CRM-16760 - Remove CIVICRM_CXN_APPS_VERIFY constraint

diff --git a/CRM/Cxn/BAO/Cxn.php b/CRM/Cxn/BAO/Cxn.php
index 4e8a690f6d32795fb6fbc83f1825648e0f132a0c..83267fbe1f9e891f6b7f9ceace408e2adec7be1d 100644 (file)
--- a/CRM/Cxn/BAO/Cxn.php
+++ b/CRM/Cxn/BAO/Cxn.php
@@ -134,25 +134,6 @@ class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn {
     return $content;
   }
 
-  /**
-   * Determine if this site's security policy allows connecting
-   * to apps based on untrusted metadata.
-   *
-   * @return bool
-   *   TRUE if application metadata must be verified.
-   */
-  public static function isAppMetaVerified() {
-    if (defined('CIVICRM_CXN_APPS_VERIFY')) {
-      return CIVICRM_CXN_APPS_VERIFY;
-    }
-    elseif (!defined('CIVICRM_CXN_CA')) {
-      return TRUE;
-    }
-    else {
-      return !in_array(CIVICRM_CXN_CA, array('CiviTestRootCA', 'none'));
-    }
-  }
-
   /**
    * Construct a client for performing registration actions.
    *

diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php
index f0dd733adf0dac199f36ead287f0fddb74f0ebaf..0ef911f4aed9b896fcdbb2f66799e9a46f9b30d6 100644 (file)
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -252,9 +252,6 @@ class CRM_Utils_Check_Security {
     if (defined('CIVICRM_CXN_CA') && CIVICRM_CXN_CA !== 'CiviRootCA') {
       $list[] = 'CIVICRM_CXN_CA';
     }
-    if (defined('CIVICRM_CXN_APPS_VERIFY') && !CIVICRM_CXN_APPS_VERIFY) {
-      $list[] = 'CIVICRM_CXN_APPS_VERIFY';
-    }
     if (defined('CIVICRM_CXN_APPS_URL') && CIVICRM_CXN_APPS_URL !== \Civi\Cxn\Rpc\Constants::OFFICIAL_APPMETAS_URL) {
       $list[] = 'CIVICRM_CXN_APPS_URL';
     }

diff --git a/api/v3/Cxn.php b/api/v3/Cxn.php
index 7283fe742925c2c2ae0d818063b34b956738777f..cf1a1710f20c7f03557903260d8da970ec3f5643 100644 (file)
--- a/api/v3/Cxn.php
+++ b/api/v3/Cxn.php
@@ -43,17 +43,14 @@
 function _civicrm_api3_cxn_register_spec(&$spec) {
   $daoFields = CRM_Cxn_DAO_Cxn::fields();
   $spec['app_guid'] = $daoFields['app_guid'];
-
-  if (!CRM_Cxn_BAO_Cxn::isAppMetaVerified()) {
-    $spec['app_meta_url'] = array(
-      'name' => 'app_meta_url',
-      'type' => CRM_Utils_Type::T_STRING,
-      'title' => ts('Application Metadata URL'),
-      'description' => 'Application Metadata URL',
-      'maxlength' => 255,
-      'size' => CRM_Utils_Type::HUGE,
-    );
-  }
+  $spec['app_meta_url'] = array(
+    'name' => 'app_meta_url',
+    'type' => CRM_Utils_Type::T_STRING,
+    'title' => ts('Application Metadata URL'),
+    'description' => 'Application Metadata URL',
+    'maxlength' => 255,
+    'size' => CRM_Utils_Type::HUGE,
+  );
 }
 
 /**
@@ -72,21 +69,13 @@ function _civicrm_api3_cxn_register_spec(&$spec) {
  */
 function civicrm_api3_cxn_register($params) {
   if (!empty($params['app_meta_url'])) {
-    if (!CRM_Cxn_BAO_Cxn::isAppMetaVerified()) {
-      list ($status, $json) = CRM_Utils_HttpClient::singleton()->get($params['app_meta_url']);
-      if (CRM_Utils_HttpClient::STATUS_OK != $status) {
-        throw new API_Exception("Failed to download appMeta. (Bad HTTP response)");
-      }
-      $appMeta = json_decode($json, TRUE);
-      if (empty($appMeta)) {
-        throw new API_Exception("Failed to download appMeta. (Malformed)");
-      }
+    list ($status, $json) = CRM_Utils_HttpClient::singleton()->get($params['app_meta_url']);
+    if (CRM_Utils_HttpClient::STATUS_OK != $status) {
+      throw new API_Exception("Failed to download appMeta. (Bad HTTP response)");
     }
-    else {
-      // Note: The metadata includes a cert, but the details aren't signed.
-      // This is very useful in testing/development. In ordinary usage, we
-      // rely on civicrm.org to sign the metadata for all apps en masse.
-      throw new API_Exception('This site is configured to only connect to applications with verified metadata.');
+    $appMeta = json_decode($json, TRUE);
+    if (empty($appMeta)) {
+      throw new API_Exception("Failed to download appMeta. (Malformed)");
     }
   }
   elseif (!empty($params['app_guid'])) {