With upcoming work for the feature policy header. Splitting this in smaller classes that just do 1 thing makes sense. I rather have a few small classes that are tiny and do 1 thing right (and we all understand what is going on) than have big ones. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v17.0.0beta1
@@ -457,6 +457,7 @@ return array( | |||
'OC\\AppFramework\\Middleware\\PublicShare\\PublicShareMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\BruteForceMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\CORSMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\CSPMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\AppNotEnabledException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/AppNotEnabledException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\CrossSiteRequestForgeryException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/CrossSiteRequestForgeryException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\LaxSameSiteCookieFailedException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/LaxSameSiteCookieFailedException.php', |
@@ -491,6 +491,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c | |||
'OC\\AppFramework\\Middleware\\PublicShare\\PublicShareMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\BruteForceMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\CORSMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\CSPMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\AppNotEnabledException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/AppNotEnabledException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\CrossSiteRequestForgeryException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/CrossSiteRequestForgeryException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\LaxSameSiteCookieFailedException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/LaxSameSiteCookieFailedException.php', |
@@ -220,13 +220,17 @@ class DIContainer extends SimpleContainer implements IAppContainer { | |||
$server->getUserSession()->isLoggedIn(), | |||
$server->getGroupManager()->isAdmin($this->getUserId()), | |||
$server->getUserSession()->getUser() !== null && $server->query(ISubAdmin::class)->isSubAdmin($server->getUserSession()->getUser()), | |||
$server->getContentSecurityPolicyManager(), | |||
$server->getCsrfTokenManager(), | |||
$server->getContentSecurityPolicyNonceManager(), | |||
$server->getAppManager(), | |||
$server->getL10N('lib') | |||
); | |||
$dispatcher->registerMiddleware($securityMiddleware); | |||
$dispatcher->registerMiddleware( | |||
new OC\AppFramework\Middleware\Security\CSPMiddleware( | |||
$server->query(OC\Security\CSP\ContentSecurityPolicyManager::class), | |||
$server->query(OC\Security\CSP\ContentSecurityPolicyNonceManager::class), | |||
$server->query(OC\Security\CSRF\CsrfTokenManager::class) | |||
) | |||
); | |||
$dispatcher->registerMiddleware( | |||
new OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware( | |||
$c->query(IControllerMethodReflector::class), |
@@ -0,0 +1,80 @@ | |||
<?php | |||
declare(strict_types=1); | |||
/** | |||
* @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @author Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OC\AppFramework\Middleware\Security; | |||
use OC\Security\CSP\ContentSecurityPolicyManager; | |||
use OC\Security\CSP\ContentSecurityPolicyNonceManager; | |||
use OC\Security\CSRF\CsrfTokenManager; | |||
use OCP\AppFramework\Controller; | |||
use OCP\AppFramework\Http\ContentSecurityPolicy; | |||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy; | |||
use OCP\AppFramework\Http\Response; | |||
use OCP\AppFramework\Middleware; | |||
class CSPMiddleware extends Middleware { | |||
/** @var ContentSecurityPolicyManager */ | |||
private $contentSecurityPolicyManager; | |||
/** @var ContentSecurityPolicyNonceManager */ | |||
private $cspNonceManager; | |||
/** @var CsrfTokenManager */ | |||
private $csrfTokenManager; | |||
public function __construct(ContentSecurityPolicyManager $policyManager, | |||
ContentSecurityPolicyNonceManager $cspNonceManager, | |||
CsrfTokenManager $csrfTokenManager) { | |||
$this->contentSecurityPolicyManager = $policyManager; | |||
$this->cspNonceManager = $cspNonceManager; | |||
$this->csrfTokenManager = $csrfTokenManager; | |||
} | |||
/** | |||
