diff options
author | Joas Schilling <coding@schilljs.com> | 2024-01-15 15:39:45 +0100 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2024-01-15 15:39:45 +0100 |
commit | 57a30e9bbe688bdc4436ba71a5c934d9ef124e35 (patch) | |
tree | c3e70ab534685b1c73b100121be8f89e7e60d7a5 | |
parent | 32bf74af160482f3f182ce5641f55c80d81c8f19 (diff) | |
download | nextcloud-server-57a30e9bbe688bdc4436ba71a5c934d9ef124e35.tar.gz nextcloud-server-57a30e9bbe688bdc4436ba71a5c934d9ef124e35.zip |
fix(appstore): Only send subscription keys to valid appstores
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r-- | lib/private/App/AppStore/Fetcher/Fetcher.php | 11 | ||||
-rw-r--r-- | tests/lib/App/AppStore/Fetcher/AppFetcherTest.php | 95 |
2 files changed, 100 insertions, 6 deletions
diff --git a/lib/private/App/AppStore/Fetcher/Fetcher.php b/lib/private/App/AppStore/Fetcher/Fetcher.php index 3e76ab2d5da..a693804f50f 100644 --- a/lib/private/App/AppStore/Fetcher/Fetcher.php +++ b/lib/private/App/AppStore/Fetcher/Fetcher.php @@ -109,10 +109,13 @@ abstract class Fetcher { ]; } - // If we have a valid subscription key, send it to the appstore - $subscriptionKey = $this->config->getAppValue('support', 'subscription_key'); - if ($this->registry->delegateHasValidSubscription() && $subscriptionKey) { - $options['headers']['X-NC-Subscription-Key'] = $subscriptionKey; + if ($this->config->getSystemValueString('appstoreurl', 'https://apps.nextcloud.com/api/v1') === 'https://apps.nextcloud.com/api/v1') { + // If we have a valid subscription key, send it to the appstore + $subscriptionKey = $this->config->getAppValue('support', 'subscription_key'); + if ($this->registry->delegateHasValidSubscription() && $subscriptionKey) { + $options['headers'] ??= []; + $options['headers']['X-NC-Subscription-Key'] = $subscriptionKey; + } } $client = $this->clientService->newClient(); diff --git a/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php b/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php index 39b0a699092..0f279c6f884 100644 --- a/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php +++ b/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php @@ -2098,6 +2098,95 @@ EJL3BaQAQaASSsvFrcozYxrQG4VzEg== ->willReturnCallback(function ($key, $default) { if ($key === 'version') { return '11.0.0.2'; + } else { + return $default; + } + }); + $this->config->method('getSystemValue') + ->willReturnCallback(function ($key, $default) { + if ($key === 'appsallowlist') { + return ['contacts']; + } + return $default; + }); + $this->config->method('getAppValue') + ->willReturnCallback(function ($app, $key, $default) { + if ($app === 'support' && $key === 'subscription_key') { + return 'subscription-key'; + } + return $default; + }); + $this->config + ->method('getSystemValueBool') + ->willReturnArgument(1); + + $file = $this->createMock(ISimpleFile::class); + $folder = $this->createMock(ISimpleFolder::class); + $folder + ->expects($this->once()) + ->method('getFile') + ->with('apps.json') + ->willThrowException(new NotFoundException()); + $folder + ->expects($this->once()) + ->method('newFile') + ->with('apps.json') + ->willReturn($file); + $this->appData + ->expects($this->once()) + ->method('getFolder') + ->with('/') + ->willReturn($folder); + $client = $this->createMock(IClient::class); + $this->clientService + ->expects($this->once()) + ->method('newClient') + ->willReturn($client); + $response = $this->createMock(IResponse::class); + $client + ->expects($this->once()) + ->method('get') + ->with('https://apps.nextcloud.com/api/v1/apps.json', [ + 'timeout' => 60, + 'headers' => [ + 'X-NC-Subscription-Key' => 'subscription-key', + ], + ]) + ->willReturn($response); + $response + ->expects($this->once()) + ->method('getBody') + ->willReturn(self::$responseJson); + $response->method('getHeader') + ->with($this->equalTo('ETag')) + ->willReturn('"myETag"'); + $this->timeFactory + ->expects($this->once()) + ->method('getTime') + ->willReturn(1234); + + $this->registry + ->expects($this->exactly(2)) + ->method('delegateHasValidSubscription') + ->willReturn(true); + + $file + ->expects($this->once()) + ->method('putContent'); + $file + ->method('getContent') + ->willReturn(json_encode(self::$expectedResponse)); + + $apps = array_values($this->fetcher->get()); + $this->assertEquals(count($apps), 1); + $this->assertEquals($apps[0]['id'], 'contacts'); + } + + public function testGetAppsAllowlistCustomAppstore(): void { + $this->config->method('getSystemValueString') + ->willReturnCallback(function ($key, $default) { + if ($key === 'version') { + return '11.0.0.2'; } elseif ($key === 'appstoreurl' && $default === 'https://apps.nextcloud.com/api/v1') { return 'https://custom.appsstore.endpoint/api/v1'; } else { @@ -2142,7 +2231,9 @@ EJL3BaQAQaASSsvFrcozYxrQG4VzEg== $client ->expects($this->once()) ->method('get') - ->with('https://custom.appsstore.endpoint/api/v1/apps.json') + ->with('https://custom.appsstore.endpoint/api/v1/apps.json', [ + 'timeout' => 60, + ]) ->willReturn($response); $response ->expects($this->once()) @@ -2157,7 +2248,7 @@ EJL3BaQAQaASSsvFrcozYxrQG4VzEg== ->willReturn(1234); $this->registry - ->expects($this->exactly(2)) + ->expects($this->exactly(1)) ->method('delegateHasValidSubscription') ->willReturn(true); |