nextcloud · skjnldsv · Dec 20, 2024 · Dec 20, 2024 · Dec 26, 2024 · Dec 27, 2024
diff --git a/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php b/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php
@@ -39,9 +39,6 @@
 #[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)]
 class RequestHandlerController extends OCSController {
 
-	/** @var string */
-	private $shareTable = 'share';
-
 	public function __construct(
 		string $appName,
 		IRequest $request,

diff --git a/apps/federatedfilesharing/lib/FederatedShareProvider.php b/apps/federatedfilesharing/lib/FederatedShareProvider.php
@@ -999,6 +999,11 @@ public function isLookupServerUploadEnabled() {
 		return ($result === 'yes');
 	}
 
+	public function isFederatedTrustedShareAutoAccept() {
+		$result = $this->config->getAppValue('files_sharing', 'federatedTrustedShareAutoAccept', 'yes');
+		return ($result === 'yes');
+	}
+
 	/**
 	 * @inheritdoc
 	 */

diff --git a/apps/federatedfilesharing/lib/OCM/CloudFederationProviderFiles.php b/apps/federatedfilesharing/lib/OCM/CloudFederationProviderFiles.php
@@ -10,6 +10,7 @@
 use OC\Files\Filesystem;
 use OCA\FederatedFileSharing\AddressHandler;
 use OCA\FederatedFileSharing\FederatedShareProvider;
+use OCA\Federation\TrustedServers;
 use OCA\Files_Sharing\Activity\Providers\RemoteShares;
 use OCA\Files_Sharing\External\Manager;
 use OCA\GlobalSiteSelector\Service\SlaveService;
@@ -66,6 +67,7 @@ public function __construct(
 		private LoggerInterface $logger,
 		private IFilenameValidator $filenameValidator,
 		private readonly IProviderFactory $shareProviderFactory,
+		private TrustedServers $trustedServers,
 	) {
 	}
 
@@ -163,6 +165,11 @@ public function shareReceived(ICloudFederationShare $share) {
 						->setObject('remote_share', $shareId, $name);
 					\OC::$server->getActivityManager()->publish($event);
 					$this->notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $ownerDisplayName);
+
+					// If auto-accept is enabled, accept the share
+					if ($this->federatedShareProvider->isFederatedTrustedShareAutoAccept() && $this->trustedServers->isTrustedServer($remote)) {
+						$this->externalShareManager->acceptShare($shareId, $shareWith);
+					}
 				} else {
 					$groupMembers = $this->groupManager->get($shareWith)->getUsers();
 					foreach ($groupMembers as $user) {
@@ -174,8 +181,14 @@ public function shareReceived(ICloudFederationShare $share) {
 							->setObject('remote_share', $shareId, $name);
 						\OC::$server->getActivityManager()->publish($event);
 						$this->notifyAboutNewShare($user->getUID(), $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $ownerDisplayName);
+
+						// If auto-accept is enabled, accept the share
+						if ($this->federatedShareProvider->isFederatedTrustedShareAutoAccept() && $this->trustedServers->isTrustedServer($remote)) {
+							$this->externalShareManager->acceptShare($shareId, $user->getUID());
+						}
 					}
 				}
+
 				return $shareId;
 			} catch (\Exception $e) {
 				$this->logger->error('Server can not add remote share.', [

diff --git a/apps/federatedfilesharing/lib/Settings/Admin.php b/apps/federatedfilesharing/lib/Settings/Admin.php
@@ -40,6 +40,7 @@ public function getForm() {
 		$this->initialState->provideInitialState('incomingServer2serverGroupShareEnabled', $this->fedShareProvider->isIncomingServer2serverGroupShareEnabled());
 		$this->initialState->provideInitialState('lookupServerEnabled', $this->fedShareProvider->isLookupServerQueriesEnabled());
 		$this->initialState->provideInitialState('lookupServerUploadEnabled', $this->fedShareProvider->isLookupServerUploadEnabled());
+		$this->initialState->provideInitialState('federatedTrustedShareAutoAccept', $this->fedShareProvider->isFederatedTrustedShareAutoAccept());
 
 		return new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');
 	}
@@ -76,6 +77,7 @@ public function getAuthorizedAppConfig(): array {
 				'incomingServer2serverGroupShareEnabled',
 				'lookupServerEnabled',
 				'lookupServerUploadEnabled',
+				'federatedTrustedShareAutoAccept',
 			],
 		];
 	}