* Performs the default CSP modifications that may be injected by other | |||
* applications | |||
* | |||
* @param Controller $controller | |||
* @param string $methodName | |||
* @param Response $response | |||
* @return Response | |||
*/ | |||
public function afterController($controller, $methodName, Response $response): Response { | |||
$policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy(); | |||
if (get_class($policy) === EmptyContentSecurityPolicy::class) { | |||
return $response; | |||
} | |||
$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy(); | |||
$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy); | |||
if($this->cspNonceManager->browserSupportsCspV3()) { | |||
$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue()); | |||
} | |||
$response->setContentSecurityPolicy($defaultPolicy); | |||
return $response; | |||
} | |||
} |
@@ -84,12 +84,6 @@ class SecurityMiddleware extends Middleware { | |||
private $isAdminUser; | |||
/** @var bool */ | |||
private $isSubAdmin; | |||
/** @var ContentSecurityPolicyManager */ | |||
private $contentSecurityPolicyManager; | |||
/** @var CsrfTokenManager */ | |||
private $csrfTokenManager; | |||
/** @var ContentSecurityPolicyNonceManager */ | |||
private $cspNonceManager; | |||
/** @var IAppManager */ | |||
private $appManager; | |||
/** @var IL10N */ | |||
@@ -104,9 +98,6 @@ class SecurityMiddleware extends Middleware { | |||
bool $isLoggedIn, | |||
bool $isAdminUser, | |||
bool $isSubAdmin, | |||
ContentSecurityPolicyManager $contentSecurityPolicyManager, | |||
CsrfTokenManager $csrfTokenManager, | |||
ContentSecurityPolicyNonceManager $cspNonceManager, | |||
IAppManager $appManager, | |||
IL10N $l10n | |||
) { | |||
@@ -119,9 +110,6 @@ class SecurityMiddleware extends Middleware { | |||
$this->isLoggedIn = $isLoggedIn; | |||
$this->isAdminUser = $isAdminUser; | |||
$this->isSubAdmin = $isSubAdmin; | |||
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager; | |||
$this->csrfTokenManager = $csrfTokenManager; | |||
$this->cspNonceManager = $cspNonceManager; | |||
$this->appManager = $appManager; | |||
$this->l10n = $l10n; | |||
} | |||
@@ -203,34 +191,6 @@ class SecurityMiddleware extends Middleware { | |||
} | |||
} | |||
/** | |||
* Performs the default CSP modifications that may be injected by other | |||
* applications | |||
* | |||
* @param Controller $controller | |||
* @param string $methodName | |||
* @param Response $response | |||
* @return Response | |||
*/ | |||
public function afterController($controller, $methodName, Response $response): Response { | |||
$policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy(); | |||
if (get_class($policy) === EmptyContentSecurityPolicy::class) { | |||
return $response; | |||
} | |||
$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy(); | |||
$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy); | |||
if($this->cspNonceManager->browserSupportsCspV3()) { | |||
$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue()); | |||
} | |||
$response->setContentSecurityPolicy($defaultPolicy); | |||
return $response; | |||
} | |||
/** | |||
* If an SecurityException is being caught, ajax requests return a JSON error | |||
* response and non ajax requests redirect to the index |
@@ -0,0 +1,149 @@ | |||
<?php | |||
declare(strict_types=1); | |||
/** | |||
* @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @author Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace Test\AppFramework\Middleware\Security; | |||
use OC\AppFramework\Middleware\Security\CSPMiddleware; | |||
use OC\Security\CSP\ContentSecurityPolicy; | |||
use OC\Security\CSP\ContentSecurityPolicyManager; | |||
use OC\Security\CSP\ContentSecurityPolicyNonceManager; | |||
use OC\Security\CSRF\CsrfToken; | |||
use OC\Security\CSRF\CsrfTokenManager; | |||
use OCP\AppFramework\Controller; | |||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy; | |||
use OCP\AppFramework\Http\Response; | |||
use PHPUnit\Framework\MockObject\MockObject; | |||
class CSPMiddlewareTest extends \Test\TestCase { | |||
/** @var CSPMiddleware|MockObject */ | |||
private $middleware; | |||
/** @var Controller|MockObject */ | |||
private $controller; | |||
/** @var ContentSecurityPolicyManager|MockObject */ | |||
private $contentSecurityPolicyManager; | |||
/** @var CsrfTokenManager|MockObject */ | |||
private $csrfTokenManager; | |||
