Merge pull request #60581 from nextcloud/backport/60547/stable26
Some checks failed
Cypress / init (push) Has been cancelled
Lint eslint / eslint (push) Has been cancelled
Lint php / php-lint (push) Has been cancelled
Node / versions (push) Has been cancelled
Node / node (push) Has been cancelled
S3 primary storage integration tests / php8.0-objectstore-minio (push) Has been cancelled
S3 primary storage integration tests / php8.0-objectstore_multibucket-minio (push) Has been cancelled
S3 primary storage / php8.0-objectstore-minio (push) Has been cancelled
S3 primary storage / php8.0-objectstore_multibucket-minio (push) Has been cancelled
Psalm static code analysis / static-code-analysis (push) Has been cancelled
Psalm static code analysis / static-code-analysis-security (push) Has been cancelled
Psalm static code analysis / static-code-analysis-ocp (push) Has been cancelled
Cypress / runner 1 (push) Has been cancelled
Cypress / runner 2 (push) Has been cancelled
Cypress / runner component (push) Has been cancelled
Cypress / cypress-summary (push) Has been cancelled
Lint php / php-lint-summary (push) Has been cancelled
Node / test (push) Has been cancelled
Node / jsunit (push) Has been cancelled
Node / handlebars (push) Has been cancelled
S3 primary storage integration tests / s3-primary-integration-summary (push) Has been cancelled
S3 primary storage / s3-primary-summary (push) Has been cancelled

[stable26] fix: don't tell the remote their token is lower
This commit is contained in:
Stephan Orbaugh 2026-05-20 20:27:42 +02:00 committed by GitHub
commit fb712cf650
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 4 deletions

View file

@ -126,7 +126,7 @@ class OCSAuthAPIController extends OCSController {
'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.',
['app' => 'federation']
);
throw new OCSForbiddenException();
return new DataResponse();
}
$this->jobList->add(

View file

@ -125,9 +125,9 @@ class OCSAuthAPIControllerTest extends TestCase {
try {
$this->ocsAuthApi->requestSharedSecret($url, $token);
$this->assertTrue($ok);
$this->assertTrue($isTrustedServer);
} catch (OCSForbiddenException $e) {
$this->assertFalse($ok);
$this->assertFalse($isTrustedServer);
}
}
@ -183,7 +183,6 @@ class OCSAuthAPIControllerTest extends TestCase {
try {
$result = $ocsAuthApi->getSharedSecret($url, $token);
$this->assertTrue($ok);
$data = $result->getData();
$this->assertSame('secret', $data['sharedSecret']);
} catch (OCSForbiddenException $e) {