diff options
| author | Daniel Kesselberg <mail@danielkesselberg.de> | 2024-07-02 20:34:07 +0200 |
|---|---|---|
| committer | Côme Chilliet <come.chilliet@nextcloud.com> | 2024-09-05 10:30:36 +0200 |
| commit | 4ce4d7b9b31268f3b9242eaa73be6390890ef761 (patch) | |
| tree | 76fa7e6f95ad4d51dbd4ffe0242de1cc67e3f8fd /apps | |
| parent | 332b3efdf0df6bd489d83f58e8ffa677749d0774 (diff) | |
| download | nextcloud-server-4ce4d7b9b31268f3b9242eaa73be6390890ef761.tar.gz nextcloud-server-4ce4d7b9b31268f3b9242eaa73be6390890ef761.zip | |
fix: add option to remove the webroot for setup checks and don't check trusted_domains.
1) The checks for well-known urls should always run against the root domain and therefore the option to remove the webroot.
2) For trusted domains, the available protocol is unknown, and thus some guesswork would be needed to make that work. I've decided for now to not consider them anymore to reduce false-positives.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/settings/lib/SetupChecks/CheckServerResponseTrait.php | 47 | ||||
| -rw-r--r-- | apps/settings/lib/SetupChecks/OcxProviders.php | 2 | ||||
| -rw-r--r-- | apps/settings/lib/SetupChecks/WellKnownUrls.php | 2 |
3 files changed, 38 insertions, 13 deletions
diff --git a/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php b/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php index a77e0d87f27..49a9bcee9d4 100644 --- a/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php +++ b/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php @@ -35,27 +35,52 @@ trait CheckServerResponseTrait { /** * Get all possible URLs that need to be checked for a local request test. - * This takes all `trusted_domains` and the CLI overwrite URL into account. * * @param string $url The relative URL to test * @return string[] List of possible absolute URLs */ - protected function getTestUrls(string $url): array { - $hosts = $this->config->getSystemValue('trusted_domains', []); - $cliUrl = $this->config->getSystemValue('overwrite.cli.url', ''); - if ($cliUrl !== '') { - $hosts[] = $cliUrl; + protected function getTestUrls(string $url, bool $removeWebroot): array { + $testUrls = []; + + $webroot = $this->urlGenerator->getWebroot(); + + $baseUrl = $this->normalizeUrl( + $this->urlGenerator->getBaseUrl(), + $webroot, + $removeWebroot + ); + + $testUrls[] = $baseUrl . $url; + + $cliUrl = $this->config->getSystemValueString('overwrite.cli.url', ''); + if ($cliUrl === '') { + return $testUrls; } - $testUrls = array_merge( - [$this->urlGenerator->getAbsoluteURL($url)], - array_map(fn (string $host): string => $host . $url, $hosts), + $cliUrl = $this->normalizeUrl( + $cliUrl, + $webroot, + $removeWebroot ); + if ($cliUrl !== $baseUrl) { + $testUrls[] = $cliUrl . $url; + } + return $testUrls; } /** + * Strip a trailing slash and remove the webroot if requested. + */ + protected function normalizeUrl(string $url, string $webroot, bool $removeWebroot): string { + if ($removeWebroot && str_contains($url, $webroot)) { + $url = substr($url, -strlen($webroot)); + } + return rtrim($url, '/'); + } + + /** * Run a HTTP request to check header * @param string $method The HTTP method to use * @param string $url The relative URL to check @@ -69,14 +94,14 @@ trait CheckServerResponseTrait { * * @return Generator<int, IResponse> */ - protected function runRequest(string $method, string $url, array $options = []): Generator { + protected function runRequest(string $method, string $url, array $options = [], bool $removeWebroot = false): Generator { $options = array_merge(['ignoreSSL' => true, 'httpErrors' => true], $options); $client = $this->clientService->newClient(); $requestOptions = $this->getRequestOptions($options['ignoreSSL'], $options['httpErrors']); $requestOptions = array_merge($requestOptions, $options['options'] ?? []); - foreach ($this->getTestUrls($url) as $testURL) { + foreach ($this->getTestUrls($url, $removeWebroot) as $testURL) { try { yield $client->request($method, $testURL, $requestOptions); } catch (\Throwable $e) { diff --git a/apps/settings/lib/SetupChecks/OcxProviders.php b/apps/settings/lib/SetupChecks/OcxProviders.php index ecb8ecd6609..84da99dbfb0 100644 --- a/apps/settings/lib/SetupChecks/OcxProviders.php +++ b/apps/settings/lib/SetupChecks/OcxProviders.php @@ -51,7 +51,7 @@ class OcxProviders implements ISetupCheck { ]; foreach ($providers as $provider) { - foreach ($this->runRequest('HEAD', $this->urlGenerator->getWebroot() . $provider, ['httpErrors' => false]) as $response) { + foreach ($this->runRequest('HEAD', $provider, ['httpErrors' => false]) as $response) { $testedProviders[$provider] = true; if ($response->getStatusCode() === 200) { $workingProviders[] = $provider; diff --git a/apps/settings/lib/SetupChecks/WellKnownUrls.php b/apps/settings/lib/SetupChecks/WellKnownUrls.php index 2b5481d16ff..565544cfdd7 100644 --- a/apps/settings/lib/SetupChecks/WellKnownUrls.php +++ b/apps/settings/lib/SetupChecks/WellKnownUrls.php @@ -52,7 +52,7 @@ class WellKnownUrls implements ISetupCheck { foreach ($urls as [$verb,$url,$validStatuses,$checkCustomHeader]) { $works = null; - foreach ($this->runRequest($verb, $url, ['httpErrors' => false, 'options' => ['allow_redirects' => ['track_redirects' => true]]]) as $response) { + foreach ($this->runRequest($verb, $url, ['httpErrors' => false, 'options' => ['allow_redirects' => ['track_redirects' => true]]], removeWebroot: true) as $response) { // Check that the response status matches $works = in_array($response->getStatusCode(), $validStatuses); // and (if needed) the custom Nextcloud header is set |