Merge pull request #26622 from nextcloud/backport/26613/stable20

[stable20] Do not allow adding file drop shares to your own cloud

apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php

@@ -37,6 +37,7 @@
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
+use OCP\Constants;
 use OCP\Federation\ICloudIdManager;
 use OCP\Http\Client\IClientService;
 use OCP\IL10N;
@@ -157,6 +158,15 @@ public function createFederatedShare($shareWith, $token, $password = '') {
 			return $response;
 		}
 
+		if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
+			$response = new JSONResponse(
+				['message' => 'Mounting file drop not supported'],
+				Http::STATUS_BAD_REQUEST
+			);
+			$response->throttle();
+			return $response;
+		}
+
 		$share->setSharedWith($shareWith);
 		$share->setShareType(IShare::TYPE_REMOTE);
 

apps/federatedfilesharing/tests/Controller/MountPublicLinkControllerTest.php

@@ -138,7 +138,8 @@ public function testCreateFederatedShare($shareWith,
 											 $token,
 											 $validToken,
 											 $createSuccessful,
-											 $expectedReturnData
+											 $expectedReturnData,
+											 $permissions
 	) {
 		$this->federatedShareProvider->expects($this->any())
 			->method('isOutgoingServer2serverShareEnabled')
@@ -156,6 +157,7 @@ function ($shareWith) use ($validShareWith, $expectedReturnData) {
 			);
 
 		$share = $this->share;
+		$share->setPermissions($permissions);
 
 		$this->shareManager->expects($this->any())->method('getShareByToken')
 			->with($token)
@@ -198,15 +200,16 @@ function (IShare $share) use ($createSuccessful, $shareWith, $expectedReturnData
 	public function dataTestCreateFederatedShare() {
 		return [
 			//shareWith, outgoingSharesAllowed, validShareWith, token, validToken, createSuccessful, expectedReturnData
-			['user@server', true, true, 'token', true, true, 'server'],
-			['user@server', true, false, 'token', true, true, 'invalid federated cloud id'],
-			['user@server', true, false, 'token', false, true, 'invalid federated cloud id'],
-			['user@server', true, false, 'token', false, false, 'invalid federated cloud id'],
-			['user@server', true, false, 'token', true, false, 'invalid federated cloud id'],
-			['user@server', true, true, 'token', false, true, 'invalid token'],
-			['user@server', true, true, 'token', false, false, 'invalid token'],
-			['user@server', true, true, 'token', true, false, 'can not create share'],
-			['user@server', false, true, 'token', true, true, 'This server doesn\'t support outgoing federated shares'],
+			['user@server', true, true, 'token', true, true, 'server', 31],
+			['user@server', true, true, 'token', false, false, 'server', 4],
+			['user@server', true, false, 'token', true, true, 'invalid federated cloud id', 31],
+			['user@server', true, false, 'token', false, true, 'invalid federated cloud id', 31],
+			['user@server', true, false, 'token', false, false, 'invalid federated cloud id', 31],
+			['user@server', true, false, 'token', true, false, 'invalid federated cloud id', 31],
+			['user@server', true, true, 'token', false, true, 'invalid token', 31],
+			['user@server', true, true, 'token', false, false, 'invalid token', 31],
+			['user@server', true, true, 'token', true, false, 'can not create share', 31],
+			['user@server', false, true, 'token', true, true, 'This server doesn\'t support outgoing federated shares', 31],
 		];
 	}
 }