From 48c807e667d28dfde56bce815be5489872d616d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Thu, 5 Sep 2024 11:54:45 +0200
Subject: [PATCH] fix(setupchecks): Test overwrite.cli url first, then
 generated one, and
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

 trusted domains as last fallback.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 .../SetupChecks/CheckServerResponseTrait.php  | 46 ++++++++++++-------
 1 file changed, 30 insertions(+), 16 deletions(-)

diff --git a/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php b/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php
index aed81a41ce523..a62fe23636958 100644
--- a/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php
+++ b/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php
@@ -52,36 +52,49 @@ protected function serverConfigHelp(): string {
 
 	/**
 	 * Get all possible URLs that need to be checked for a local request test.
+	 * This takes all `trusted_domains` and the CLI overwrite URL into account.
 	 *
-	 * @param string $url The relative URL to test
+	 * @param string $url The relative URL to test starting with a /
 	 * @return string[] List of possible absolute URLs
 	 */
 	protected function getTestUrls(string $url, bool $removeWebroot): array {
 		$testUrls = [];
 
-		$webroot = $this->urlGenerator->getWebroot();
+		$webroot = rtrim($this->urlGenerator->getWebroot(), '/');
 
-		$baseUrl = $this->normalizeUrl(
-			$this->urlGenerator->getBaseUrl(),
-			$webroot,
-			$removeWebroot
-		);
+		/* Try overwrite.cli.url first, it’s supposed to be how the server contacts itself */
+		$cliUrl = $this->config->getSystemValueString('overwrite.cli.url', '');
 
-		$testUrls[] = $baseUrl . $url;
+		if ($cliUrl !== '') {
+			$cliUrl = $this->normalizeUrl(
+				$cliUrl,
+				$webroot,
+				$removeWebroot
+			);
 
-		$cliUrl = $this->config->getSystemValueString('overwrite.cli.url', '');
-		if ($cliUrl === '') {
-			return $testUrls;
+			$testUrls[] = $cliUrl . $url;
 		}
 
-		$cliUrl = $this->normalizeUrl(
-			$cliUrl,
+		/* Try URL generator second */
+		$baseUrl = $this->normalizeUrl(
+			$this->urlGenerator->getBaseUrl(),
 			$webroot,
 			$removeWebroot
 		);
 
-		if ($cliUrl !== $baseUrl) {
-			$testUrls[] = $cliUrl . $url;
+		if ($baseUrl !== $cliUrl) {
+			$testUrls[] = $baseUrl . $url;
+		}
+
+		/* Last resort: trusted domains */
+		$hosts = $this->config->getSystemValue('trusted_domains', []);
+		foreach ($hosts as $host) {
+			if (str_contains($host, '*')) {
+				/* Ignore domains with a wildcard */
+				continue;
+			}
+			$hosts[] = 'https://' . $host . $url;
+			$hosts[] = 'http://' . $host . $url;
 		}
 
 		return $testUrls;
@@ -91,7 +104,8 @@ protected function getTestUrls(string $url, bool $removeWebroot): array {
 	 * Strip a trailing slash and remove the webroot if requested.
 	 */
 	protected function normalizeUrl(string $url, string $webroot, bool $removeWebroot): string {
-		if ($removeWebroot && str_contains($url, $webroot)) {
+		$url = rtrim($url, '/');
+		if ($removeWebroot && str_ends_with($url, $webroot)) {
 			$url = substr($url, -strlen($webroot));
 		}
 		return rtrim($url, '/');