feat: Allow access to E2EE folder when x-e2ee-supported header is set

Signed-off-by: Louis Chemineau <[email protected]>

Author: artonge

lib/Middleware/UserAgentCheckMiddleware.php

@@ -49,10 +49,6 @@ public function beforeController($controller, $methodName): void {
 			return;
 		}
 
-		if ($this->request->getHeader('x-e2ee-supported') === 'true') {
-			return;
-		}
-
 		throw new OCSForbiddenException('Client "' . $userAgent . '" is not allowed to access end-to-end encrypted content.');
 	}
 }

lib/UserAgentManager.php

@@ -10,6 +10,7 @@
 namespace OCA\EndToEndEncryption;
 
 use OCP\IConfig;
+use OCP\IRequest;
 
 class UserAgentManager {
 
@@ -21,7 +22,10 @@ class UserAgentManager {
 	 */
 	private array $supportedUserAgents;
 
-	public function __construct(IConfig $config) {
+	public function __construct(
+		IConfig $config,
+		private IRequest $request,
+	) {
 		$this->supportedUserAgents = $config->getSystemValue('end_to_end_encryption.supported-user-agents', [
 			'/^Mozilla\/5\.0 \(Android\) Nextcloud\-android\/(?<version>(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)).*$/' => '3.13.0',
 			'/^Mozilla\/5\.0 \([A-Za-z ]+\) (mirall|csyncoC)\/(?<version>(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)).*$/' => '3.0.0',
@@ -51,11 +55,15 @@ public function supportsEndToEndEncryption(string $client): bool {
 			return (version_compare($matches['version'], $minVersion) > -1);
 		}
 
+		if ($this->request->getHeader('x-e2ee-supported') === 'true') {
+			return true;
+		}
+
 		return false;
 	}
 
 	/**
-	 * @return string[]
+	 * @return array<string, string>
 	 */
 	protected function getSupportedUserAgents(): array {
 		return $this->supportedUserAgents;

tests/Unit/Controller/KeyControllerTest.php

@@ -524,7 +524,7 @@ public function testGetPublicServerKeyException(): void {
 
 		$this->logger->expects($this->once())
 			->method('critical')
-			->willReturn($exception->getMessage());
+			->with($exception->getMessage());
 
 		$this->expectException(OCSBadRequestException::class);
 		$this->expectExceptionMessage('Internal error');

tests/Unit/Middleware/UserAgentCheckMiddlewareTest.php

@@ -48,7 +48,7 @@ protected function setUp(): void {
 	 * @dataProvider beforeControllerDataProvider
 	 */
 	public function testBeforeController(bool $hasAnnotation, bool $supportsE2E, bool $expectException, bool $forceSupport) {
-		$this->request->expects($hasAnnotation ? $this->exactly($supportsE2E ? 1 : 2) : $this->never())
+		$this->request->expects($hasAnnotation ? $this->once() : $this->never())
 			->method('getHeader')
 			->willReturnMap([
 				['user-agent', 'user-agent-string'],

tests/Unit/UserAgentManagerTest.php

@@ -11,6 +11,7 @@
 
 use OCA\EndToEndEncryption\UserAgentManager;
 use OCP\IConfig;
+use OCP\IRequest;
 use Test\TestCase;
 
