From eaf87731b3717ebdae2b8fb63863334f9e55d3e9 Mon Sep 17 00:00:00 2001 From: Elizabeth Danzberger Date: Fri, 26 Jun 2026 14:16:49 -0400 Subject: [PATCH 1/3] fix(ci): disable OCM signed requests for federated share tests The federated editing Cypress tests were failing because self-federated OCM share notifications were being rejected due to RFC 9421 signature verification failures. The CI server runs over plain HTTP, but OCMSignatoryManager::fetchJwks() hardcodes https:// for JWKS URLs, causing the fetch to fail. This results in confirmSignedOrigin() throwing "instance is supposed to sign its request" and returning HTTP 400, so the pending share is never created for the recipient and document.odt never appears in the files list. Set ocm_signed_request_disabled=true to bypass the signing requirement in the HTTP test environment, where inter-server TLS is unavailable. Also add an early assertion in shareFileToRemoteUser() so any future federation setup failures produce a clear Cypress error rather than silently cascading into a timeout on cy.openFile(). Assisted-by: ClaudeCode:claude-sonnet-4-6 Signed-off-by: Elizabeth Danzberger --- .github/workflows/cypress-e2e.yml | 1 + cypress/support/commands.js | 2 ++ 2 files changed, 3 insertions(+) diff --git a/.github/workflows/cypress-e2e.yml b/.github/workflows/cypress-e2e.yml index 06ec7f2cbf..c3e4961433 100644 --- a/.github/workflows/cypress-e2e.yml +++ b/.github/workflows/cypress-e2e.yml @@ -154,6 +154,7 @@ jobs: php occ config:app:set richdocuments wopi_url --value="http://localhost:9980" php occ config:app:set richdocuments public_wopi_url --value="http://localhost:9980" php occ config:system:set allow_local_remote_servers --value true --type bool + php occ config:app:set core ocm_signed_request_disabled --value true --type bool php occ richdocuments:activate-config curl http://admin:admin@localhost:8081/ocs/v1.php/cloud/capabilities\?format\=json -H 'OCS-APIRequest: true' diff --git a/cypress/support/commands.js b/cypress/support/commands.js index 4b63ef9f6a..73a92ced90 100644 --- a/cypress/support/commands.js +++ b/cypress/support/commands.js @@ -145,6 +145,8 @@ Cypress.Commands.add('shareFileToRemoteUser', (user, path, targetUser, shareData url: `${url}/ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending?format=json`, }) }).then(({ body }) => { + cy.wrap(body.ocs.data).should('have.length.greaterThan', 0, + 'No pending federated shares found for recipient — federation setup likely failed') for (const index in body.ocs.data) { cy.ocsRequest(targetUser, { method: 'POST', From 221011c7c54e6a11e49529bcc6b1cd4993a1d281 Mon Sep 17 00:00:00 2001 From: Elizabeth Danzberger Date: Fri, 26 Jun 2026 15:01:33 -0400 Subject: [PATCH 2/3] fix(ci): correct occ config:app:set syntax for ocm_signed_request_disabled config:app:set does not accept --type bool; pass --value="true" instead, which getValueBool() resolves correctly. Assisted-by: ClaudeCode:claude-sonnet-4-6 Signed-off-by: Elizabeth Danzberger --- .github/workflows/cypress-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cypress-e2e.yml b/.github/workflows/cypress-e2e.yml index c3e4961433..7708d03a43 100644 --- a/.github/workflows/cypress-e2e.yml +++ b/.github/workflows/cypress-e2e.yml @@ -154,7 +154,7 @@ jobs: php occ config:app:set richdocuments wopi_url --value="http://localhost:9980" php occ config:app:set richdocuments public_wopi_url --value="http://localhost:9980" php occ config:system:set allow_local_remote_servers --value true --type bool - php occ config:app:set core ocm_signed_request_disabled --value true --type bool + php occ config:app:set core ocm_signed_request_disabled --value="true" php occ richdocuments:activate-config curl http://admin:admin@localhost:8081/ocs/v1.php/cloud/capabilities\?format\=json -H 'OCS-APIRequest: true' From a6bb1f3f09afe3b4ab9a2ef7b6b701deadba3326 Mon Sep 17 00:00:00 2001 From: Elizabeth Danzberger Date: Tue, 30 Jun 2026 16:56:15 -0400 Subject: [PATCH 3/3] fix(ci): disable OCM signed requests for integration tests TokenController in server master calls verifySignedRequest() unconditionally, ignoring ocm_signed_request_disabled. This causes JWKS fetch failures over HTTP-only CI, breaking federation tests. Mirror the setting already applied in cypress-e2e.yml. Assisted-by: ClaudeCode:claude-sonnet-4-6 Signed-off-by: Elizabeth Danzberger --- tests/run-integration.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/run-integration.sh b/tests/run-integration.sh index d04e46bc75..37f25575af 100755 --- a/tests/run-integration.sh +++ b/tests/run-integration.sh @@ -52,6 +52,7 @@ $OCC config:app:set richdocuments wopi_url --value="http://localhost:9980" $OCC config:app:set richdocuments public_wopi_url --value="http://localhost:9980" $OCC richdocuments:activate-config $OCC config:system:set allow_local_remote_servers --value true --type bool +$OCC config:app:set core ocm_signed_request_disabled --value="true" $OCC config:system:set gs.trustedHosts 0 --value="localhost:$PORT_SERVERA" $OCC config:system:set gs.trustedHosts 1 --value="localhost:$PORT_SERVERB"