fix(federation): Change the Talk-Hash header when overwriting capabilities

Signed-off-by: Joas Schilling <[email protected]>

Author: nickvergessen

lib/Controller/RoomController.php

@@ -40,6 +40,7 @@
 use OCA\Talk\Exceptions\UnauthorizedException;
 use OCA\Talk\Federation\Authenticator;
 use OCA\Talk\Federation\FederationManager;
+use OCA\Talk\Federation\Proxy\TalkV1\ProxyRequest;
 use OCA\Talk\GuestManager;
 use OCA\Talk\Manager;
 use OCA\Talk\MatterbridgeManager;
@@ -2259,6 +2260,12 @@ public function getCapabilities(): DataResponse {
 			/** @var TalkCapabilities|array<empty> $data */
 			$data = $response->getData();
 
+			/**
+			 * IMPORTANT:
+			 * When adding, changing or removing anything here, update
+			 * @see ProxyRequest::overwrittenRemoteTalkHash()
+			 * so clients correctly refresh their capabilities.
+			 */
 			if (isset($data['config']['chat']['read-privacy'])) {
 				$data['config']['chat']['read-privacy'] = Participant::PRIVACY_PRIVATE;
 			}

lib/Federation/Proxy/TalkV1/Controller/RoomController.php

@@ -99,7 +99,7 @@ public function joinFederatedRoom(Room $room, Participant $participant): DataRes
 			throw new CannotReachRemoteException();
 		}
 
-		$headers = ['X-Nextcloud-Talk-Proxy-Hash' => $proxy->getHeader('X-Nextcloud-Talk-Hash')];
+		$headers = ['X-Nextcloud-Talk-Proxy-Hash' => $this->proxy->overwrittenRemoteTalkHash($proxy->getHeader('X-Nextcloud-Talk-Hash'))];
 
 		return new DataResponse([], $statusCode, $headers);
 	}
@@ -123,7 +123,7 @@ public function getCapabilities(Room $room, Participant $participant): DataRespo
 		$data = $this->proxy->getOCSData($proxy);
 
 		$headers = [
-			'X-Nextcloud-Talk-Hash' => $proxy->getHeader('X-Nextcloud-Talk-Hash'),
+			'X-Nextcloud-Talk-Hash' => $this->proxy->overwrittenRemoteTalkHash($proxy->getHeader('X-Nextcloud-Talk-Hash')),
 		];
 
 		return new DataResponse($data, Http::STATUS_OK, $headers);

lib/Federation/Proxy/TalkV1/ProxyRequest.php

@@ -50,6 +50,20 @@ public function __construct(
 	) {
 	}
 
+	public function overwrittenRemoteTalkHash(string $hash): string {
+		return sha1(json_encode([
+			'remoteHash' => $hash,
+			'manipulated' => [
+				'config' => [
+					'chat' => [
+						'read-privacy',
+						'typing-privacy',
+					],
+				],
+			]
+		]));
+	}
+
 	/**
 	 * @return Http::STATUS_BAD_REQUEST
 	 */