[stable33] confirm federated teams enabled

lib/Controller/RemoteController.php

@@ -13,7 +13,9 @@
 
 use Exception;
 use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException;
+use OCA\Circles\ConfigLexicon;
 use OCA\Circles\Db\CircleRequest;
+use OCA\Circles\Exceptions\FederatedEventException;
 use OCA\Circles\Exceptions\FederatedItemException;
 use OCA\Circles\Exceptions\FederatedUserException;
 use OCA\Circles\Exceptions\FederatedUserNotFoundException;
@@ -48,6 +50,7 @@
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Services\IAppConfig;
 use OCP\IRequest;
 use OCP\IUserSession;
 
@@ -60,77 +63,22 @@ class RemoteController extends Controller {
 	use TNCLocalSignatory;
 	use TDeserialize;
 
-
-	/** @var CircleRequest */
-	private $circleRequest;
-
-	/** @var RemoteStreamService */
-	private $remoteStreamService;
-
-	/** @var RemoteDownstreamService */
-	private $remoteDownstreamService;
-
-	/** @var FederatedUserService */
-	private $federatedUserService;
-
-	/** @var CircleService */
-	private $circleService;
-
-	/** @var MemberService */
-	private $memberService;
-
-	/** @var MembershipService */
-	private $membershipService;
-
-	/** @var InterfaceService */
-	private $interfaceService;
-
-	/** @var ConfigService */
-	private $configService;
-
-	/** @var IUserSession */
-	private $userSession;
-
-	/**
-	 * RemoteController constructor.
-	 *
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param CircleRequest $circleRequest
-	 * @param RemoteStreamService $remoteStreamService
-	 * @param RemoteDownstreamService $remoteDownstreamService
-	 * @param FederatedUserService $federatedUserService
-	 * @param CircleService $circleService
-	 * @param MemberService $memberService
-	 * @param MembershipService $membershipService
-	 * @param InterfaceService $interfaceService
-	 * @param ConfigService $configService
-	 */
 	public function __construct(
 		string $appName,
 		IRequest $request,
-		CircleRequest $circleRequest,
-		RemoteStreamService $remoteStreamService,
-		RemoteDownstreamService $remoteDownstreamService,
-		FederatedUserService $federatedUserService,
-		CircleService $circleService,
-		MemberService $memberService,
-		MembershipService $membershipService,
-		InterfaceService $interfaceService,
-		ConfigService $configService,
-		IUserSession $userSession,
+		private readonly CircleRequest $circleRequest,
+		private readonly IAppConfig $appConfig,
+		private readonly RemoteStreamService $remoteStreamService,
+		private readonly RemoteDownstreamService $remoteDownstreamService,
+		private readonly FederatedUserService $federatedUserService,
+		private readonly CircleService $circleService,
+		private readonly MemberService $memberService,
+		private readonly MembershipService $membershipService,
+		private readonly InterfaceService $interfaceService,
+		private readonly ConfigService $configService,
+		private readonly IUserSession $userSession,
 	) {
 		parent::__construct($appName, $request);
-		$this->circleRequest = $circleRequest;
-		$this->remoteStreamService = $remoteStreamService;
-		$this->remoteDownstreamService = $remoteDownstreamService;
-		$this->federatedUserService = $federatedUserService;
-		$this->circleService = $circleService;
-		$this->memberService = $memberService;
-		$this->membershipService = $membershipService;
-		$this->interfaceService = $interfaceService;
-		$this->configService = $configService;
-		$this->userSession = $userSession;
 
 		$this->setup('app', 'circles');
 		$this->setupArray('enforceSignatureHeaders', ['digest', 'content-length']);
@@ -412,11 +360,16 @@ public function memberships(string $circleId): DataResponse {
 	 * @throws SignatoryException
 	 * @throws SignatureException
 	 * @throws UnknownInterfaceException
+	 * @throws FederatedEventException
 	 */
 	private function extractEventFromRequest(): FederatedEvent {
 		// will throw exception if instance is not configured for this event.
 		$this->interfaceService->setCurrentInterfaceFromRequest($this->request);
-		$this->interfaceService->getCurrentInterface();
+		$iface = $this->interfaceService->getCurrentInterface();
+		if ($iface === InterfaceService::IFACE_FRONTAL &&
+			!$this->appConfig->getAppValueBool(ConfigLexicon::FEDERATED_TEAMS_ENABLED)) {
+			throw new FederatedEventException('frontal interface is not enabled');
+		}
 
 		$signed = $this->remoteStreamService->incomingSignedRequest();
 		$this->confirmRemoteInstance($signed);

lib/FederatedItems/SingleMemberAdd.php

@@ -12,6 +12,7 @@
 namespace OCA\Circles\FederatedItems;
 
 use OC\User\NoUserException;
+use OCA\Circles\ConfigLexicon;
 use OCA\Circles\Db\MemberRequest;
 use OCA\Circles\Exceptions\CircleNotFoundException;
 use OCA\Circles\Exceptions\FederatedItemBadRequestException;
@@ -47,6 +48,7 @@
 use OCA\Circles\Service\ConfigService;
 use OCA\Circles\Service\EventService;
 use OCA\Circles\Service\FederatedUserService;
+use OCA\Circles\Service\InterfaceService;
 use OCA\Circles\Service\MaintenanceService;
 use OCA\Circles\Service\MemberService;
 use OCA\Circles\Service\MembershipService;
@@ -55,6 +57,7 @@
 use OCA\Circles\Tools\Traits\TDeserialize;
 use OCA\Circles\Tools\Traits\TNCLogger;
 use OCA\Circles\Tools\Traits\TStringTools;
+use OCP\AppFramework\Services\IAppConfig;
 use OCP\IUserManager;
 
