From 455231a6d140f0f2ba0d6794fa3b333c7b9b1a7d Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 22 Mar 2024 14:31:07 +0100
Subject: [PATCH] fix(federation): Change the Talk-Hash header when overwriting
 capabilities

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/Controller/RoomController.php                  |  7 +++++++
 .../Proxy/TalkV1/Controller/RoomController.php     |  4 ++--
 lib/Federation/Proxy/TalkV1/ProxyRequest.php       | 14 ++++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php
index 8882376d26f..ee7fbd14df9 100644
--- a/lib/Controller/RoomController.php
+++ b/lib/Controller/RoomController.php
@@ -40,6 +40,7 @@
 use OCA\Talk\Exceptions\UnauthorizedException;
 use OCA\Talk\Federation\Authenticator;
 use OCA\Talk\Federation\FederationManager;
+use OCA\Talk\Federation\Proxy\TalkV1\ProxyRequest;
 use OCA\Talk\GuestManager;
 use OCA\Talk\Manager;
 use OCA\Talk\MatterbridgeManager;
@@ -2259,6 +2260,12 @@ public function getCapabilities(): DataResponse {
 			/** @var TalkCapabilities|array<empty> $data */
 			$data = $response->getData();
 
+			/**
+			 * IMPORTANT:
+			 * When adding, changing or removing anything here, update
+			 * @see ProxyRequest::overwrittenRemoteTalkHash()
+			 * so clients correctly refresh their capabilities.
+			 */
 			if (isset($data['config']['chat']['read-privacy'])) {
 				$data['config']['chat']['read-privacy'] = Participant::PRIVACY_PRIVATE;
 			}
diff --git a/lib/Federation/Proxy/TalkV1/Controller/RoomController.php b/lib/Federation/Proxy/TalkV1/Controller/RoomController.php
index b28efd8b432..e7a45195d76 100644
--- a/lib/Federation/Proxy/TalkV1/Controller/RoomController.php
+++ b/lib/Federation/Proxy/TalkV1/Controller/RoomController.php
@@ -99,7 +99,7 @@ public function joinFederatedRoom(Room $room, Participant $participant): DataRes
 			throw new CannotReachRemoteException();
 		}
 
-		$headers = ['X-Nextcloud-Talk-Proxy-Hash' => $proxy->getHeader('X-Nextcloud-Talk-Hash')];
+		$headers = ['X-Nextcloud-Talk-Proxy-Hash' => $this->proxy->overwrittenRemoteTalkHash($proxy->getHeader('X-Nextcloud-Talk-Hash'))];
 
 		return new DataResponse([], $statusCode, $headers);
 	}
@@ -123,7 +123,7 @@ public function getCapabilities(Room $room, Participant $participant): DataRespo
 		$data = $this->proxy->getOCSData($proxy);
 
 		$headers = [
-			'X-Nextcloud-Talk-Hash' => $proxy->getHeader('X-Nextcloud-Talk-Hash'),
+			'X-Nextcloud-Talk-Hash' => $this->proxy->overwrittenRemoteTalkHash($proxy->getHeader('X-Nextcloud-Talk-Hash')),
 		];
 
 		return new DataResponse($data, Http::STATUS_OK, $headers);
diff --git a/lib/Federation/Proxy/TalkV1/ProxyRequest.php b/lib/Federation/Proxy/TalkV1/ProxyRequest.php
index ca21dabea7a..82ad391f9e5 100644
--- a/lib/Federation/Proxy/TalkV1/ProxyRequest.php
+++ b/lib/Federation/Proxy/TalkV1/ProxyRequest.php
@@ -50,6 +50,20 @@ public function __construct(
 	) {
 	}
 
+	public function overwrittenRemoteTalkHash(string $hash): string {
+		return sha1(json_encode([
+			'remoteHash' => $hash,
+			'manipulated' => [
+				'config' => [
+					'chat' => [
+						'read-privacy',
+						'typing-privacy',
+					],
+				],
+			]
+		]));
+	}
+
 	/**
 	 * @return Http::STATUS_BAD_REQUEST
 	 */