diff --git a/apps/federatedfilesharing/src/components/AdminSettings.vue b/apps/federatedfilesharing/src/components/AdminSettings.vue
@@ -43,6 +43,18 @@
 			@update:checked="update('lookupServerUploadEnabled', lookupServerUploadEnabled)">
 			{{ t('federatedfilesharing', 'Allow people to publish their data to a global and public address book') }}
 		</NcCheckboxRadioSwitch>
+
+		<!-- Trusted server handling -->
+		<div class="settings-subsection">
+			<h3 class="settings-subsection__name">
+				{{ t('federatedfilesharing', 'Trusted federation') }}
+			</h3>
+			<NcCheckboxRadioSwitch type="switch"
+				:checked.sync="federatedTrustedShareAutoAccept"
+				@update:checked="update('federatedTrustedShareAutoAccept', federatedTrustedShareAutoAccept)">
+				{{ t('federatedfilesharing', 'Automatically accept shares from trusted federated accounts and groups by default') }}
+			</NcCheckboxRadioSwitch>
+		</div>
 	</NcSettingsSection>
 </template>
 
@@ -74,6 +86,7 @@ export default {
 			federatedGroupSharingSupported: loadState('federatedfilesharing', 'federatedGroupSharingSupported'),
 			lookupServerEnabled: loadState('federatedfilesharing', 'lookupServerEnabled'),
 			lookupServerUploadEnabled: loadState('federatedfilesharing', 'lookupServerUploadEnabled'),
+			federatedTrustedShareAutoAccept: loadState('federatedfilesharing', 'federatedTrustedShareAutoAccept'),
 			internalOnly: loadState('federatedfilesharing', 'internalOnly'),
 			sharingFederatedDocUrl: loadState('federatedfilesharing', 'sharingFederatedDocUrl'),
 		}
@@ -111,3 +124,17 @@ export default {
 	},
 }
 </script>
+<style scoped>
+.settings-subsection {
+	margin-top: 20px;
+}
+.settings-subsection__name {
+	display: inline-flex;
+	align-items: center;
+	justify-content: center;
+	font-size: 16px;
+	font-weight: bold;
+	max-width: 900px;
+	margin-top: 0;
+}
+</style>
diff --git a/apps/federatedfilesharing/tests/Settings/AdminTest.php b/apps/federatedfilesharing/tests/Settings/AdminTest.php
@@ -91,10 +91,14 @@ public function testGetForm($state): void {
 			->expects($this->once())
 			->method('isIncomingServer2serverGroupShareEnabled')
 			->willReturn($state);
+		$this->federatedShareProvider
+			->expects($this->once())
+			->method('isFederatedTrustedShareAutoAccept')
+			->willReturn($state);
 		$this->gsConfig->expects($this->once())->method('onlyInternalFederation')
 			->willReturn($state);
 
-		$this->initialState->expects($this->exactly(9))
+		$this->initialState->expects($this->exactly(10))
 			->method('provideInitialState')
 			->withConsecutive(
 				['internalOnly', $state],
@@ -106,6 +110,7 @@ public function testGetForm($state): void {
 				['incomingServer2serverGroupShareEnabled', $state],
 				['lookupServerEnabled', $state],
 				['lookupServerUploadEnabled', $state],
+				['federatedTrustedShareAutoAccept', $state]
 			);
 
 		$expected = new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');

diff --git a/apps/federation/appinfo/routes.php b/apps/federation/appinfo/routes.php
@@ -6,18 +6,6 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 return [
-	'routes' => [
-		[
-			'name' => 'Settings#addServer',
-			'url' => '/trusted-servers',
-			'verb' => 'POST'
-		],
-		[
-			'name' => 'Settings#removeServer',
-			'url' => '/trusted-servers/{id}',
-			'verb' => 'DELETE'
-		],
-	],
 	'ocs' => [
 		// old endpoints, only used by Nextcloud and ownCloud
 		[
@@ -43,5 +31,20 @@
 			'url' => '/shared-secret',
 			'verb' => 'POST',
 		],
+		[
+			'name' => 'Settings#getServers',
+			'url' => '/trusted-servers',
+			'verb' => 'GET'
+		],
+		[
+			'name' => 'Settings#addServer',
+			'url' => '/trusted-servers',
+			'verb' => 'POST'
+		],
+		[
+			'name' => 'Settings#removeServer',
+			'url' => '/trusted-servers/{id}',
+			'verb' => 'DELETE'
+		],
 	],
 ];
diff --git a/apps/federation/css/settings-admin.css b/apps/federation/css/settings-admin.css
@@ -9,11 +9,13 @@
 
