fixup! feat: calendar federation

Author: st3iny

apps/dav/lib/CalDAV/Federation/CalendarFederationConfig.php

@@ -11,7 +11,7 @@
 
 use OCP\AppFramework\Services\IAppConfig;
 
-final class CalendarFederationConfig {
+class CalendarFederationConfig {
 	public function __construct(
 		private readonly IAppConfig $appConfig,
 	) {

apps/dav/lib/CalDAV/Federation/CalendarFederationProvider.php

@@ -15,6 +15,7 @@
 use OCA\DAV\DAV\Sharing\Backend as DavSharingBackend;
 use OCP\AppFramework\Http;
 use OCP\BackgroundJob\IJobList;
+use OCP\Constants;
 use OCP\Federation\Exceptions\ProviderCouldNotAddShareException;
 use OCP\Federation\ICloudFederationProvider;
 use OCP\Federation\ICloudFederationShare;
@@ -41,7 +42,7 @@ public function shareReceived(ICloudFederationShare $share): string {
 		if (!$this->calendarFederationConfig->isFederationEnabled()) {
 			$this->logger->debug('Received a federation invite but federation is disabled');
 			throw new ProviderCouldNotAddShareException(
-				'Server does not support talk federation',
+				'Server does not support calendar federation',
 				'',
 				Http::STATUS_SERVICE_UNAVAILABLE,
 			);
@@ -58,7 +59,6 @@ public function shareReceived(ICloudFederationShare $share): string {
 		}
 
 		$rawProtocol = $share->getProtocol();
-		// TODO: test what happens if no version in protocol
 		switch ($rawProtocol[ICalendarFederationProtocol::PROP_VERSION]) {
 			case CalendarFederationProtocolV1::VERSION:
 				try {
@@ -92,13 +92,15 @@ public function shareReceived(ICloudFederationShare $share): string {
 			);
 		}
 
-		if ($access !== DavSharingBackend::ACCESS_READ) {
-			throw new ProviderCouldNotAddShareException(
+		// TODO: implement read-write sharing
+		$permissions = match ($access) {
+			DavSharingBackend::ACCESS_READ => Constants::PERMISSION_READ,
+			default => throw new ProviderCouldNotAddShareException(
 				"Unsupported access value: $access",
 				'',
 				Http::STATUS_BAD_REQUEST,
-			);
-		}
+			),
+		};
 
 		// The calendar uri is the local name of the calendar. As such it must not contain slashes.
 		// Just use the hashed url for simplicity here.
@@ -119,7 +121,7 @@ public function shareReceived(ICloudFederationShare $share): string {
 		$calendar->setToken($share->getShareSecret());
 		$calendar->setSharedBy($share->getSharedBy());
 		$calendar->setSharedByDisplayName($share->getSharedByDisplayName());
-		$calendar->setPermissions($access);
+		$calendar->setPermissions($permissions);
 		$calendar->setComponents($components);
 		$calendar = $this->federatedCalendarMapper->insert($calendar);
 

apps/dav/lib/CalDAV/Federation/FederatedCalendarAuth.php

@@ -10,9 +10,8 @@
 namespace OCA\DAV\CalDAV\Federation;
 
 use OCA\DAV\DAV\RemoteUserPrincipalBackend;
-use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCA\DAV\DAV\Sharing\SharingMapper;
 use OCP\Defaults;
-use OCP\IDBConnection;
 use Sabre\DAV\Auth\Backend\BackendInterface;
 use Sabre\HTTP\Auth\Basic as BasicAuth;
 use Sabre\HTTP\RequestInterface;
@@ -22,7 +21,7 @@ final class FederatedCalendarAuth implements BackendInterface {
 	private readonly string $realm;
 
 	public function __construct(
-		private readonly IDBConnection $db,
+		private readonly SharingMapper $sharingMapper,
 	) {
 		$defaults = new Defaults();
 		$this->realm = $defaults->getName();
@@ -39,32 +38,10 @@ private function validateUserPass(
 		$remoteUserPrincipalUri = RemoteUserPrincipalBackend::PRINCIPAL_PREFIX . "/$username";
 		[, $remoteUserPrincipalId] = \Sabre\Uri\split($remoteUserPrincipalUri);
 
-		$qb = $this->db->getQueryBuilder();
-		$qb->select('c.uri', 'c.principaluri')
-			->from('dav_shares', 'ds')
-			->join('ds', 'calendars', 'c', $qb->expr()->eq(
-				'ds.resourceid',
-				'c.id',
-				IQueryBuilder::PARAM_INT,
-			))
-			->where($qb->expr()->eq(
-				'ds.type',
-				$qb->createNamedParameter('calendar', IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			))
-			->andWhere($qb->expr()->eq(
-				'ds.principaluri',
-				$qb->createNamedParameter($remoteUserPrincipalUri, IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			))
-			->andWhere($qb->expr()->eq(
-				'ds.token',
-				$qb->createNamedParameter($password, IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			));
-		$result = $qb->executeQuery();
-		$rows = $result->fetchAll();
-		$result->closeCursor();
+		$rows = $this->sharingMapper->getSharedCalendarsForRemoteUser(
+			$remoteUserPrincipalUri,
+			$password,
+		);
 
