Allow one more origin. Log the reason of occ controller failure (#26031)

* Log the reason of occ controller failure

* Allow requests from SERVER_ADDR

2 files changed, 27 insertions, 6 deletions

diff --git a/core/Controller/OccController.php b/core/Controller/OccController.php
index 917d02f37f1..0d63c131789 100644
--- a/core/Controller/OccController.php
+++ b/core/Controller/OccController.php
@@ -26,6 +26,7 @@ use OCP\AppFramework\Http\JSONResponse;
 use OC\Console\Application;
 use OCP\IConfig;
 use OCP\IRequest;
+use OCP\ILogger;
 use Symfony\Component\Console\Input\ArrayInput;
 use Symfony\Component\Console\Output\BufferedOutput;
 
@@ -48,6 +49,8 @@ class OccController extends Controller {
 	private $config;
 	/** @var Application */
 	private $console;
+	/** @var ILogger */
+	private $logger;
 
 	/**
 	 * OccController constructor.
@@ -56,12 +59,14 @@ class OccController extends Controller {
 	 * @param IRequest $request
 	 * @param IConfig $config
 	 * @param Application $console
+	 * @param ILogger $logger
 	 */
 	public function __construct($appName, IRequest $request,
-								IConfig $config, Application $console) {
+								IConfig $config, Application $console, ILogger $logger) {
 		parent::__construct($appName, $request);
 		$this->config = $config;
 		$this->console = $console;
+		$this->logger = $logger;
 	}
 
 	/**
@@ -108,6 +113,13 @@ class OccController extends Controller {
 			];
 
 		} catch (\UnexpectedValueException $e){
+			$this->logger->warning(
+				'Invalid request to occ controller. Details: "{details}"',
+				[
+					'app' => 'core',
+					'details' => $e->getMessage()
+				]
+			);
 			$json = [
 				'exitCode' => 126,
 				'response' => 'Not allowed',
@@ -123,8 +135,13 @@ class OccController extends Controller {
 	 * @param $token
 	 */
 	protected function validateRequest($command, $token){
-		if (!in_array($this->request->getRemoteAddress(), ['::1', '127.0.0.1', 'localhost'])) {
-			throw new \UnexpectedValueException('Web executor is not allowed to run from a different host');
+		$allowedHosts = ['::1', '127.0.0.1', 'localhost'];
+		if (isset($this->request->server['SERVER_ADDR'])){
+			array_push($allowedHosts, $this->request->server['SERVER_ADDR']);
+		}
+
+		if (!in_array($this->request->getRemoteAddress(), $allowedHosts)) {
+			throw new \UnexpectedValueException('Web executor is not allowed to run from a host ' . $this->request->getRemoteAddress());
 		}
 
 		if (!in_array($command, $this->allowedCommands)) {
diff --git a/tests/Core/Controller/OccControllerTest.php b/tests/Core/Controller/OccControllerTest.php
index 682d9170096..46221d68b54 100644
--- a/tests/Core/Controller/OccControllerTest.php
+++ b/tests/Core/Controller/OccControllerTest.php
@@ -46,7 +46,8 @@ class OccControllerTest extends TestCase {
 	private $console;
 
 	public function testFromInvalidLocation(){
-		$this->getControllerMock('example.org');
+		$fakeHost = 'example.org';
+		$this->getControllerMock($fakeHost);
 
 		$response = $this->controller->execute('status', '');
 		$responseData = $response->getData();
@@ -55,7 +56,7 @@ class OccControllerTest extends TestCase {
 		$this->assertEquals(126, $responseData['exitCode']);
 
 		$this->assertArrayHasKey('details', $responseData);
-		$this->assertEquals('Web executor is not allowed to run from a different host', $responseData['details']);
+		$this->assertEquals('Web executor is not allowed to run from a host ' . $fakeHost, $responseData['details']);
 	}
 
 	public function testNotWhiteListedCommand(){
@@ -136,7 +137,10 @@ class OccControllerTest extends TestCase {
 			'core',
 			$this->request,
 			$this->config,
-			$this->console
+			$this->console,
+			$this->getMockBuilder('\OCP\ILogger')
+				->disableOriginalConstructor()
+				->getMock()
 		);
 	}