/** @var ContentSecurityPolicyNonceManager|MockObject */ | |||
private $cspNonceManager; | |||
protected function setUp() { | |||
parent::setUp(); | |||
$this->controller = $this->createMock(Controller::class); | |||
$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class); | |||
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); | |||
$this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class); | |||
$this->middleware = new CSPMiddleware( | |||
$this->contentSecurityPolicyManager, | |||
$this->cspNonceManager, | |||
$this->csrfTokenManager | |||
); | |||
} | |||
public function testAfterController() { | |||
$this->cspNonceManager | |||
->expects($this->once()) | |||
->method('browserSupportsCspV3') | |||
->willReturn(false); | |||
$response = $this->createMock(Response::class); | |||
$defaultPolicy = new ContentSecurityPolicy(); | |||
$defaultPolicy->addAllowedImageDomain('defaultpolicy'); | |||
$currentPolicy = new ContentSecurityPolicy(); | |||
$currentPolicy->addAllowedConnectDomain('currentPolicy'); | |||
$mergedPolicy = new ContentSecurityPolicy(); | |||
$mergedPolicy->addAllowedMediaDomain('mergedPolicy'); | |||
$response | |||
->expects($this->exactly(2)) | |||
->method('getContentSecurityPolicy') | |||
->willReturn($currentPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('getDefaultPolicy') | |||
->willReturn($defaultPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('mergePolicies') | |||
->with($defaultPolicy, $currentPolicy) | |||
->willReturn($mergedPolicy); | |||
$response->expects($this->once()) | |||
->method('setContentSecurityPolicy') | |||
->with($mergedPolicy); | |||
$this->middleware->afterController($this->controller, 'test', $response); | |||
} | |||
public function testAfterControllerEmptyCSP() { | |||
$response = $this->createMock(Response::class); | |||
$emptyPolicy = new EmptyContentSecurityPolicy(); | |||
$response->expects($this->any()) | |||
->method('getContentSecurityPolicy') | |||
->willReturn($emptyPolicy); | |||
$response->expects($this->never()) | |||
->method('setContentSecurityPolicy'); | |||
$this->middleware->afterController($this->controller, 'test', $response); | |||
} | |||
public function testAfterControllerWithContentSecurityPolicy3Support() { | |||
$this->cspNonceManager | |||
->expects($this->once()) | |||
->method('browserSupportsCspV3') | |||
->willReturn(true); | |||
$token = $this->createMock(CsrfToken::class); | |||
$token | |||
->expects($this->once()) | |||
->method('getEncryptedValue') | |||
->willReturn('MyEncryptedToken'); | |||
$this->csrfTokenManager | |||
->expects($this->once()) | |||
->method('getToken') | |||
->willReturn($token); | |||
$response = $this->createMock(Response::class); | |||
$defaultPolicy = new ContentSecurityPolicy(); | |||
$defaultPolicy->addAllowedImageDomain('defaultpolicy'); | |||
$currentPolicy = new ContentSecurityPolicy(); | |||
$currentPolicy->addAllowedConnectDomain('currentPolicy'); | |||
$mergedPolicy = new ContentSecurityPolicy(); | |||
$mergedPolicy->addAllowedMediaDomain('mergedPolicy'); | |||
$response | |||
->expects($this->exactly(2)) | |||
->method('getContentSecurityPolicy') | |||
->willReturn($currentPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('getDefaultPolicy') | |||
->willReturn($defaultPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('mergePolicies') | |||
->with($defaultPolicy, $currentPolicy) | |||
->willReturn($mergedPolicy); | |||
$response->expects($this->once()) | |||
->method('setContentSecurityPolicy') | |||
->with($mergedPolicy); | |||
$this->assertEquals($response, $this->middleware->afterController($this->controller, 'test', $response)); | |||
} | |||
} |
@@ -72,12 +72,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { | |||
private $navigationManager; | |||
/** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */ | |||
private $urlGenerator; | |||
/** @var ContentSecurityPolicyManager|\PHPUnit_Framework_MockObject_MockObject */ | |||
private $contentSecurityPolicyManager; | |||
/** @var CsrfTokenManager|\PHPUnit_Framework_MockObject_MockObject */ | |||
private $csrfTokenManager; | |||
/** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */ | |||
private $cspNonceManager; | |||
/** @var IAppManager|\PHPUnit_Framework_MockObject_MockObject */ | |||
private $appManager; | |||
/** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */ | |||
