From 08c7957472ea369bbbfe7f5a90ded384350bf895 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Fri, 3 Jul 2015 15:28:30 -0700 Subject: [PATCH] CRM-16760 - Remove CIVICRM_CXN_APPS_VERIFY constraint --- CRM/Cxn/BAO/Cxn.php | 19 ------------------ CRM/Utils/Check/Security.php | 3 --- api/v3/Cxn.php | 39 +++++++++++++----------------------- 3 files changed, 14 insertions(+), 47 deletions(-) diff --git a/CRM/Cxn/BAO/Cxn.php b/CRM/Cxn/BAO/Cxn.php index 4e8a690f6d..83267fbe1f 100644 --- a/CRM/Cxn/BAO/Cxn.php +++ b/CRM/Cxn/BAO/Cxn.php @@ -134,25 +134,6 @@ class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn { return $content; } - /** - * Determine if this site's security policy allows connecting - * to apps based on untrusted metadata. - * - * @return bool - * TRUE if application metadata must be verified. - */ - public static function isAppMetaVerified() { - if (defined('CIVICRM_CXN_APPS_VERIFY')) { - return CIVICRM_CXN_APPS_VERIFY; - } - elseif (!defined('CIVICRM_CXN_CA')) { - return TRUE; - } - else { - return !in_array(CIVICRM_CXN_CA, array('CiviTestRootCA', 'none')); - } - } - /** * Construct a client for performing registration actions. * diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php index f0dd733adf..0ef911f4ae 100644 --- a/CRM/Utils/Check/Security.php +++ b/CRM/Utils/Check/Security.php @@ -252,9 +252,6 @@ class CRM_Utils_Check_Security { if (defined('CIVICRM_CXN_CA') && CIVICRM_CXN_CA !== 'CiviRootCA') { $list[] = 'CIVICRM_CXN_CA'; } - if (defined('CIVICRM_CXN_APPS_VERIFY') && !CIVICRM_CXN_APPS_VERIFY) { - $list[] = 'CIVICRM_CXN_APPS_VERIFY'; - } if (defined('CIVICRM_CXN_APPS_URL') && CIVICRM_CXN_APPS_URL !== \Civi\Cxn\Rpc\Constants::OFFICIAL_APPMETAS_URL) { $list[] = 'CIVICRM_CXN_APPS_URL'; } diff --git a/api/v3/Cxn.php b/api/v3/Cxn.php index 7283fe7429..cf1a1710f2 100644 --- a/api/v3/Cxn.php +++ b/api/v3/Cxn.php @@ -43,17 +43,14 @@ function _civicrm_api3_cxn_register_spec(&$spec) { $daoFields = CRM_Cxn_DAO_Cxn::fields(); $spec['app_guid'] = $daoFields['app_guid']; - - if (!CRM_Cxn_BAO_Cxn::isAppMetaVerified()) { - $spec['app_meta_url'] = array( - 'name' => 'app_meta_url', - 'type' => CRM_Utils_Type::T_STRING, - 'title' => ts('Application Metadata URL'), - 'description' => 'Application Metadata URL', - 'maxlength' => 255, - 'size' => CRM_Utils_Type::HUGE, - ); - } + $spec['app_meta_url'] = array( + 'name' => 'app_meta_url', + 'type' => CRM_Utils_Type::T_STRING, + 'title' => ts('Application Metadata URL'), + 'description' => 'Application Metadata URL', + 'maxlength' => 255, + 'size' => CRM_Utils_Type::HUGE, + ); } /** @@ -72,21 +69,13 @@ function _civicrm_api3_cxn_register_spec(&$spec) { */ function civicrm_api3_cxn_register($params) { if (!empty($params['app_meta_url'])) { - if (!CRM_Cxn_BAO_Cxn::isAppMetaVerified()) { - list ($status, $json) = CRM_Utils_HttpClient::singleton()->get($params['app_meta_url']); - if (CRM_Utils_HttpClient::STATUS_OK != $status) { - throw new API_Exception("Failed to download appMeta. (Bad HTTP response)"); - } - $appMeta = json_decode($json, TRUE); - if (empty($appMeta)) { - throw new API_Exception("Failed to download appMeta. (Malformed)"); - } + list ($status, $json) = CRM_Utils_HttpClient::singleton()->get($params['app_meta_url']); + if (CRM_Utils_HttpClient::STATUS_OK != $status) { + throw new API_Exception("Failed to download appMeta. (Bad HTTP response)"); } - else { - // Note: The metadata includes a cert, but the details aren't signed. - // This is very useful in testing/development. In ordinary usage, we - // rely on civicrm.org to sign the metadata for all apps en masse. - throw new API_Exception('This site is configured to only connect to applications with verified metadata.'); + $appMeta = json_decode($json, TRUE); + if (empty($appMeta)) { + throw new API_Exception("Failed to download appMeta. (Malformed)"); } } elseif (!empty($params['app_guid'])) { -- 2.25.1