From f8592e5e798b9ef07b759c8ece3b1f847239a9ad Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 16 Jul 2019 14:24:47 +0200 Subject: [PATCH] Only prevent disabling encrytion via the API Signed-off-by: Joas Schilling --- .../lib/Controller/AppConfigController.php | 13 +++++--- .../Controller/AppConfigControllerTest.php | 33 +++++++++++-------- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/apps/provisioning_api/lib/Controller/AppConfigController.php b/apps/provisioning_api/lib/Controller/AppConfigController.php index 6e61e10a2f..eda46ee8e2 100644 --- a/apps/provisioning_api/lib/Controller/AppConfigController.php +++ b/apps/provisioning_api/lib/Controller/AppConfigController.php @@ -106,7 +106,7 @@ class AppConfigController extends OCSController { public function setValue(string $app, string $key, string $value): DataResponse { try { $this->verifyAppId($app); - $this->verifyConfigKey($app, $key); + $this->verifyConfigKey($app, $key, $value); } catch (\InvalidArgumentException $e) { return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN); } @@ -124,7 +124,7 @@ class AppConfigController extends OCSController { public function deleteKey(string $app, string $key): DataResponse { try { $this->verifyAppId($app); - $this->verifyConfigKey($app, $key); + $this->verifyConfigKey($app, $key, ''); } catch (\InvalidArgumentException $e) { return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN); } @@ -146,14 +146,19 @@ class AppConfigController extends OCSController { /** * @param string $app * @param string $key + * @param string $value * @throws \InvalidArgumentException */ - protected function verifyConfigKey(string $app, string $key) { + protected function verifyConfigKey(string $app, string $key, string $value) { if (in_array($key, ['installed_version', 'enabled', 'types'])) { throw new \InvalidArgumentException('The given key can not be set'); } - if ($app === 'core' && ($key === 'encryption_enabled' || strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) { + if ($app === 'core' && $key === 'encryption_enabled' && $value !== 'yes') { + throw new \InvalidArgumentException('The given key can not be set'); + } + + if ($app === 'core' && (strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) { throw new \InvalidArgumentException('The given key can not be set'); } } diff --git a/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php b/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php index 2f299b5858..c9b762d1fb 100644 --- a/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php +++ b/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php @@ -342,9 +342,10 @@ class AppConfigControllerTest extends TestCase { public function dataVerifyConfigKey() { return [ - ['activity', 'abc'], - ['dav', 'public_route'], - ['files', 'remote_route'], + ['activity', 'abc', ''], + ['dav', 'public_route', ''], + ['files', 'remote_route', ''], + ['core', 'encryption_enabled', 'yes'], ]; } @@ -352,22 +353,25 @@ class AppConfigControllerTest extends TestCase { * @dataProvider dataVerifyConfigKey * @param string $app * @param string $key + * @param string $value */ - public function testVerifyConfigKey($app, $key) { + public function testVerifyConfigKey($app, $key, $value) { $api = $this->getInstance(); - $this->invokePrivate($api, 'verifyConfigKey', [$app, $key]); + $this->invokePrivate($api, 'verifyConfigKey', [$app, $key, $value]); $this->addToAssertionCount(1); } public function dataVerifyConfigKeyThrows() { return [ - ['activity', 'installed_version'], - ['calendar', 'enabled'], - ['contacts', 'types'], - ['core', 'public_files'], - ['core', 'public_dav'], - ['core', 'remote_files'], - ['core', 'remote_dav'], + ['activity', 'installed_version', ''], + ['calendar', 'enabled', ''], + ['contacts', 'types', ''], + ['core', 'encryption_enabled', 'no'], + ['core', 'encryption_enabled', ''], + ['core', 'public_files', ''], + ['core', 'public_dav', ''], + ['core', 'remote_files', ''], + ['core', 'remote_dav', ''], ]; } @@ -376,9 +380,10 @@ class AppConfigControllerTest extends TestCase { * @expectedException \InvalidArgumentException * @param string $app * @param string $key + * @param string $value */ - public function testVerifyConfigKeyThrows($app, $key) { + public function testVerifyConfigKeyThrows($app, $key, $value) { $api = $this->getInstance(); - $this->invokePrivate($api, 'verifyConfigKey', [$app, $key]); + $this->invokePrivate($api, 'verifyConfigKey', [$app, $key, $value]); } }