diff options
| author | Joas Schilling <coding@schilljs.com> | 2024-01-31 12:46:16 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2024-02-12 16:54:15 +0100 |
| commit | 7412cf4c67942cfa1c07e917804a7a4fd5208041 (patch) | |
| tree | 3779eb5abcc4ad67a61e0ba6ab69ff235f11b219 /lib/Federation/CloudFederationProviderTalk.php | |
| parent | 9dc0ff02198dfdcdb5061b2630f3363d9dec7c03 (diff) | |
feat(federation): Add appconfig options to restrict federation
- Incoming federation
- Outgoing federation
- Group list
- Limit federation to trusted servers
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/Federation/CloudFederationProviderTalk.php')
| -rw-r--r-- | lib/Federation/CloudFederationProviderTalk.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/Federation/CloudFederationProviderTalk.php b/lib/Federation/CloudFederationProviderTalk.php index 224aad911..0a331cdb4 100644 --- a/lib/Federation/CloudFederationProviderTalk.php +++ b/lib/Federation/CloudFederationProviderTalk.php @@ -44,6 +44,7 @@ use OCA\Talk\Service\ParticipantService; use OCA\Talk\Service\RoomService; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; +use OCP\AppFramework\Services\IAppConfig; use OCP\DB\Exception as DBException; use OCP\EventDispatcher\IEventDispatcher; use OCP\Federation\Exceptions\ActionNotSupportedException; @@ -68,6 +69,7 @@ class CloudFederationProviderTalk implements ICloudFederationProvider { private AddressHandler $addressHandler, private FederationManager $federationManager, private Config $config, + private IAppConfig $appConfig, private INotificationManager $notificationManager, private ParticipantService $participantService, private RoomService $roomService, @@ -97,6 +99,10 @@ class CloudFederationProviderTalk implements ICloudFederationProvider { $this->logger->debug('Received a federation invite but federation is disabled'); throw new ProviderCouldNotAddShareException('Server does not support talk federation', '', Http::STATUS_SERVICE_UNAVAILABLE); } + if (!$this->appConfig->getAppValueBool('federation_incoming_enabled', true)) { + $this->logger->warning('Received a federation invite but incoming federation is disabled'); + throw new ProviderCouldNotAddShareException('Server does not support talk federation', '', Http::STATUS_SERVICE_UNAVAILABLE); + } if (!in_array($share->getShareType(), $this->getSupportedShareTypes(), true)) { $this->logger->debug('Received a federation invite for invalid share type'); throw new ProviderCouldNotAddShareException('Support for sharing with non-users not implemented yet', '', Http::STATUS_NOT_IMPLEMENTED); @@ -135,6 +141,16 @@ class CloudFederationProviderTalk implements ICloudFederationProvider { throw new ProviderCouldNotAddShareException('User does not exist', '', Http::STATUS_BAD_REQUEST); } + if ($this->config->isDisabledForUser($shareWith)) { + $this->logger->debug('Received a federation invite for user that is not allowed to use Talk'); + throw new ProviderCouldNotAddShareException('User does not exist', '', Http::STATUS_BAD_REQUEST); + } + + if (!$this->config->isFederationEnabledForUserId($shareWith)) { + $this->logger->debug('Received a federation invite for user that is not allowed to use Talk Federation'); + throw new ProviderCouldNotAddShareException('User does not exist', '', Http::STATUS_BAD_REQUEST); + } + $invite = $this->federationManager->addRemoteRoom($shareWith, (int) $remoteId, $roomType, $roomName, $roomToken, $remote, $shareSecret); $this->notifyAboutNewShare($shareWith, (string) $invite->getId(), $sharedByFederatedId, $sharedBy, $roomName, $roomToken, $remote); |