@@ -92,9 +86,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { | |||
$this->navigationManager = $this->createMock(INavigationManager::class); | |||
$this->urlGenerator = $this->createMock(IURLGenerator::class); | |||
$this->request = $this->createMock(IRequest::class); | |||
$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class); | |||
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); | |||
$this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class); | |||
$this->l10n = $this->createMock(IL10N::class); | |||
$this->middleware = $this->getMiddleware(true, true, false); | |||
$this->secException = new SecurityException('hey', false); | |||
@@ -118,9 +109,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { | |||
$isLoggedIn, | |||
$isAdminUser, | |||
$isSubAdmin, | |||
$this->contentSecurityPolicyManager, | |||
$this->csrfTokenManager, | |||
$this->cspNonceManager, | |||
$this->appManager, | |||
$this->l10n | |||
); | |||
@@ -611,91 +599,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { | |||
$this->assertTrue($response instanceof JSONResponse); | |||
} | |||
public function testAfterController() { | |||
$this->cspNonceManager | |||
->expects($this->once()) | |||
->method('browserSupportsCspV3') | |||
->willReturn(false); | |||
$response = $this->createMock(Response::class); | |||
$defaultPolicy = new ContentSecurityPolicy(); | |||
$defaultPolicy->addAllowedImageDomain('defaultpolicy'); | |||
$currentPolicy = new ContentSecurityPolicy(); | |||
$currentPolicy->addAllowedConnectDomain('currentPolicy'); | |||
$mergedPolicy = new ContentSecurityPolicy(); | |||
$mergedPolicy->addAllowedMediaDomain('mergedPolicy'); | |||
$response | |||
->expects($this->exactly(2)) | |||
->method('getContentSecurityPolicy') | |||
->willReturn($currentPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('getDefaultPolicy') | |||
->willReturn($defaultPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('mergePolicies') | |||
->with($defaultPolicy, $currentPolicy) | |||
->willReturn($mergedPolicy); | |||
$response->expects($this->once()) | |||
->method('setContentSecurityPolicy') | |||
->with($mergedPolicy); | |||
$this->middleware->afterController($this->controller, 'test', $response); | |||
} | |||
public function testAfterControllerEmptyCSP() { | |||
$response = $this->createMock(Response::class); | |||
$emptyPolicy = new EmptyContentSecurityPolicy(); | |||
$response->expects($this->any()) | |||
->method('getContentSecurityPolicy') | |||
->willReturn($emptyPolicy); | |||
$response->expects($this->never()) | |||
->method('setContentSecurityPolicy'); | |||
$this->middleware->afterController($this->controller, 'test', $response); | |||
} | |||
public function testAfterControllerWithContentSecurityPolicy3Support() { | |||
$this->cspNonceManager | |||
->expects($this->once()) | |||
->method('browserSupportsCspV3') | |||
->willReturn(true); | |||
$token = $this->createMock(CsrfToken::class); | |||
$token | |||
->expects($this->once()) | |||
->method('getEncryptedValue') | |||
->willReturn('MyEncryptedToken'); | |||
$this->csrfTokenManager | |||
->expects($this->once()) | |||
->method('getToken') | |||
->willReturn($token); | |||
$response = $this->createMock(Response::class); | |||
$defaultPolicy = new ContentSecurityPolicy(); | |||
$defaultPolicy->addAllowedImageDomain('defaultpolicy'); | |||
$currentPolicy = new ContentSecurityPolicy(); | |||
$currentPolicy->addAllowedConnectDomain('currentPolicy'); | |||
$mergedPolicy = new ContentSecurityPolicy(); | |||
$mergedPolicy->addAllowedMediaDomain('mergedPolicy'); | |||
$response | |||
->expects($this->exactly(2)) | |||
->method('getContentSecurityPolicy') | |||
->willReturn($currentPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('getDefaultPolicy') | |||
->willReturn($defaultPolicy); | |||
$this->contentSecurityPolicyManager | |||
->expects($this->once()) | |||
->method('mergePolicies') | |||
->with($defaultPolicy, $currentPolicy) | |||
->willReturn($mergedPolicy); | |||
$response->expects($this->once()) | |||
->method('setContentSecurityPolicy') | |||
->with($mergedPolicy); | |||
$this->assertEquals($response, $this->middleware->afterController($this->controller, 'test', $response)); | |||
} | |||
public function dataRestrictedApp() { | |||
return [ | |||
[false, false, false,], |