upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-11 01:30:50 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 79

Merge pull request #58009 from nextcloud/bugfix/noid/dont-validate-empty-strings
Some checks are pending
CodeQL Advanced / Analyze (actions) (push) Waiting to run
Details
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Details
Integration sqlite / changes (push) Waiting to run
Details
Integration sqlite / integration-sqlite (master, 8.4, main, --tags ~@large files_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, capabilities_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, collaboration_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, comments_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, dav_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, federation_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, file_conversions) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, files_reminders) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, filesdrop_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, ldap_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, openldap_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, openldap_numerical_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, remoteapi_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, routing_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, setup_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, sharees_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, sharing_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, theming_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (master, 8.4, main, videoverification_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite-summary (push) Blocked by required conditions
Details
Psalm static code analysis / static-code-analysis (push) Waiting to run
Details
Psalm static code analysis / static-code-analysis-security (push) Waiting to run
Details
Psalm static code analysis / static-code-analysis-ocp (push) Waiting to run
Details
Psalm static code analysis / static-code-analysis-ncu (push) Waiting to run
Details
Psalm static code analysis / static-code-analysis-strict (push) Waiting to run
Details

Browse source 
fix(federation): Don't ask the database for an empty url
This commit is contained in:
Joas Schilling 2026-02-03 09:08:12 +01:00 committed by GitHub
commit 34c2125217
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 18 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apps/federation/lib/Controller/OCSAuthAPIController.php
View file

@ -163,7 +163,10 @@ class OCSAuthAPIController extends OCSController {
}
protected function isValidToken(string $url, string $token): bool {
if ($url === '' || $token === '') {
return false;
}
$storedToken = $this->dbHandler->getToken($url);
return hash_equals($storedToken, $token);
return $storedToken !== '' && hash_equals($storedToken, $token);
}
}

32
apps/federation/tests/Controller/OCSAuthAPIControllerTest.php
View file

@ -110,28 +110,24 @@ class OCSAuthAPIControllerTest extends TestCase {
$token = 'token';
/** @var OCSAuthAPIController&MockObject $ocsAuthApi */
$ocsAuthApi = $this->getMockBuilder(OCSAuthAPIController::class)
->setConstructorArgs(
[
'federation',
$this->request,
$this->secureRandom,
$this->jobList,
$this->trustedServers,
$this->dbHandler,
$this->logger,
$this->timeFactory,
$this->throttler
]
)
->onlyMethods(['isValidToken'])
->getMock();
$ocsAuthApi = new OCSAuthAPIController(
'federation',
$this->request,
$this->secureRandom,
$this->jobList,
$this->trustedServers,
$this->dbHandler,
$this->logger,
$this->timeFactory,
$this->throttler,
);
$this->trustedServers
->expects($this->any())
->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
$ocsAuthApi->expects($this->any())
->method('isValidToken')->with($url, $token)->willReturn($isValidToken);
$this->dbHandler->method('getToken')
->with($url)
->willReturn($isValidToken ? $token : 'not $token');
if ($ok) {
$this->secureRandom->expects($this->once())->method('generate')->with(32)