 #listOfTrustedServers li {
 	padding-bottom: 10px;
+	display: flex;
+	align-items: center;
 }
 
 .removeTrustedServer {
 	display: none;
-	vertical-align:middle;
+	vertical-align: middle;
 	padding-inline-start: 10px;
 }
 
@@ -26,20 +28,20 @@
 }
 
 #listOfTrustedServers .icon {
-	cursor: pointer;
 	display: inline-block;
+	cursor: pointer;
 	vertical-align: middle;
 	margin-inline-start: 10px;
 }
 
-#ocFederationAddServer #serverUrl {
-	width: 270px;
-}
-
 .serverUrl-block {
-	max-width: 310px;
 	display: flex;
-	flex-direction: row;
 	align-items: center;
-	justify-content: space-between;
+	flex-direction: row;
+	justify-content: flex-start;
+	gap: 8px;
+}
+
+.serverUrl-block input {
+	width: 270px;
 }
diff --git a/apps/federation/js/settings-admin.js b/apps/federation/js/settings-admin.js
@@ -51,9 +51,6 @@
         });
 
         $inpServerUrl.on("change keyup", function (e) {
-
-            console.log("typing away");
-
             var url = $(this).val();
 
             // toggle add-button visibility based on input length
@@ -79,11 +76,11 @@
         OC.msg.startSaving('#ocFederationAddServer .msg');
 
         $.post(
-            OC.generateUrl('/apps/federation/trusted-servers'),
+            OC.getRootPath() + '/ocs/v2.php/apps/federation/trusted-servers',
             {
                 url: url
             }
-        ).done(function (data) {
+        ).done(function({data}) {
             $("#serverUrl").attr('value', '');
             $("#listOfTrustedServers").prepend(
                 $('<li>')
@@ -95,13 +92,13 @@
             OC.msg.finishedSuccess('#ocFederationAddServer .msg', data.message);
         })
         .fail(function (jqXHR) {
-            OC.msg.finishedError('#ocFederationAddServer .msg', JSON.parse(jqXHR.responseText).message);
+            OC.msg.finishedError('#ocFederationAddServer .msg', JSON.parse(jqXHR.responseText).data.message);
         });
     };
 
     function removeServer( id ) {
         $.ajax({
-            url: OC.generateUrl('/apps/federation/trusted-servers/' + id),
+            url: OC.getRootPath() + '/ocs/v2.php/apps/federation/trusted-servers/' + id,
             type: 'DELETE',
             success: function(response) {
                 $("#ocFederationSettings").find("#" + id).remove();

diff --git a/apps/federation/lib/BackgroundJob/GetSharedSecret.php b/apps/federation/lib/BackgroundJob/GetSharedSecret.php
@@ -17,6 +17,7 @@
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\Http\Client\IResponse;
+use OCP\IConfig;
 use OCP\IURLGenerator;
 use OCP\OCS\IDiscoveryService;
 use Psr\Log\LoggerInterface;
@@ -43,6 +44,7 @@ public function __construct(
 		private LoggerInterface $logger,
 		private IDiscoveryService $ocsDiscoveryService,
 		ITimeFactory $timeFactory,
+		private IConfig $config,
 	) {
 		parent::__construct($timeFactory);
 		$this->httpClient = $httpClientService->newClient();
@@ -105,6 +107,7 @@ protected function run($argument) {
 						],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
 				]
 			);
 

diff --git a/apps/federation/lib/BackgroundJob/RequestSharedSecret.php b/apps/federation/lib/BackgroundJob/RequestSharedSecret.php
@@ -18,6 +18,7 @@
 use OCP\BackgroundJob\Job;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
+use OCP\IConfig;
 use OCP\IURLGenerator;
 use OCP\OCS\IDiscoveryService;
 use Psr\Log\LoggerInterface;
@@ -47,6 +48,7 @@ public function __construct(
 		private IDiscoveryService $ocsDiscoveryService,
 		private LoggerInterface $logger,
 		ITimeFactory $timeFactory,
+		private IConfig $config,
 	) {
 		parent::__construct($timeFactory);
 		$this->httpClient = $httpClientService->newClient();
@@ -116,6 +118,7 @@ protected function run($argument) {
 					],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
 				]
 			);