 		// Is the requested calendar actually shared with the remote user?
 		foreach ($rows as $row) {
@@ -87,7 +64,7 @@ public function check(RequestInterface $request, ResponseInterface $response): a
 
 		$auth = new BasicAuth($this->realm, $request, $response);
 		$userpass = $auth->getCredentials();
-		if (!$userpass) {
+		if ($userpass === null || count($userpass) !== 2) {
 			return [false, "No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured"];
 		}
 		$principal = $this->validateUserPass($request->getPath(), $userpass[0], $userpass[1]);

apps/dav/lib/CalDAV/Federation/FederationSharingService.php

@@ -47,11 +47,16 @@ public function __construct(
 	private function decodeRemoteUserPrincipal(string $principal): ?string {
 		// Expected format: principals/remote-users/abcdef123
 		[$prefix, $collection, $encodedId] = explode('/', $principal);
-		if ($prefix !== 'principals' && $collection !== 'remote-users') {
+		if ($prefix !== 'principals' || $collection !== 'remote-users') {
 			return null;
 		}
 
-		return base64_decode($encodedId);
+		$decodedId = base64_decode($encodedId);
+		if (!is_string($decodedId)) {
+			return null;
+		}
+
+		return $decodedId;
 	}
 
 	/**
@@ -67,7 +72,7 @@ public function shareWith(IShareable $shareable, string $principal, int $access)
 
 		// 1. Validate share data
 		$shareWith = $this->decodeRemoteUserPrincipal($principal);
-		if (!$shareWith) {
+		if ($shareWith === null) {
 			$this->logger->error($baseError . 'Principal of sharee is not belonging to a remote user', [
 				'shareable' => $shareable->getName(),
 				'encodedShareWith' => $principal,
@@ -77,7 +82,7 @@ public function shareWith(IShareable $shareable, string $principal, int $access)
 
 		[,, $ownerUid] = explode('/', $shareable->getOwner());
 		$owner = $this->userManager->get($ownerUid);
-		if (!$owner) {
+		if ($owner === null) {
 			$this->logger->error($baseError . 'Shareable is not owned by a user on this server', [
 				'shareable' => $shareable->getName(),
 				'shareWith' => $shareWith,

apps/dav/lib/DAV/Sharing/SharingMapper.php

@@ -173,4 +173,43 @@ public function getPrincipalUrisByPrefix(string $resourceType, string $prefix):
 
 		return $rows;
 	}
+
+	/**
+	 * @psalm-return array{uri: string, principaluri: string}[]
+	 * @throws \OCP\DB\Exception
+	 */
+	public function getSharedCalendarsForRemoteUser(
+		string $remoteUserPrincipalUri,
+		string $token,
+	): array {
+		$qb = $this->db->getQueryBuilder();
+		$qb->select('c.uri', 'c.principaluri')
+			->from('dav_shares', 'ds')
+			->join('ds', 'calendars', 'c', $qb->expr()->eq(
+				'ds.resourceid',
+				'c.id',
+				IQueryBuilder::PARAM_INT,
+			))
+			->where($qb->expr()->eq(
+				'ds.type',
+				$qb->createNamedParameter('calendar', IQueryBuilder::PARAM_STR),
+				IQueryBuilder::PARAM_STR,
+			))
+			->andWhere($qb->expr()->eq(
+				'ds.principaluri',
+				$qb->createNamedParameter($remoteUserPrincipalUri, IQueryBuilder::PARAM_STR),
+				IQueryBuilder::PARAM_STR,
+			))
+			->andWhere($qb->expr()->eq(
+				'ds.token',
+				$qb->createNamedParameter($token, IQueryBuilder::PARAM_STR),
+				IQueryBuilder::PARAM_STR,
+			));
+		$result = $qb->executeQuery();
+		$rows = $result->fetchAll();
+		$result->closeCursor();
+
+		return $rows;
+	}
+
 }

apps/dav/tests/unit/CalDAV/Federation/CalendarFederationConfigTest.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\DAV\Tests\unit\CalDAV\Federation;
+
+use OCA\DAV\CalDAV\Federation\CalendarFederationConfig;
+use OCP\AppFramework\Services\IAppConfig;
+use PHPUnit\Framework\Attributes\DataProvider;
+use PHPUnit\Framework\MockObject\MockObject;
+use Test\TestCase;
+
+class CalendarFederationConfigTest extends TestCase {
+	private CalendarFederationConfig $config;
+
+	private IAppConfig&MockObject $appConfig;
+
+	protected function setUp(): void {
+		parent::setUp();
+
+		$this->appConfig = $this->createMock(IAppConfig::class);
+
+		$this->config = new CalendarFederationConfig(
+			$this->appConfig,
+		);
+	}
+
+	public static function provideIsFederationEnabledData(): array {
+		return [
+			[true],
+			[false],
+		];
+	}
+
+	#[DataProvider('provideIsFederationEnabledData')]
+	public function testIsFederationEnabled(bool $configValue): void {
+		$this->appConfig->expects(self::once())
+			->method('getAppValueBool')
+			->with('enableCalendarFederation', true)
+			->willReturn($configValue);
+
+		$this->assertEquals($configValue, $this->config->isFederationEnabled());
+	}
+}