Skip to content

Commit

Permalink
Merge pull request #129 from astrairidium/http-verify
Browse files Browse the repository at this point in the history 
Add admin option to control HTTPS verification.
  • Loading branch information
@fancycode
fancycode committed May 8, 2023
2 parents a1a828b + f185a11 commit 50d6034
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 20 deletions.
28 changes: 8 additions & 20 deletions lib/Client.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
class Client {
private LoggerInterface $logger;
private IClientService $clientService;
private Config $config;
private Tokens $tokens;
private string $nextcloudVersion;
private string $appVersion;
Expand All @@ -42,9 +43,11 @@ public function __construct(LoggerInterface $logger,
IClientService $clientService,
IAppManager $appManager,
IConfig $systemConfig,
Config $config,
Tokens $tokens) {
$this->logger = $logger;
$this->clientService = $clientService;
$this->config = $config;
$this->tokens = $tokens;
$this->appVersion = $appManager->getAppVersion(Application::APP_ID);
$this->nextcloudVersion = $systemConfig->getSystemValueString('version', '0.0.0');
Expand Down Expand Up @@ -97,10 +100,7 @@ public function shareFile(File $file, array $recipients, ?array $metadata, array
$response = $client->post($server . 'api/v1/files/' . rawurlencode($account['id']), [
'headers' => $headers,
'multipart' => $multipart,
'verify' => false,
'nextcloud' => [
'allow_local_address' => true,
],
'verify' => !$this->config->insecureSkipVerify(),
]);
$body = $response->getBody();
return json_decode($body, true);
Expand All @@ -117,10 +117,7 @@ public function signFile(string $id, array $multipart, array $account, string $s
$response = $client->post($server . 'api/v1/files/' . rawurlencode($account['id']) . '/sign/' . rawurlencode($id), [
'headers' => $headers,
'multipart' => $multipart,
'verify' => false,
'nextcloud' => [
'allow_local_address' => true,
],
'verify' => !$this->config->insecureSkipVerify(),
]);
$body = $response->getBody();
return json_decode($body, true);
Expand All @@ -136,10 +133,7 @@ public function deleteFile(string $id, array $account, string $server): array {
]);
$response = $client->delete($server . 'api/v1/files/' . rawurlencode($account['id']) . '/' . rawurlencode($id), [
'headers' => $headers,
'verify' => false,
'nextcloud' => [
'allow_local_address' => true,
],
'verify' => !$this->config->insecureSkipVerify(),
]);
$body = $response->getBody();
return json_decode($body, true);
Expand Down Expand Up @@ -175,10 +169,7 @@ public function downloadSignedFile(string $id, array $account, string $server) {
$client = $this->clientService->newClient();
$response = $client->get($url, [
'headers' => $headers,
'verify' => false,
'nextcloud' => [
'allow_local_address' => true,
],
'verify' => !$this->config->insecureSkipVerify(),
]);
$body = $response->getBody();
return $body;
Expand All @@ -196,10 +187,7 @@ public function getSignatureDetails(string $id, array $account, string $server,
$client = $this->clientService->newClient();
$response = $client->get($url, [
'headers' => $headers,
'verify' => false,
'nextcloud' => [
'allow_local_address' => true,
],
'verify' => !$this->config->insecureSkipVerify(),
]);
$body = $response->getBody();
return $body;
Expand Down
4 changes: 4 additions & 0 deletions lib/Config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ public function isIntranetInstance(): bool {
return $this->config->getAppValue('esig', 'intranet_instance', 'false') === 'true';
}

public function insecureSkipVerify(): bool {
return $this->config->getAppValue('esig', 'insecure_skip_verify', 'false') === 'true';
}

public function getSignatureImage(IUser $user): ?ISimpleFile {
try {
$folder = $this->appData->getFolder($user->getUID());
Expand Down
1 change: 1 addition & 0 deletions lib/Settings/Admin/AdminSettings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ public function getForm(): TemplateResponse {
$this->initialState->provideInitialState('settings', [
'signed_save_mode' => $this->config->getSignedSaveMode(),
'intranet_instance' => $this->config->isIntranetInstance(),
'insecure_skip_verify' => $this->config->insecureSkipVerify(),
'delete_max_age' => $this->config->getDeleteMaxAge(),
]);

Expand Down
28 changes: 28 additions & 0 deletions src/components/AdminSettings/InstanceSettings.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@
{{ t('esig', 'If this is set, links to the instance will not be sent to external users.') }}
</NcCheckboxRadioSwitch>
</div>
<div>
<NcCheckboxRadioSwitch :checked.sync="settings.insecure_skip_verify"
type="switch"
@update:checked="debounceUpdateInsecureVerify">
{{ t('esig', 'Skip verification of certificates when communicating with the backend service.') }}
{{ t('esig', 'This is potentially insecure and should only be enabled during development (if necessary).') }}
</NcCheckboxRadioSwitch>
</div>
</NcSettingsSection>
</template>

Expand Down Expand Up @@ -78,6 +86,26 @@ export default {
},
})
},
debounceUpdateInsecureVerify: debounce(function() {
this.updateInsecureSkipVerify()
}, 500),
updateInsecureSkipVerify() {
this.loading = true
const self = this
OCP.AppConfig.setValue('esig', 'insecure_skip_verify', this.settings.insecure_skip_verify, {
success() {
showSuccess(t('esig', 'Settings saved'))
self.loading = false
},
error() {
showError(t('esig', 'Could not save settings'))
self.loading = false
},
})
},
},
}
</script>

0 comments on commit 50d6034

Please sign in to comment.