diff --git a/lib/Controller/RemoteController.php b/lib/Controller/RemoteController.php index cab9721df..8961996ef 100644 --- a/lib/Controller/RemoteController.php +++ b/lib/Controller/RemoteController.php @@ -13,7 +13,9 @@ use Exception; use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException; +use OCA\Circles\ConfigLexicon; use OCA\Circles\Db\CircleRequest; +use OCA\Circles\Exceptions\FederatedEventException; use OCA\Circles\Exceptions\FederatedItemException; use OCA\Circles\Exceptions\FederatedUserException; use OCA\Circles\Exceptions\FederatedUserNotFoundException; @@ -48,6 +50,7 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\Services\IAppConfig; use OCP\IRequest; use OCP\IUserSession; @@ -60,77 +63,22 @@ class RemoteController extends Controller { use TNCLocalSignatory; use TDeserialize; - - /** @var CircleRequest */ - private $circleRequest; - - /** @var RemoteStreamService */ - private $remoteStreamService; - - /** @var RemoteDownstreamService */ - private $remoteDownstreamService; - - /** @var FederatedUserService */ - private $federatedUserService; - - /** @var CircleService */ - private $circleService; - - /** @var MemberService */ - private $memberService; - - /** @var MembershipService */ - private $membershipService; - - /** @var InterfaceService */ - private $interfaceService; - - /** @var ConfigService */ - private $configService; - - /** @var IUserSession */ - private $userSession; - - /** - * RemoteController constructor. - * - * @param string $appName - * @param IRequest $request - * @param CircleRequest $circleRequest - * @param RemoteStreamService $remoteStreamService - * @param RemoteDownstreamService $remoteDownstreamService - * @param FederatedUserService $federatedUserService - * @param CircleService $circleService - * @param MemberService $memberService - * @param MembershipService $membershipService - * @param InterfaceService $interfaceService - * @param ConfigService $configService - */ public function __construct( string $appName, IRequest $request, - CircleRequest $circleRequest, - RemoteStreamService $remoteStreamService, - RemoteDownstreamService $remoteDownstreamService, - FederatedUserService $federatedUserService, - CircleService $circleService, - MemberService $memberService, - MembershipService $membershipService, - InterfaceService $interfaceService, - ConfigService $configService, - IUserSession $userSession, + private readonly CircleRequest $circleRequest, + private readonly IAppConfig $appConfig, + private readonly RemoteStreamService $remoteStreamService, + private readonly RemoteDownstreamService $remoteDownstreamService, + private readonly FederatedUserService $federatedUserService, + private readonly CircleService $circleService, + private readonly MemberService $memberService, + private readonly MembershipService $membershipService, + private readonly InterfaceService $interfaceService, + private readonly ConfigService $configService, + private readonly IUserSession $userSession, ) { parent::__construct($appName, $request); - $this->circleRequest = $circleRequest; - $this->remoteStreamService = $remoteStreamService; - $this->remoteDownstreamService = $remoteDownstreamService; - $this->federatedUserService = $federatedUserService; - $this->circleService = $circleService; - $this->memberService = $memberService; - $this->membershipService = $membershipService; - $this->interfaceService = $interfaceService; - $this->configService = $configService; - $this->userSession = $userSession; $this->setup('app', 'circles'); $this->setupArray('enforceSignatureHeaders', ['digest', 'content-length']); @@ -412,11 +360,16 @@ public function memberships(string $circleId): DataResponse { * @throws SignatoryException * @throws SignatureException * @throws UnknownInterfaceException + * @throws FederatedEventException */ private function extractEventFromRequest(): FederatedEvent { // will throw exception if instance is not configured for this event. $this->interfaceService->setCurrentInterfaceFromRequest($this->request); - $this->interfaceService->getCurrentInterface(); + $iface = $this->interfaceService->getCurrentInterface(); + if ($iface === InterfaceService::IFACE_FRONTAL && + !$this->appConfig->getAppValueBool(ConfigLexicon::FEDERATED_TEAMS_ENABLED)) { + throw new FederatedEventException('frontal interface is not enabled'); + } $signed = $this->remoteStreamService->incomingSignedRequest(); $this->confirmRemoteInstance($signed); diff --git a/lib/FederatedItems/SingleMemberAdd.php b/lib/FederatedItems/SingleMemberAdd.php index 4bada08ca..a6dbc8cda 100644 --- a/lib/FederatedItems/SingleMemberAdd.php +++ b/lib/FederatedItems/SingleMemberAdd.php @@ -12,6 +12,7 @@ namespace OCA\Circles\FederatedItems; use OC\User\NoUserException; +use OCA\Circles\ConfigLexicon; use OCA\Circles\Db\MemberRequest; use OCA\Circles\Exceptions\CircleNotFoundException; use OCA\Circles\Exceptions\FederatedItemBadRequestException; @@ -47,6 +48,7 @@ use OCA\Circles\Service\ConfigService; use OCA\Circles\Service\EventService; use OCA\Circles\Service\FederatedUserService; +use OCA\Circles\Service\InterfaceService; use OCA\Circles\Service\MaintenanceService; use OCA\Circles\Service\MemberService; use