Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit4b68489

Browse files
committed
fix(ocm): fully disable signed request on config
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
1 parent7c7010c commit4b68489

File tree

1 file changed

+20
-16
lines changed

1 file changed

+20
-16
lines changed

‎apps/cloud_federation_api/lib/Controller/RequestHandlerController.php‎

Lines changed: 20 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -106,14 +106,16 @@ public function __construct(
106106
#[NoCSRFRequired]
107107
#[BruteForceProtection(action:'receiveFederatedShare')]
108108
publicfunctionaddShare($shareWith,$name,$description,$providerId,$owner,$ownerDisplayName,$sharedBy,$sharedByDisplayName,$protocol,$shareType,$resourceType) {
109-
try {
110-
// if request is signed and well signed, no exception are thrown
111-
// if request is not signed and host is known for not supporting signed request, no exception are thrown
112-
$signedRequest =$this->getSignedRequest();
113-
$this->confirmSignedOrigin($signedRequest,'owner',$owner);
114-
}catch (IncomingRequestException$e) {
115-
$this->logger->warning('incoming request exception', ['exception' =>$e]);
116-
returnnewJSONResponse(['message' =>$e->getMessage(),'validationErrors' => []], Http::STATUS_BAD_REQUEST);
109+
if (!$this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_DISABLED, lazy:true)) {
110+
try {
111+
// if request is signed and well signed, no exception are thrown
112+
// if request is not signed and host is known for not supporting signed request, no exception are thrown
113+
$signedRequest =$this->getSignedRequest();
114+
$this->confirmSignedOrigin($signedRequest,'owner',$owner);
115+
}catch (IncomingRequestException$e) {
116+
$this->logger->warning('incoming request exception', ['exception' =>$e]);
117+
returnnewJSONResponse(['message' =>$e->getMessage(),'validationErrors' => []], Http::STATUS_BAD_REQUEST);
118+
}
117119
}
118120

119121
// check if all required parameters are set
@@ -354,14 +356,16 @@ public function receiveNotification($notificationType, $resourceType, $providerI
354356
);
355357
}
356358

357-
try {
358-
// if request is signed and well signed, no exception are thrown
359-
// if request is not signed and host is known for not supporting signed request, no exception are thrown
360-
$signedRequest =$this->getSignedRequest();
361-
$this->confirmNotificationIdentity($signedRequest,$resourceType,$notification);
362-
}catch (IncomingRequestException$e) {
363-
$this->logger->warning('incoming request exception', ['exception' =>$e]);
364-
returnnewJSONResponse(['message' =>$e->getMessage(),'validationErrors' => []], Http::STATUS_BAD_REQUEST);
359+
if (!$this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_DISABLED, lazy:true)) {
360+
try {
361+
// if request is signed and well signed, no exception are thrown
362+
// if request is not signed and host is known for not supporting signed request, no exception are thrown
363+
$signedRequest =$this->getSignedRequest();
364+
$this->confirmNotificationIdentity($signedRequest,$resourceType,$notification);
365+
}catch (IncomingRequestException$e) {
366+
$this->logger->warning('incoming request exception', ['exception' =>$e]);
367+
returnnewJSONResponse(['message' =>$e->getMessage(),'validationErrors' => []], Http::STATUS_BAD_REQUEST);
368+
}
365369
}
366370

367371
try {

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp