diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2024-01-16 12:31:18 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-16 12:31:18 +0100 |
| commit | 5aa42fa83c2edcbd0477caee39040655e8e8257c (patch) | |
| tree | 453645aa64d8866080cb56a5043bca1226c188d9 | |
| parent | 15b14378824b53dbfd9358d082a12dccfd314d76 (diff) | |
| parent | 0148dab1e71456a43442925c1e1e7102049da8a0 (diff) | |
| download | nextcloud-server-5aa42fa83c2edcbd0477caee39040655e8e8257c.tar.gz nextcloud-server-5aa42fa83c2edcbd0477caee39040655e8e8257c.zip | |
Merge pull request #42831 from nextcloud/backport/42806/stable27
[stable27] fix(appstore): Only send subscription keys to valid appstores
| -rw-r--r-- | lib/private/App/AppStore/Fetcher/Fetcher.php | 11 | ||||
| -rw-r--r-- | tests/lib/App/AppStore/Fetcher/AppFetcherTest.php | 95 |
2 files changed, 100 insertions, 6 deletions
diff --git a/lib/private/App/AppStore/Fetcher/Fetcher.php b/lib/private/App/AppStore/Fetcher/Fetcher.php index 095b026cb44..18beb9dd19b 100644 --- a/lib/private/App/AppStore/Fetcher/Fetcher.php +++ b/lib/private/App/AppStore/Fetcher/Fetcher.php @@ -109,10 +109,13 @@ abstract class Fetcher { ]; } - // If we have a valid subscription key, send it to the appstore - $subscriptionKey = $this->config->getAppValue('support', 'subscription_key'); - if ($this->registry->delegateHasValidSubscription() && $subscriptionKey) { - $options['headers']['X-NC-Subscription-Key'] = $subscriptionKey; + if ($this->config->getSystemValueString('appstoreurl', 'https://apps.nextcloud.com/api/v1') === 'https://apps.nextcloud.com/api/v1') { + // If we have a valid subscription key, send it to the appstore + $subscriptionKey = $this->config->getAppValue('support', 'subscription_key'); + if ($this->registry->delegateHasValidSubscription() && $subscriptionKey) { + $options['headers'] ??= []; + $options['headers']['X-NC-Subscription-Key'] = $subscriptionKey; + } } $client = $this->clientService->newClient(); diff --git a/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php b/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php index 39b0a699092..0f279c6f884 100644 --- a/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php +++ b/tests/lib/App/AppStore/Fetcher/AppFetcherTest.php @@ -2098,6 +2098,95 @@ EJL3BaQAQaASSsvFrcozYxrQG4VzEg== ->willReturnCallback(function ($key, $default) { if ($key === 'version') { return '11.0.0.2'; + } else { + return $default; + } + }); + $this->config->method('getSystemValue') + ->willReturnCallback(function ($key, $default) { + if ($key === 'appsallowlist') { + return ['contacts']; + } + return $default; + }); + $this->config->method('getAppValue') + ->willReturnCallback(function ($app, $key, $default) { + if ($app === 'support' && $key === 'subscription_key') { + return 'subscription-key'; + } + return $default; + }); + $this->config + ->method('getSystemValueBool') + ->willReturnArgument(1); + + $file = $this->createMock(ISimpleFile::class); + $folder = $this->createMock(ISimpleFolder::class); + $folder + ->expects($this->once()) + ->method('getFile') + ->with('apps.json') + ->willThrowException(new NotFoundException()); + $folder + ->expects($this->once()) + ->method('newFile') + ->with('apps.json') + ->willReturn($file); + $this->appData + ->expects($this->once()) + ->method('getFolder') + ->with('/') + ->willReturn($folder); + $client = $this->createMock(IClient::class); + $this->clientService + ->expects($this->once()) + ->method('newClient') + ->willReturn($client); + $response = $this->createMock(IResponse::class); + $client + ->expects($this->once()) + ->method('get') + ->with('https://apps.nextcloud.com/api/v1/apps.json', [ + 'timeout' => 60, + 'headers' => [ + 'X-NC-Subscription-Key' => 'subscription-key', + ], + ]) + ->willReturn($response); + $response + ->expects($this->once()) + ->method('getBody') + ->willReturn(self::$responseJson); + $response->method('getHeader') + ->with($this->equalTo('ETag')) + ->willReturn('"myETag"'); + $this->timeFactory + ->expects($this->once()) + ->method('getTime') + ->willReturn(1234); + + $this->registry + ->expects($this->exactly(2)) + ->method('delegateHasValidSubscription') + ->willReturn(true); + + $file + ->expects($this->once()) + ->method('putContent'); + $file + ->method('getContent') + ->willReturn(json_encode(self::$expectedResponse)); + + $apps = array_values($this->fetcher->get()); + $this->assertEquals(count($apps), 1); + $this->assertEquals($apps[0]['id'], 'contacts'); + } + + public function testGetAppsAllowlistCustomAppstore(): void { + $this->config->method('getSystemValueString') + ->willReturnCallback(function ($key, $default) { + if ($key === 'version') { + return '11.0.0.2'; } elseif ($key === 'appstoreurl' && $default === 'https://apps.nextcloud.com/api/v1') { return 'https://custom.appsstore.endpoint/api/v1'; } else { @@ -2142,7 +2231,9 @@ EJL3BaQAQaASSsvFrcozYxrQG4VzEg== $client ->expects($this->once()) ->method('get') - ->with('https://custom.appsstore.endpoint/api/v1/apps.json') + ->with('https://custom.appsstore.endpoint/api/v1/apps.json', [ + 'timeout' => 60, + ]) ->willReturn($response); $response ->expects($this->once()) @@ -2157,7 +2248,7 @@ EJL3BaQAQaASSsvFrcozYxrQG4VzEg== ->willReturn(1234); $this->registry - ->expects($this->exactly(2)) + ->expects($this->exactly(1)) ->method('delegateHasValidSubscription') ->willReturn(true); |