Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP / Discussion] Add guzzle for proper proxy and SSL support #14913

Closed
wants to merge 1 commit into from
Closed

[WIP / Discussion] Add guzzle for proper proxy and SSL support #14913

wants to merge 1 commit into from

Conversation

LukasReschke
Copy link
Member

This adds a wrapper around Guzzle to allow developers to perform HTTP requests using a somewhat saner API. Without this SSL and proxy support is basically broken in ownCloud as stated in #14913 (comment)

Todo

  • Get rid of private API
  • Deprecate HTTPHelper
  • Implement SSL in such a way that it actually works……
  • Follow proxy configured in config.php
  • Determine how to replace a users' custom trusted root certificate list
  • Fix unit tests after we agreed on an API design
  • Ensure that S2S still works properly

Requires owncloud-archive/3rdparty#167

Fixes #9054, #14963, #14840 and a lot of other issues

cc @bantu @nickvergessen @DeepDiver1975

@LukasReschke LukasReschke mentioned this pull request Mar 16, 2015
Closed
@LukasReschke
Copy link
Member Author

Especially a review from an API PoV would be welcome – any feedback welcome 😄

nickvergessen
nickvergessen reviewed Mar 16, 2015
View reviewed changes
lib/private/ocsclient.php

if ($xml == false) {
if($response->getStatusCode() !== (int)200) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(int)200 ? 👻

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. Let me cast the status code at our wrapper level 🙈

nickvergessen
nickvergessen reviewed Mar 16, 2015
View reviewed changes
lib/public/http/client/iresponse.php
*/
interface IResponse {
/**
* @return \OC\Http\Client\StreamInterface
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OCP?

@LukasReschke LukasReschke changed the title Add guzzle [WIP / Discussion] Add guzzle Mar 16, 2015
@DeepDiver1975
Copy link
Member 

00:01:19.649 PHP Warning:  require(/var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/3rdparty/react/promise/src/functions_include.php): failed to open stream: No such file or directory in /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/3rdparty/composer/autoload_real.php on line 58
00:01:19.649 PHP Stack trace:
00:01:19.649 PHP   1. {main}() /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/occ:0
00:01:19.649 PHP   2. require_once() /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/occ:11
00:01:19.649 PHP   3. require_once() /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/console.php:14
00:01:19.649 PHP   4. OC::init() /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/lib/base.php:1031
00:01:19.649 PHP   5. require_once() /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/lib/base.php:473
00:01:19.649 PHP   6. ComposerAutoloaderInit45518c348c80881aa936caecc452b13e::getLoader() /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/3rdparty/autoload.php:7
00:01:19.649 PHP   7. composerRequire45518c348c80881aa936caecc452b13e() /var/jenkins/workspace/pull-request-analyser-ng-simple/label/SLAVE/3rdparty/composer/autoload_real.php:49

@LukasReschke
Copy link
Member Author

Yes. Jenkins is too stupid again for that 3rdparty repo. Great fun. Let's create again another PR in 3rdparty for that 😠

@LukasReschke
Copy link
Member Author

Did some rebasing on this PR and the 3rdparty one… Hopefully that is enough for Jenkins.

@LukasReschke
Copy link
Member Author

Apparently not……

@LukasReschke LukasReschke mentioned this pull request Mar 16, 2015
Merged
@ghost
Copy link

ghost commented Mar 16, 2015

Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng-simple/10487/
Test PASSed.

@LukasReschke LukasReschke mentioned this pull request Mar 17, 2015
Closed
@LukasReschke
Copy link
Member Author

I went digging further and discovered:

  1. ownCloud currently implements proxy handling completely wrong and inconsistent.
  2. The SSL verification implemented by ownCloud is also completely wrong and TOTALLY broken

Thus I extended this PR and added proper proxy handling as well as SSL and certificate handling. Also ownCloud will now ship a list of root certificates to finally get rid of bug reports by those annoying users and enterprise distributions using 10 year old stuff (because the older the more secure!).
Regardless of that: The current approach will append the default root certificates to the users custom rootcerts.crt, however, after an update the shipped bundle can change. How can we regenerate this bundle for every user the easiest? – IMHO a "loop over all directories in data and regenerate the certificates if there is a folder files_external would be the easiest approach.

Basically this means that if we merge this ownCloud 8.1 will be the first release that properly handles proxies and SSL………

cc @icewind1991 For input
@DeepDiver1975 FYI

@LukasReschke
Copy link
Member Author

That said I'd really LOVE to have this in 8.1 before we have to wait yet again 4 months to have proper SSL and proxy support… Pretty annoying and would solve a lot of problems reported by users and customers…

@LukasReschke
Copy link
Member Author

For discussion regarding API design:

@MorrisJobke @DeepDiver1975 @PVince81 @th3fallen @Raydiation @icewind1991 @karlitschek @nickvergessen @bantu

@LukasReschke LukasReschke added this to the 8.1-current milestone Mar 17, 2015
@LukasReschke LukasReschke changed the title [WIP / Discussion] Add guzzle [WIP / Discussion] Add guzzle for proper proxy and SSL support Mar 17, 2015
@LukasReschke LukasReschke changed the title [WIP / Discussion] Add guzzle for proper proxy and SSL support [WIP / Discussion] Add guzzle for proper proxy and SSL support Mar 17, 2015
@LukasReschke
Copy link
Member Author

Will fix the failing tests (basically adjusting the constructor in the tests etc…) once we have agreed on an API design.

@LukasReschke LukasReschke mentioned this pull request Mar 17, 2015
Closed
@th3fallen
Copy link
Contributor

🙌 Guzzle ftw

nickvergessen
nickvergessen reviewed Mar 18, 2015
View reviewed changes
lib/private/server.php
@@ -651,7 +661,7 @@ function getDb() {

/**
* Returns an instance of the HTTP helper class
*
* @deprecated Use \OCP\Http\Client\IClientService
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Use getHTTPClientService()"

@nickvergessen
Copy link
Contributor

Well I guess it makes sense like that

@nickvergessen
Copy link
Contributor

Needs rebase

@LukasReschke LukasReschke force-pushed the add-guzzle branch 2 times, most recently from 162f9e4 to a2cc98a Compare March 23, 2015 14:55
@LukasReschke
Copy link
Member Author

@owncloud-bot Retest this please.

@LukasReschke LukasReschke deleted the add-guzzle branch March 25, 2015 15:30
@LukasReschke LukasReschke mentioned this pull request Mar 25, 2015
Merged
7 tasks
@scrutinizer-notifier
Copy link

The inspection completed: 20 new issues, 43 updated code elements

@MorrisJobke MorrisJobke removed this from the 8.1-current milestone Mar 25, 2015
@LukasReschke LukasReschke mentioned this pull request Apr 7, 2015
Closed
@oparoz oparoz mentioned this pull request Apr 17, 2015
Closed
@LukasReschke LukasReschke mentioned this pull request Aug 16, 2015
Closed
@lock lock bot locked as resolved and limited conversation to collaborators Aug 13, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
2 - Developing discussion enhancement security technical debt Type:Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve HTTPS cert validation for appstore
6 participants
@LukasReschke @DeepDiver1975 @th3fallen @nickvergessen @scrutinizer-notifier @MorrisJobke