From 7496bf3461a382c9a93d876b894448b7c4cd28cb Mon Sep 17 00:00:00 2001
From: Carl Schwan <carl@carlschwan.eu>
Date: Tue, 8 Mar 2022 13:49:08 +0100
Subject: [PATCH] Require the secret config to be configured

If it's not configured the instance will look like it is working but
various features will silently break (end to end encryption, setting
alternate email and probably more).

One issue is that changing the secret from empty to something will
break various other stuff (app token). I don't think there is a good way
to solve this issue other than breaking early instead of having to
handle a painful migration later on.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
---
 .github/workflows/s3-external.yml | 2 +-
 lib/private/legacy/OC_Util.php    | 7 +++++++
 tests/travis/install.sh           | 4 ++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/s3-external.yml b/.github/workflows/s3-external.yml
index dedab6b0c16fb..a1d4dcbda22d4 100644
--- a/.github/workflows/s3-external.yml
+++ b/.github/workflows/s3-external.yml
@@ -55,7 +55,7 @@ jobs:
           php -S localhost:8080 &
       - name: PHPUnit
         run: |
-          echo "<?php return ['run' => true,'hostname' => 'localhost','key' => 'minio','secret' => 'minio123', 'bucket' => 'bucket', 'port' => 9000, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/${{ env.APP_NAME }}/tests/config.amazons3.php
+          echo "<?php return ['run' => true, 'secret' => 'actually-not-secret', 'hostname' => 'localhost','key' => 'minio','secret' => 'minio123', 'bucket' => 'bucket', 'port' => 9000, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/${{ env.APP_NAME }}/tests/config.amazons3.php
           phpunit --configuration tests/phpunit-autotest-external.xml apps/files_external/tests/Storage/Amazons3Test.php
           phpunit --configuration tests/phpunit-autotest-external.xml apps/files_external/tests/Storage/VersionedAmazonS3Test.php
       - name: S3 logs
diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php
index 9110678537f07..5441d3a2864ed 100644
--- a/lib/private/legacy/OC_Util.php
+++ b/lib/private/legacy/OC_Util.php
@@ -969,6 +969,13 @@ public static function checkServer(\OC\SystemConfig $config) {
 			];
 		}
 
+		if ($config->getValue('secret', '') === '' && !\OC::$CLI) {
+			$errors[] = [
+				'error' => $l->t('The required \'secret\' config variable is not configued in the config.php file.'),
+				'hint' => $l->t('Please ask your server administrator to check the Nextcloud configuration.')
+			];
+		}
+
 		$errors = array_merge($errors, self::checkDatabaseVersion());
 
 		// Cache the result of this function
diff --git a/tests/travis/install.sh b/tests/travis/install.sh
index 180e0c634da4f..c0c850fe56938 100755
--- a/tests/travis/install.sh
+++ b/tests/travis/install.sh
@@ -44,6 +44,7 @@ echo "Using database $DATABASENAME"
 cat > ./tests/autoconfig-sqlite.php <<DELIM
 <?php
 \$AUTOCONFIG = array (
+  'secret' => 'actually-not-secret',
   'installed' => false,
   'dbtype' => 'sqlite',
   'dbtableprefix' => 'oc_',
@@ -56,6 +57,7 @@ DELIM
 cat > ./tests/autoconfig-mysql.php <<DELIM
 <?php
 \$AUTOCONFIG = array (
+  'secret' => 'actually-not-secret',
   'installed' => false,
   'dbtype' => 'mysql',
   'dbtableprefix' => 'oc_',
@@ -72,6 +74,7 @@ DELIM
 cat > ./tests/autoconfig-pgsql.php <<DELIM
 <?php
 \$AUTOCONFIG = array (
+  'secret' => 'actually-not-secret',
   'installed' => false,
   'dbtype' => 'pgsql',
   'dbtableprefix' => 'oc_',
@@ -88,6 +91,7 @@ DELIM
 cat > ./tests/autoconfig-oracle.php <<DELIM
 <?php
 \$AUTOCONFIG = array (
+  'secret' => 'actually-not-secret',
   'installed' => false,
   'dbtype' => 'oci',
   'dbtableprefix' => 'oc_',