 /**
@@ -74,6 +77,7 @@ class SingleMemberAdd implements
 
 	public function __construct(
 		protected IUserManager $userManager,
+		protected IAppConfig $appConfig,
 		protected MemberRequest $memberRequest,
 		protected FederatedUserService $federatedUserService,
 		protected RemoteStreamService $remoteStreamService,
@@ -223,6 +227,12 @@ protected function generateMember(FederatedEvent $event, Circle $circle, Member
 					throw new FederatedItemBadRequestException(StatusCode::$MEMBER_ADD[127], 127);
 				}
 			}
+
+			$remoteInstance = $this->remoteStreamService->getCachedRemoteInstance($member->getInstance());
+			if (($remoteInstance->getInterface() === InterfaceService::IFACE_FRONTAL) &&
+				!$this->appConfig->getAppValueBool(ConfigLexicon::FEDERATED_TEAMS_ENABLED)) {
+				throw new FederatedItemBadRequestException(StatusCode::$MEMBER_ADD[133], 133);
+			}
 		}
 
 		$member->importFromIFederatedUser($federatedUser);

lib/Service/FederatedEventService.php

@@ -11,6 +11,7 @@
 namespace OCA\Circles\Service;
 
 use OC;
+use OCA\Circles\ConfigLexicon;
 use OCA\Circles\Db\EventWrapperRequest;
 use OCA\Circles\Db\MemberRequest;
 use OCA\Circles\Db\RemoteRequest;
@@ -53,6 +54,7 @@
 use OCA\Circles\Tools\Model\Request;
 use OCA\Circles\Tools\Traits\TNCRequest;
 use OCA\Circles\Tools\Traits\TStringTools;
+use OCP\AppFramework\Services\IAppConfig;
 use OCP\Server;
 use ReflectionClass;
 use ReflectionException;
@@ -66,64 +68,19 @@ class FederatedEventService extends NCSignature {
 	use TNCRequest;
 	use TStringTools;
 
-
-	/** @var EventWrapperRequest */
-	private $eventWrapperRequest;
-
-	/** @var RemoteRequest */
-	private $remoteRequest;
-
-	/** @var ShareLockRequest */
-	private $shareLockRequest;
-
-	/** @var MemberRequest */
-	private $memberRequest;
-
-	/** @var RemoteUpstreamService */
-	private $remoteUpstreamService;
-
-	/** @var EventService */
-	private $eventService;
-
-	/** @var InterfaceService */
-	private $interfaceService;
-
-	/** @var ConfigService */
-	private $configService;
-
-
-	/**
-	 * FederatedEventService constructor.
-	 *
-	 * @param EventWrapperRequest $eventWrapperRequest
-	 * @param RemoteRequest $remoteRequest
-	 * @param MemberRequest $memberRequest
-	 * @param ShareLockRequest $shareLockRequest
-	 * @param RemoteUpstreamService $remoteUpstreamService
-	 * @param InterfaceService $interfaceService
-	 * @param ConfigService $configService
-	 */
 	public function __construct(
-		EventWrapperRequest $eventWrapperRequest,
-		RemoteRequest $remoteRequest,
-		MemberRequest $memberRequest,
-		ShareLockRequest $shareLockRequest,
-		RemoteUpstreamService $remoteUpstreamService,
-		EventService $eventService,
-		InterfaceService $interfaceService,
-		ConfigService $configService,
+		private readonly IAppConfig $appConfig,
+		private readonly EventWrapperRequest $eventWrapperRequest,
+		private readonly RemoteRequest $remoteRequest,
+		private readonly MemberRequest $memberRequest,
+		private readonly ShareLockRequest $shareLockRequest,
+		private readonly RemoteUpstreamService $remoteUpstreamService,
+		private readonly EventService $eventService,
+		private readonly InterfaceService $interfaceService,
+		private readonly ConfigService $configService,
 	) {
-		$this->eventWrapperRequest = $eventWrapperRequest;
-		$this->remoteRequest = $remoteRequest;
-		$this->shareLockRequest = $shareLockRequest;
-		$this->memberRequest = $memberRequest;
-		$this->remoteUpstreamService = $remoteUpstreamService;
-		$this->eventService = $eventService;
-		$this->interfaceService = $interfaceService;
-		$this->configService = $configService;
 	}
 
-
 	/**
 	 * Called when creating a new Event.
 	 * This method will manage the event locally and upstream the payload if needed.
@@ -409,6 +366,11 @@ public function initBroadcast(FederatedEvent $event): bool {
 				break;
 			}
 
+			if ($instance->getInterface() === InterfaceService::IFACE_FRONTAL &&
+				!$this->appConfig->getAppValueBool(ConfigLexicon::FEDERATED_TEAMS_ENABLED)) {
+				break;
+			}
+
 			if (in_array($instance->getInstance(), $avoidDuplicate, true)) {
 				Server::get(\Psr\Log\LoggerInterface::class)->warning('duplicate instance, please verify the setup of Federated Teams', ['duplicate' => $avoidDuplicate, 'loopback' => $this->configService->getLoopbackInstance(), 'instance' => $instance->getInstance(), 'interface' => $instance->getInterface()]);
 				continue;

lib/StatusCode.php

@@ -50,7 +50,8 @@ class StatusCode {
 		129 => 'Member does not contains a patron',
 		130 => 'Member is invited by an entity that does not belongs to the instance at the origin of the request',
 		131 => 'Member is a non-local Team',
-		132 => 'Member type not allowed'
+		132 => 'Member type not allowed',
+		133 => 'Federated Teams are disabled'
 	];
 
 	public static $CIRCLE_DESTROY = [