'OCP\\Security\\ICrypto' => $baseDir . '/lib/public/Security/ICrypto.php',
'OCP\\Security\\IHasher' => $baseDir . '/lib/public/Security/IHasher.php',
'OCP\\Security\\ISecureRandom' => $baseDir . '/lib/public/Security/ISecureRandom.php',
+ 'OCP\\Security\\ITrustedDomainHelper' => $baseDir . '/lib/public/Security/ITrustedDomainHelper.php',
'OCP\\Security\\VerificationToken\\IVerificationToken' => $baseDir . '/lib/public/Security/VerificationToken/IVerificationToken.php',
'OCP\\Security\\VerificationToken\\InvalidTokenException' => $baseDir . '/lib/public/Security/VerificationToken/InvalidTokenException.php',
'OCP\\Session\\Exceptions\\SessionNotAvailableException' => $baseDir . '/lib/public/Session/Exceptions/SessionNotAvailableException.php',
'OCP\\Security\\ICrypto' => __DIR__ . '/../../..' . '/lib/public/Security/ICrypto.php',
'OCP\\Security\\IHasher' => __DIR__ . '/../../..' . '/lib/public/Security/IHasher.php',
'OCP\\Security\\ISecureRandom' => __DIR__ . '/../../..' . '/lib/public/Security/ISecureRandom.php',
+ 'OCP\\Security\\ITrustedDomainHelper' => __DIR__ . '/../../..' . '/lib/public/Security/ITrustedDomainHelper.php',
'OCP\\Security\\VerificationToken\\IVerificationToken' => __DIR__ . '/../../..' . '/lib/public/Security/VerificationToken/IVerificationToken.php',
'OCP\\Security\\VerificationToken\\InvalidTokenException' => __DIR__ . '/../../..' . '/lib/public/Security/VerificationToken/InvalidTokenException.php',
'OCP\\Session\\Exceptions\\SessionNotAvailableException' => __DIR__ . '/../../..' . '/lib/public/Session/Exceptions/SessionNotAvailableException.php',
use OC\AppFramework\Http\Request;
use OCP\IConfig;
+use OCP\Security\ITrustedDomainHelper;
-/**
- * Class TrustedDomain
- *
- * @package OC\Security
- */
-class TrustedDomainHelper {
+class TrustedDomainHelper implements ITrustedDomainHelper {
/** @var IConfig */
private $config;
}
/**
- * Checks whether a domain is considered as trusted from the list
- * of trusted domains. If no trusted domains have been configured, returns
- * true.
- * This is used to prevent Host Header Poisoning.
- * @param string $domainWithPort
- * @return bool true if the given domain is trusted or if no trusted domains
- * have been configured
+ * {@inheritDoc}
+ */
+ public function isTrustedUrl(string $url): bool {
+ $parsedUrl = parse_url($url);
+ if (empty($parsedUrl['host'])) {
+ return false;
+ }
+
+ if (isset($parsedUrl['port']) && $parsedUrl['port']) {
+ return $this->isTrustedDomain($parsedUrl['host'] . ':' . $parsedUrl['port']);
+ }
+
+ return $this->isTrustedDomain($parsedUrl['host']);
+ }
+
+ /**
+ * {@inheritDoc}
*/
public function isTrustedDomain(string $domainWithPort): bool {
// overwritehost is always trusted
--- /dev/null
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2021 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Security;
+
+/**
+ * Allows checking domains and full URLs against the list of trusted domains for
+ * this server in the config file.
+ *
+ * @package OCP\Security
+ * @since 23.0.0
+ */
+interface ITrustedDomainHelper {
+ /**
+ * Checks whether a given URL is considered as trusted from the list
+ * of trusted domains in the server's config file. If no trusted domains
+ * have been configured and the url is valid, returns true.
+ *
+ * @param string $url
+ * @return bool
+ * @since 23.0.0
+ */
+ public function isTrustedUrl(string $url): bool;
+
+ /**
+ * Checks whether a given domain is considered as trusted from the list
+ * of trusted domains in the server's config file. If no trusted domains
+ * have been configured, returns true.
+ * This is used to prevent Host Header Poisoning.
+ *
+ * @param string $domainWithPort
+ * @return bool
+ * @since 23.0.0
+ */
+ public function isTrustedDomain(string $domainWithPort): bool;
+}
$this->config = $this->getMockBuilder(IConfig::class)->getMock();
}
+ /**
+ * @dataProvider trustedDomainDataProvider
+ * @param string $trustedDomains
+ * @param string $testDomain
+ * @param bool $result
+ */
+ public function testIsTrustedUrl($trustedDomains, $testDomain, $result) {
+ $this->config->method('getSystemValue')
+ ->willReturnMap([
+ ['overwritehost', '', ''],
+ ['trusted_domains', [], $trustedDomains],
+ ]);
+
+ $trustedDomainHelper = new TrustedDomainHelper($this->config);
+ $this->assertEquals($result, $trustedDomainHelper->isTrustedUrl('https://' . $testDomain . '/index.php/something'));
+ }
+
/**
* @dataProvider trustedDomainDataProvider
* @param string $trustedDomains
* @param bool $result
*/
public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
- $this->config->expects($this->at(0))
- ->method('getSystemValue')
- ->with('overwritehost')
- ->willReturn('');
- $this->config->expects($this->at(1))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->willReturn($trustedDomains);
+ $this->config->method('getSystemValue')
+ ->willReturnMap([
+ ['overwritehost', '', ''],
+ ['trusted_domains', [], $trustedDomains],
+ ]);
$trustedDomainHelper = new TrustedDomainHelper($this->config);
$this->assertEquals($result, $trustedDomainHelper->isTrustedDomain($testDomain));
}
public function testIsTrustedDomainOverwriteHost() {
- $this->config->expects($this->at(0))
- ->method('getSystemValue')
+ $this->config->method('getSystemValue')
->with('overwritehost')
->willReturn('myproxyhost');
projects / nextcloud-server.git / commitdiff