OCA\Circles\Service\MembershipService; @@ -55,6 +57,7 @@ use OCA\Circles\Tools\Traits\TDeserialize; use OCA\Circles\Tools\Traits\TNCLogger; use OCA\Circles\Tools\Traits\TStringTools; +use OCP\AppFramework\Services\IAppConfig; use OCP\IUserManager; /** @@ -74,6 +77,7 @@ class SingleMemberAdd implements public function __construct( protected IUserManager $userManager, + protected IAppConfig $appConfig, protected MemberRequest $memberRequest, protected FederatedUserService $federatedUserService, protected RemoteStreamService $remoteStreamService, @@ -223,6 +227,12 @@ protected function generateMember(FederatedEvent $event, Circle $circle, Member throw new FederatedItemBadRequestException(StatusCode::$MEMBER_ADD[127], 127); } } + + $remoteInstance = $this->remoteStreamService->getCachedRemoteInstance($member->getInstance()); + if (($remoteInstance->getInterface() === InterfaceService::IFACE_FRONTAL) && + !$this->appConfig->getAppValueBool(ConfigLexicon::FEDERATED_TEAMS_ENABLED)) { + throw new FederatedItemBadRequestException(StatusCode::$MEMBER_ADD[133], 133); + } } $member->importFromIFederatedUser($federatedUser); diff --git a/lib/Service/FederatedEventService.php b/lib/Service/FederatedEventService.php index 1fff7850f..c70191fea 100644 --- a/lib/Service/FederatedEventService.php +++ b/lib/Service/FederatedEventService.php @@ -11,6 +11,7 @@ namespace OCA\Circles\Service; use OC; +use OCA\Circles\ConfigLexicon; use OCA\Circles\Db\EventWrapperRequest; use OCA\Circles\Db\MemberRequest; use OCA\Circles\Db\RemoteRequest; @@ -53,6 +54,7 @@ use OCA\Circles\Tools\Model\Request; use OCA\Circles\Tools\Traits\TNCRequest; use OCA\Circles\Tools\Traits\TStringTools; +use OCP\AppFramework\Services\IAppConfig; use OCP\Server; use ReflectionClass; use ReflectionException; @@ -66,64 +68,19 @@ class FederatedEventService extends NCSignature { use TNCRequest; use TStringTools; - - /** @var EventWrapperRequest */ - private $eventWrapperRequest; - - /** @var RemoteRequest */ - private $remoteRequest; - - /** @var ShareLockRequest */ - private $shareLockRequest; - - /** @var MemberRequest */ - private $memberRequest; - - /** @var RemoteUpstreamService */ - private $remoteUpstreamService; - - /** @var EventService */ - private $eventService; - - /** @var InterfaceService */ - private $interfaceService; - - /** @var ConfigService */ - private $configService; - - - /** - * FederatedEventService constructor. - * - * @param EventWrapperRequest $eventWrapperRequest - * @param RemoteRequest $remoteRequest - * @param MemberRequest $memberRequest - * @param ShareLockRequest $shareLockRequest - * @param RemoteUpstreamService $remoteUpstreamService - * @param InterfaceService $interfaceService - * @param ConfigService $configService - */ public function __construct( - EventWrapperRequest $eventWrapperRequest, - RemoteRequest $remoteRequest, - MemberRequest $memberRequest, - ShareLockRequest $shareLockRequest, - RemoteUpstreamService $remoteUpstreamService, - EventService $eventService, - InterfaceService $interfaceService, - ConfigService $configService, + private readonly IAppConfig $appConfig, + private readonly EventWrapperRequest $eventWrapperRequest, + private readonly RemoteRequest $remoteRequest, + private readonly MemberRequest $memberRequest, + private readonly ShareLockRequest $shareLockRequest, + private readonly RemoteUpstreamService $remoteUpstreamService, + private readonly EventService $eventService, + private readonly InterfaceService $interfaceService, + private readonly ConfigService $configService, ) { - $this->eventWrapperRequest = $eventWrapperRequest; - $this->remoteRequest = $remoteRequest; - $this->shareLockRequest = $shareLockRequest; - $this->memberRequest = $memberRequest; - $this->remoteUpstreamService = $remoteUpstreamService; - $this->eventService = $eventService; - $this->interfaceService = $interfaceService; - $this->configService = $configService; } - /** * Called when creating a new Event. * This method will manage the event locally and upstream the payload if needed. @@ -409,6 +366,11 @@ public function initBroadcast(FederatedEvent $event): bool { break; } + if ($instance->getInterface() === InterfaceService::IFACE_FRONTAL && + !$this->appConfig->getAppValueBool(ConfigLexicon::FEDERATED_TEAMS_ENABLED)) { + break; + } + if (in_array($instance->getInstance(), $avoidDuplicate, true)) { Server::get(\Psr\Log\LoggerInterface::class)->warning('duplicate instance, please verify the setup of Federated Teams', ['duplicate' => $avoidDuplicate, 'loopback' => $this->configService->getLoopbackInstance(), 'instance' => $instance->getInstance(), 'interface' => $instance->getInterface()]); continue; diff --git a/lib/StatusCode.php b/lib/StatusCode.php index 0d9c2a901..facddbbf4 100644 --- a/lib/StatusCode.php +++ b/lib/StatusCode.php @@ -50,7 +50,8 @@ class StatusCode { 129 => 'Member does not contains a patron', 130 => 'Member is invited by an entity that does not belongs to the instance at the origin of the request', 131 => 'Member is a non-local Team', - 132 => 'Member type not allowed' + 132 => 'Member type not allowed', + 133 => 'Federated Teams are disabled' ]; public static $CIRCLE_DESTROY = [