feat(federatedfilesharing): auto-accept shares from trusted servers

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>

Author: skjnldsv

apps/federatedfilesharing/lib/Controller/RequestHandlerController.php

@@ -39,9 +39,6 @@
 #[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)]
 class RequestHandlerController extends OCSController {
 
-	/** @var string */
-	private $shareTable = 'share';
-
 	public function __construct(
 		string $appName,
 		IRequest $request,

apps/federatedfilesharing/lib/FederatedShareProvider.php

@@ -999,6 +999,11 @@ public function isLookupServerUploadEnabled() {
 		return ($result === 'yes');
 	}
 
+	public function isFederatedTrustedShareAutoAccept() {
+		$result = $this->config->getAppValue('files_sharing', 'federatedTrustedShareAutoAccept', 'yes');
+		return ($result === 'yes');
+	}
+
 	/**
 	 * @inheritdoc
 	 */

apps/federatedfilesharing/lib/OCM/CloudFederationProviderFiles.php

@@ -10,6 +10,7 @@
 use OC\Files\Filesystem;
 use OCA\FederatedFileSharing\AddressHandler;
 use OCA\FederatedFileSharing\FederatedShareProvider;
+use OCA\Federation\TrustedServers;
 use OCA\Files_Sharing\Activity\Providers\RemoteShares;
 use OCA\Files_Sharing\External\Manager;
 use OCA\GlobalSiteSelector\Service\SlaveService;
@@ -66,6 +67,7 @@ public function __construct(
 		private LoggerInterface $logger,
 		private IFilenameValidator $filenameValidator,
 		private readonly IProviderFactory $shareProviderFactory,
+		private TrustedServers $trustedServers,
 	) {
 	}
 
@@ -163,6 +165,11 @@ public function shareReceived(ICloudFederationShare $share) {
 						->setObject('remote_share', $shareId, $name);
 					\OC::$server->getActivityManager()->publish($event);
 					$this->notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $ownerDisplayName);
+
+					// If auto-accept is enabled, accept the share
+					if ($this->federatedShareProvider->isFederatedTrustedShareAutoAccept()) {
+						$this->externalShareManager->acceptShare($shareId, $shareWith);
+					}
 				} else {
 					$groupMembers = $this->groupManager->get($shareWith)->getUsers();
 					foreach ($groupMembers as $user) {
@@ -174,8 +181,14 @@ public function shareReceived(ICloudFederationShare $share) {
 							->setObject('remote_share', $shareId, $name);
 						\OC::$server->getActivityManager()->publish($event);
 						$this->notifyAboutNewShare($user->getUID(), $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $ownerDisplayName);
+
+						// If auto-accept is enabled, accept the share
+						if ($this->federatedShareProvider->isFederatedTrustedShareAutoAccept()) {
+							$this->externalShareManager->acceptShare($shareId, $user->getUID());
+						}
 					}
 				}
+
 				return $shareId;
 			} catch (\Exception $e) {
 				$this->logger->error('Server can not add remote share.', [

apps/federatedfilesharing/lib/Settings/Admin.php

@@ -40,6 +40,7 @@ public function getForm() {
 		$this->initialState->provideInitialState('incomingServer2serverGroupShareEnabled', $this->fedShareProvider->isIncomingServer2serverGroupShareEnabled());
 		$this->initialState->provideInitialState('lookupServerEnabled', $this->fedShareProvider->isLookupServerQueriesEnabled());
 		$this->initialState->provideInitialState('lookupServerUploadEnabled', $this->fedShareProvider->isLookupServerUploadEnabled());
+		$this->initialState->provideInitialState('federatedTrustedShareAutoAccept', $this->fedShareProvider->isFederatedTrustedShareAutoAccept());
 
 		return new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');
 	}
@@ -76,6 +77,7 @@ public function getAuthorizedAppConfig(): array {
 				'incomingServer2serverGroupShareEnabled',
 				'lookupServerEnabled',
 				'lookupServerUploadEnabled',
+				'federatedTrustedShareAutoAccept',
 			],
 		];
 	}

apps/federatedfilesharing/src/components/AdminSettings.vue

@@ -43,6 +43,12 @@
 			@update:checked="update('lookupServerUploadEnabled', lookupServerUploadEnabled)">
 			{{ t('federatedfilesharing', 'Allow people to publish their data to a global and public address book') }}
 		</NcCheckboxRadioSwitch>
+
+		<NcCheckboxRadioSwitch type="switch"
+			:checked.sync="federatedTrustedShareAutoAccept"
+			@update:checked="update('federatedTrustedShareAutoAccept', federatedTrustedShareAutoAccept)">
+			{{ t('federatedfilesharing', 'Automatically accept shares from federated accounts and groups by default') }}
+		</NcCheckboxRadioSwitch>
 	</NcSettingsSection>
 </template>
 
@@ -74,6 +80,7 @@ export default {
 			federatedGroupSharingSupported: loadState('federatedfilesharing', 'federatedGroupSharingSupported'),
 			lookupServerEnabled: loadState('federatedfilesharing', 'lookupServerEnabled'),
 			lookupServerUploadEnabled: loadState('federatedfilesharing', 'lookupServerUploadEnabled'),
+			federatedTrustedShareAutoAccept: loadState('federatedfilesharing', 'federatedTrustedShareAutoAccept'),
 			internalOnly: loadState('federatedfilesharing', 'internalOnly'),
 			sharingFederatedDocUrl: loadState('federatedfilesharing', 'sharingFederatedDocUrl'),
 		}

apps/files_sharing/lib/External/Manager.php

@@ -294,7 +294,18 @@ private function updateAccepted(int $shareId, bool $accepted) : void {
 	 * @param int $id
 	 * @return bool True if the share could be accepted, false otherwise
 	 */
-	public function acceptShare($id) {
+	public function acceptShare($id, $userId = null) {
+		// If we're auto-accepting a share, we need to know the user id
+		// as there is no session available while processing the share
+		// from the remote server request.
+		if ($userId !== null) {
+			$user = $this->userManager->get($userId);
+			if ($user === null) {
+				return false;
+			}
+			$this->uid = $userId;
+		}
+
 		$share = $this->getShare($id);
 		$result = false;
 
@@ -357,6 +368,7 @@ public function acceptShare($id) {
 					}
 				}
 			}
+
 			if ($userShareAccepted !== false) {
 				$this->sendFeedbackToRemote($share['remote'], $share['share_token'], $share['remote_id'], 'accept');
 				$event = new FederatedShareAddedEvent($share['remote']);
@@ -435,6 +447,13 @@ public function declineShare($id) {
 	}
 
 	public function processNotification(int $remoteShare): void {
+		$share = $this->fetchShare($remoteShare);
+		if ($share === false) {
+			return;
+		}
+
+		// Extract the recipient user id from the share
+		$userId = $share['user'];
 		$filter = $this->notificationManager->createNotification();
 		$filter->setApp('files_sharing')
 			->setUser($this->uid)