From 252b3f4ce830ac6344911c19923c71913aedb095 Mon Sep 17 00:00:00 2001
From: Anna Larch <anna@nextcloud.com>
Date: Fri, 5 May 2023 12:21:07 +0200
Subject: [PATCH] fixup! feat(dav): Add and filter locally scoped properties
 for federated address book sync

---
 apps/dav/lib/CardDAV/SystemAddressbook.php | 94 +++++++---------------
 1 file changed, 31 insertions(+), 63 deletions(-)

diff --git a/apps/dav/lib/CardDAV/SystemAddressbook.php b/apps/dav/lib/CardDAV/SystemAddressbook.php
index d3c6073358f65..2c89939dcd511 100644
--- a/apps/dav/lib/CardDAV/SystemAddressbook.php
+++ b/apps/dav/lib/CardDAV/SystemAddressbook.php
@@ -70,27 +70,7 @@ public function getChildren(): array {
 	 * @return Card[]
 	 */
 	public function getMultipleChildren($paths): array {
-		if ($this->trustedServers === null || $this->request === null) {
-			return parent::getMultipleChildren($paths);
-		}
-
-		/** @psalm-suppress NoInterfaceProperties */
-		if ($this->request->server['PHP_AUTH_USER'] !== 'system') {
-			return parent::getMultipleChildren($paths);
-		}
-
-		/** @psalm-suppress NoInterfaceProperties */
-		$sharedSecret = $this->request->server['PHP_AUTH_PW'];
-		if ($sharedSecret === null) {
-			return parent::getMultipleChildren($paths);
-		}
-
-		$servers = $this->trustedServers->getServers();
-		$trusted = array_filter($servers, function ($trustedServer) use ($sharedSecret) {
-			return $trustedServer['shared_secret'] === $sharedSecret;
-		});
-		// Authentication is fine, but it's not for a federated share
-		if (empty($trusted)) {
+		if (!$this->isFederation()) {
 			return parent::getMultipleChildren($paths);
 		}
 
@@ -130,27 +110,7 @@ public function getMultipleChildren($paths): array {
 	 * @throws Forbidden
 	 */
 	public function getChild($name): Card {
-		if ($this->trustedServers === null || $this->request === null) {
-			return parent::getChild($name);
-		}
-
-		/** @psalm-suppress NoInterfaceProperties */
-		if ($this->request->server['PHP_AUTH_USER'] !== 'system') {
-			return parent::getChild($name);
-		}
-
-		/** @psalm-suppress NoInterfaceProperties */
-		$sharedSecret = $this->request->server['PHP_AUTH_PW'];
-		if ($sharedSecret === null) {
-			return parent::getChild($name);
-		}
-
-		$servers = $this->trustedServers->getServers();
-		$trusted = array_filter($servers, function ($trustedServer) use ($sharedSecret) {
-			return $trustedServer['shared_secret'] === $sharedSecret;
-		});
-		// Authentication is fine, but it's not for a federated share
-		if (empty($trusted)) {
+		if (!$this->isFederation()) {
 			return parent::getChild($name);
 		}
 
@@ -197,27 +157,7 @@ public function getChanges($syncToken, $syncLevel, $limit = null): ?array {
 			return null;
 		}
 
-		if ($this->trustedServers === null || $this->request === null) {
-			return parent::getChanges($syncToken, $syncLevel, $limit);
-		}
-
-		/** @psalm-suppress NoInterfaceProperties */
-		if ($this->request->server['PHP_AUTH_USER'] !== 'system') {
-			return parent::getChanges($syncToken, $syncLevel, $limit);
-		}
-
-		/** @psalm-suppress NoInterfaceProperties */
-		$sharedSecret = $this->request->server['PHP_AUTH_PW'];
-		if ($sharedSecret === null) {
-			return parent::getChanges($syncToken, $syncLevel, $limit);
-		}
-
-		$servers = $this->trustedServers->getServers();
-		$trusted = array_filter($servers, function ($trustedServer) use ($sharedSecret) {
-			return $trustedServer['shared_secret'] === $sharedSecret;
-		});
-		// Authentication is fine, but it's not for a federated share
-		if (empty($trusted)) {
+		if (!$this->isFederation()) {
 			return parent::getChanges($syncToken, $syncLevel, $limit);
 		}
 
@@ -254,4 +194,32 @@ public function getChanges($syncToken, $syncLevel, $limit = null): ?array {
 		$changed['deleted'] = $deleted;
 		return $changed;
 	}
+
+	private function isFederation(): bool {
+		if ($this->trustedServers === null || $this->request === null) {
+			return false;
+		}
+
+		/** @psalm-suppress NoInterfaceProperties */
+		if ($this->request->server['PHP_AUTH_USER'] !== 'system') {
+			return false;
+		}
+
+		/** @psalm-suppress NoInterfaceProperties */
+		$sharedSecret = $this->request->server['PHP_AUTH_PW'];
+		if ($sharedSecret === null) {
+			return false;
+		}
+
+		$servers = $this->trustedServers->getServers();
+		$trusted = array_filter($servers, function ($trustedServer) use ($sharedSecret) {
+			return $trustedServer['shared_secret'] === $sharedSecret;
+		});
+		// Authentication is fine, but it's not for a federated share
+		if (empty($trusted)) {
+			return false;
+		}
+
+		return true;
+	}
 }