 class UserAgentManagerTest extends TestCase {
@@ -21,14 +22,13 @@ class UserAgentManagerTest extends TestCase {
 	 *
 	 * @dataProvider supportsEndToEndEncryptionDataProvider
 	 */
-	public function testSupportsEndToEndEncryption(string $client,
-		bool $expected): void {
-		$supportedUAs = $this->getSupportedUserAgents();
-		$userAgentManager = $this->getUserAgentManager(['getSupportedUserAgents']);
-		$userAgentManager->expects($this->once())
-			->method('getSupportedUserAgents')
-			->willReturn($supportedUAs);
-
+	public function testSupportsEndToEndEncryption(string $client, bool $expected): void {
+		/** @var IRequest&\PHPUnit\Framework\MockObject\MockObject */
+		$request = $this->createMock(IRequest::class);
+		$request->expects($this->any())
+			->method('getHeader')
+			->willReturn('');
+		$userAgentManager = new UserAgentManager(\OCP\Server::get(IConfig::class), $request);
 		$actual = $userAgentManager->supportsEndToEndEncryption($client);
 		$this->assertEquals($expected, $actual);
 	}
@@ -42,9 +42,12 @@ public function supportsEndToEndEncryptionDataProvider(): array {
 			['Mozilla/5.0 (Android) Nextcloud-android/1.9.9', false],
 			['Mozilla/5.0 (Android) Nextcloud-android/2.1.3', false],
 			['Mozilla/5.0 (Android) Nextcloud-android/2.3.3', false],
-			['Mozilla/5.0 (Android) Nextcloud-android/2.3.4', true],
-			['Mozilla/5.0 (Android) Nextcloud-android/2.4.9', true],
-			['Mozilla/5.0 (Android) Nextcloud-android/3.0.0', true],
+			['Mozilla/5.0 (Android) Nextcloud-android/2.3.4', false],
+			['Mozilla/5.0 (Android) Nextcloud-android/2.4.9', false],
+			['Mozilla/5.0 (Android) Nextcloud-android/3.0.0', false],
+			['Mozilla/5.0 (Android) Nextcloud-android/3.13.0', true],
+			['Mozilla/5.0 (Android) Nextcloud-android/3.13.1', true],
+			['Mozilla/5.0 (Android) Nextcloud-android/3.14.0', true],
 			// Android without version
 			['Mozilla/5.0 (Android) Nextcloud-android/beta', false],
 			['Mozilla/5.0 (Android) Nextcloud-android/', false],
@@ -53,9 +56,11 @@ public function supportsEndToEndEncryptionDataProvider(): array {
 			['Mozilla/5.0 (iOS) Nextcloud-iOS/1.9.9', false],
 			['Mozilla/5.0 (iOS) Nextcloud-iOS/2.1.3', false],
 			['Mozilla/5.0 (iOS) Nextcloud-iOS/2.3.3', false],
-			['Mozilla/5.0 (iOS) Nextcloud-iOS/2.3.4', true],
-			['Mozilla/5.0 (iOS) Nextcloud-iOS/2.4.9', true],
-			['Mozilla/5.0 (iOS) Nextcloud-iOS/3.0.0', true],
+			['Mozilla/5.0 (iOS) Nextcloud-iOS/2.3.4', false],
+			['Mozilla/5.0 (iOS) Nextcloud-iOS/2.4.9', false],
+			['Mozilla/5.0 (iOS) Nextcloud-iOS/3.0.0', false],
+			['Mozilla/5.0 (iOS) Nextcloud-iOS/3.0.5', true],
+			['Mozilla/5.0 (iOS) Nextcloud-iOS/3.1.0', true],
 			// iOS without version
 			['Mozilla/5.0 (iOS) Nextcloud-iOS/beta', false],
 			['Mozilla/5.0 (iOS) Nextcloud-iOS/', false],
@@ -64,43 +69,15 @@ public function supportsEndToEndEncryptionDataProvider(): array {
 			['Mozilla/5.0 (Macintosh) mirall/1.9.9stable (build 20200303) (Nextcloud)', false],
 			['Mozilla/5.0 (Macintosh) mirall/2.1.3rc (build 20200303)', false],
 			['Mozilla/5.0 (Macintosh) mirall/2.3.3', false],
-			['Mozilla/5.0 (Linux) mirall/2.3.4', true],
-			['Mozilla/5.0 (Macintosh) csyncoC/2.4.9RC (build 20200303) (Nextcloud)', true],
+			['Mozilla/5.0 (Linux) mirall/2.3.4', false],
+			['Mozilla/5.0 (Macintosh) csyncoC/2.4.9RC (build 20200303) (Nextcloud)', false],
 			['Mozilla/5.0 (Macintosh) mirall/3.0.0 (build 20200303)', true],
+			['Mozilla/5.0 (Macintosh) mirall/3.0.1 (build 20200303)', true],
+			['Mozilla/5.0 (Macintosh) mirall/3.1.1 (build 20200303)', true],
 			// Desktop without version
 			['Mozilla/5.0 (Macintosh) mirall/ (build 20200303)', false],
 			['Mozilla/5.0 (Macintosh) mirall/', false],
 			['Mozilla/5.0 (Macintosh) mirall', false],
 		];
 	}
-
-	private function getUserAgentManager(array $mockedMethods = []) {
-		if (empty($mockedMethods)) {
-			return new UserAgentManager(\OCP\Server::get(IConfig::class));
-		}
-
-		return $this
-			->getMockBuilder(UserAgentManager::class)
-			->setMethods($mockedMethods)
-			->disableOriginalConstructor()
-			->getMock();
-	}
-
-	/**
-	 * This function returns the user agents to test against
-	 * It keeps the original regex, but replaces the exact version
-	 * so this test suite doesn't break on a simple version bump
-	 *
-	 * @return array
-	 */
-	private function getSupportedUserAgents(): array {
-		$userAgentManager = new UserAgentManager(\OCP\Server::get(IConfig::class));
-		$originalRules = self::invokePrivate($userAgentManager, 'getSupportedUserAgents');
-
-		foreach ($originalRules as $regex => $version) {
-			$originalRules[$regex] = '2.3.4';
-		}
-
-		return $originalRules;
-	}
 }