValueString') + ->willReturnCallback(function ($key, $default) { + if ($key === 'version') { + return '11.0.0.2'; + } else { + return $default; + } + }); + $this->config->method('getSystemValue') + ->willReturnCallback(function ($key, $default) { + if ($key === 'appsallowlist') { + return ['contacts']; + } + return $default; + }); + $this->config->method('getAppValue') + ->willReturnCallback(function ($app, $key, $default) { + if ($app === 'support' && $key === 'subscription_key') { + return 'subscription-key'; + } + return $default; + }); + $this->config + ->method('getSystemValueBool') + ->willReturnArgument(1); + + $file = $this->createMock(ISimpleFile::class); + $folder = $this->createMock(ISimpleFolder::class); + $folder + ->expects($this->once()) + ->method('getFile') + ->with('apps.json') + ->willThrowException(new NotFoundException()); + $folder + ->expects($this->once()) + ->method('newFile') + ->with('apps.json') + ->willReturn($file); + $this->appData + ->expects($this->once()) + ->method('getFolder') + ->with('/') + ->willReturn($folder); + $client = $this->createMock(IClient::class); + $this->clientService + ->expects($this->once()) + ->method('newClient') + ->willReturn($client); + $response = $this->createMock(IResponse::class); + $client + ->expects($this->once()) + ->method('get') + ->with('https://apps.nextcloud.com/api/v1/apps.json', [ + 'timeout' => 60, + 'headers' => [ + 'X-NC-Subscription-Key' => 'subscription-key', + ], + ]) + ->willReturn($response); + $response + ->expects($this->once()) + ->method('getBody') + ->willReturn(self::$responseJson); + $response->method('getHeader') + ->with($this->equalTo('ETag')) + ->willReturn('"myETag"'); + $this->timeFactory + ->expects($this->once()) + ->method('getTime') + ->willReturn(1234); + + $this->registry + ->expects($this->exactly(2)) + ->method('delegateHasValidSubscription') + ->willReturn(true); + + $file + ->expects($this->once()) + ->method('putContent'); + $file + ->method('getContent') + ->willReturn(json_encode(self::$expectedResponse)); + + $apps = array_values($this->fetcher->get()); + $this->assertEquals(count($apps), 1); + $this->assertEquals($apps[0]['id'], 'contacts'); + } + + public function testGetAppsAllowlistCustomAppstore(): void { $this->config->method('getSystemValueString') ->willReturnCallback(function ($key, $default) { if ($key === 'version') { @@ -2142,7 +2231,9 @@ public function testGetAppsAllowlist() { $client ->expects($this->once()) ->method('get') - ->with('https://custom.appsstore.endpoint/api/v1/apps.json') + ->with('https://custom.appsstore.endpoint/api/v1/apps.json', [ + 'timeout' => 60, + ]) ->willReturn($response); $response ->expects($this->once()) @@ -2157,7 +2248,7 @@ public function testGetAppsAllowlist() { ->willReturn(1234); $this->registry - ->expects($this->exactly(2)) + ->expects($this->exactly(1)) ->method('delegateHasValidSubscription') ->willReturn(true);