Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default HTTPS for fed sharing & config option for allowing fallback #30198

Merged
merged 1 commit into from
Feb 26, 2018
Merged

Default HTTPS for fed sharing & config option for allowing fallback #30198

merged 1 commit into from
Feb 26, 2018

Conversation

tomneedham
Copy link
Member

Description

Only uses HTTPS for federated share communication - unless admins explicitly allow HTTP (useful for testing as well)

Related Issue

Potential for users to setup shares via HTTP with unsecure servers without the admin knowing.

Motivation and Context

MITM

How Has This Been Tested?

not yet

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@tomneedham tomneedham added this to the development milestone Jan 19, 2018
@tomneedham tomneedham self-assigned this Jan 19, 2018
mmattel
mmattel reviewed Jan 22, 2018
View reviewed changes
lib/private/Share/Share.php Outdated
@@ -2666,6 +2666,7 @@ public static function removeProtocolFromUrl($url) {
* @return array
*/
private static function tryHttpPostToShareEndpoint($remoteDomain, $urlSuffix, array $fields) {
$allowHttpFallback = \OC::$server->getConfig()->getSystemValue('sharing.federation.allowHttpFallback', 'no') === 'yes';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In config.sample.php above you have as values true/false but here you use yes/no.
Suggesting to use true/false homogeniously.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mmattel for the spot. I was originally using appconfig but concluded on config.php so we can use booleans here. Updated the PR to reflect this.

@codecov
Copy link

codecov bot commented Jan 29, 2018
edited
Loading

Codecov Report

Merging #30198 into master will increase coverage by <.01%.
The diff coverage is 69.23%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #30198      +/-   ##
============================================
+ Coverage     61.84%   61.84%   +<.01%     
- Complexity    19064    19065       +1     
============================================
  Files          1091     1091              
  Lines         61480    61486       +6     
============================================
+ Hits          38020    38026       +6     
  Misses        23460    23460
Impacted Files Coverage Δ Complexity Δ
lib/private/Share/Share.php 67.12% <69.23%> (+0.13%) 508 <0> (+1) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e380896...54b4c02. Read the comment docs.

@PVince81
Copy link
Contributor

PVince81 commented Feb 8, 2018

Triple CI failure due to bad luck.

Please rebase and solve conflict and be more lucky

@tomneedham
Copy link
Member Author

rebased, squashed and resolved conflict - let's wait for CI

@PVince81
Copy link
Contributor 

12:49:08 1) Test\Share\ShareTest::testRemoteShareUrlCalls with data set #0 ('admin@localhost', 'localhost', false, false)
12:49:08 Exception: Sharing test.txt failed, could not find admin@localhost, check spelling and server availability.
12:49:08 
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/private/Share/Share.php:919
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/public/Share.php:267
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/tests/lib/Share/ShareTest.php:973
12:49:08 
12:49:08 2) Test\Share\ShareTest::testRemoteShareUrlCalls with data set #1 ('admin@https://localhost', 'localhost', false, false)
12:49:08 Exception: Sharing test.txt failed, could not find admin@https://localhost, check spelling and server availability.
12:49:08 
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/private/Share/Share.php:919
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/public/Share.php:267
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/tests/lib/Share/ShareTest.php:973
12:49:08 
12:49:08 3) Test\Share\ShareTest::testRemoteShareUrlCalls with data set #3 ('admin@localhost/subFolder', 'localhost/subFolder', false, false)
12:49:08 Exception: Sharing test.txt failed, could not find admin@localhost/subFolder, check spelling and server availability.
12:49:08 
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/private/Share/Share.php:919
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/public/Share.php:267
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/tests/lib/Share/ShareTest.php:973
12:49:08 
12:49:08 4) Test\Share\ShareTest::testRemoteShareUrlCalls with data set #4 ('admin@localhost/subFolder', 'localhost/subFolder', false, false)
12:49:08 Exception: Sharing test.txt failed, could not find admin@localhost/subFolder, check spelling and server availability.
12:49:08 
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/private/Share/Share.php:919
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/lib/public/Share.php:267
12:49:08 /var/lib/jenkins/workspace/owncloud-core_core_PR-30198-OBFZEBOE7XKCZTFDCCEZHK2P56TXDW23OPZENHUDKP2Z245D372Q/tests/lib/Share/ShareTest.php:973

@tomneedham
Copy link
Member Author

Fixed the failing tests - runs fine locally.

@PVince81
Copy link
Contributor

hmm there are still failures:

1) Test\Share\ShareTest::testRemoteShareUrlCalls with data set #0 ('admin@localhost', 'localhost', false, false)
Exception: Sharing test.txt failed, could not find admin@localhost, check spelling and server availability.

/drone/src/lib/private/Share/Share.php:919
/drone/src/lib/public/Share.php:267
/drone/src/tests/lib/Share/ShareTest.php:973

@PVince81
Copy link
Contributor

Running all tests locally with PHP 7.1 and sqlite does not produce this error. I even shut down my local web server in case it was trying to connect there...

Mystery...

Let's rebase this anyway as we have library updates on master

@PVince81
Copy link
Contributor

@ownclouders rebase

@ownclouders
Copy link
Contributor

Hey! I'm GitMate.io! This pull request is being rebased automatically. Please DO NOT push while rebase is in progress or your changes would be lost permanently ⚠️

@ownclouders
Copy link
Contributor

Automated rebase with GitMate.io was successful! 🎉

@PVince81
Copy link
Contributor

tests still pass locally...

@PVince81 PVince81 merged commit 4f0c6df into master Feb 26, 2018
@PVince81 PVince81 deleted the https-fed-sharing branch February 26, 2018 13:04
@PVince81
Copy link
Contributor

PVince81 commented Feb 26, 2018
edited
Loading

@tomneedham please backport

@tomneedham tomneedham mentioned this pull request Feb 28, 2018
Merged
@phil-davis
Copy link
Contributor

Backport stable10 #30646

@PVince81 PVince81 mentioned this pull request Apr 19, 2018
Closed
@PVince81
Copy link
Contributor

Not working, raised here #31194

@PVince81 PVince81 mentioned this pull request Apr 25, 2018
Closed
@ownclouders ownclouders mentioned this pull request Jul 5, 2018
Closed
@lock
Copy link

lock bot commented Jul 31, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jul 31, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mmattel mmattel mmattel left review comments

@PVince81 PVince81 Awaiting requested review from PVince81

Assignees

@tomneedham tomneedham

Labels
3 - To Review app:federation feature:federated-cloud-sharing
Projects
None yet
Milestone
10.0.8
Development

Successfully merging this pull request may close these issues.
5 participants
@tomneedham @PVince81 @ownclouders @phil-davis @mmattel