aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Wurst <ChristophWurst@users.noreply.github.com>2017-01-17 11:01:42 +0100
committerGitHub <noreply@github.com>2017-01-17 11:01:42 +0100
commit012708e1badebe5dab6260c2e9edb521d5dbfee0 (patch)
treecc0e6a1abe9a38b03d1d922a832c78b50b3d87a2
parentb1a82969e66fb25d59cfef63d2a8744e374b2500 (diff)
parent5dc6899d1a3e11841b62971a52f0aa8e577c3065 (diff)
downloadnextcloud-server-012708e1badebe5dab6260c2e9edb521d5dbfee0.tar.gz
nextcloud-server-012708e1badebe5dab6260c2e9edb521d5dbfee0.zip
Merge pull request #3023 from nextcloud/issue-2915-filter-out-sensitive-appconfigs
Filter out sensitive appconfig values
-rw-r--r--core/Command/Config/ListConfigs.php19
-rw-r--r--lib/private/AllConfig.php2
-rw-r--r--lib/private/AppConfig.php55
-rw-r--r--lib/private/SystemConfig.php1
-rw-r--r--lib/public/IAppConfig.php9
-rw-r--r--tests/Core/Command/Config/ListConfigsTest.php6
-rw-r--r--tests/lib/AppConfigTest.php23
7 files changed, 103 insertions, 12 deletions
diff --git a/core/Command/Config/ListConfigs.php b/core/Command/Config/ListConfigs.php
index 2737bc2cea4..94b493c9244 100644
--- a/core/Command/Config/ListConfigs.php
+++ b/core/Command/Config/ListConfigs.php
@@ -89,14 +89,14 @@ class ListConfigs extends Base {
'apps' => [],
];
foreach ($apps as $appName) {
- $configs['apps'][$appName] = $this->appConfig->getValues($appName, false);
+ $configs['apps'][$appName] = $this->getAppConfigs($appName, $noSensitiveValues);
}
break;
default:
$configs = [
'apps' => [
- $app => $this->appConfig->getValues($app, false),
+ $app => $this->getAppConfigs($app, $noSensitiveValues),
],
];
}
@@ -130,6 +130,21 @@ class ListConfigs extends Base {
}
/**
+ * Get the app configs
+ *
+ * @param string $app
+ * @param bool $noSensitiveValues
+ * @return array
+ */
+ protected function getAppConfigs($app, $noSensitiveValues) {
+ if ($noSensitiveValues) {
+ return $this->appConfig->getFilteredValues($app, false);
+ } else {
+ return $this->appConfig->getValues($app, false);
+ }
+ }
+
+ /**
* @param string $argumentName
* @param CompletionContext $context
* @return string[]
diff --git a/lib/private/AllConfig.php b/lib/private/AllConfig.php
index a58aec4aeea..1f59e677a54 100644
--- a/lib/private/AllConfig.php
+++ b/lib/private/AllConfig.php
@@ -68,7 +68,7 @@ class AllConfig implements \OCP\IConfig {
/**
* @param SystemConfig $systemConfig
*/
- function __construct(SystemConfig $systemConfig) {
+ public function __construct(SystemConfig $systemConfig) {
$this->userCache = new CappedMemoryCache();
$this->systemConfig = $systemConfig;
}
diff --git a/lib/private/AppConfig.php b/lib/private/AppConfig.php
index d92e8965b5c..06e760e86f6 100644
--- a/lib/private/AppConfig.php
+++ b/lib/private/AppConfig.php
@@ -29,7 +29,9 @@
namespace OC;
+use OC\DB\OracleConnection;
use OCP\IAppConfig;
+use OCP\IConfig;
use OCP\IDBConnection;
/**
@@ -37,12 +39,22 @@ use OCP\IDBConnection;
* database.
*/
class AppConfig implements IAppConfig {
- /**
- * @var \OCP\IDBConnection $conn
- */
+
+ /** @var array[] */
+ protected $sensitiveValues = [
+ 'user_ldap' => [
+ 'ldap_agent_password',
+ ],
+ ];
+
+ /** @var \OCP\IDBConnection */
protected $conn;
- private $cache = array();
+ /** @var array[] */
+ private $cache = [];
+
+ /** @var bool */
+ private $configLoaded = false;
/**
* @param IDBConnection $conn
@@ -85,6 +97,7 @@ class AppConfig implements IAppConfig {
*
* @param string $app the app we are looking for
* @return array an array of key names
+ * @deprecated 8.0.0 use method getAppKeys of \OCP\IConfig
*
* This function gets all keys of an app. Please note that the values are
* not returned.
@@ -112,6 +125,7 @@ class AppConfig implements IAppConfig {
* @param string $key key
* @param string $default = null, default value if the key does not exist
* @return string the value or $default
+ * @deprecated 8.0.0 use method getAppValue of \OCP\IConfig
*
* This function gets a value from the appconfig table. If the key does
* not exist the default value will be returned
@@ -146,6 +160,7 @@ class AppConfig implements IAppConfig {
* @param string $key key
* @param string|float|int $value value
* @return bool True if the value was inserted or updated, false if the value was the same
+ * @deprecated 8.0.0 use method setAppValue of \OCP\IConfig
*/
public function setValue($app, $key, $value) {
if (!$this->hasKey($app, $key)) {
@@ -182,7 +197,7 @@ class AppConfig implements IAppConfig {
* http://docs.oracle.com/cd/E11882_01/server.112/e26088/conditions002.htm#i1033286
* > Large objects (LOBs) are not supported in comparison conditions.
*/
- if (!($this->conn instanceof \OC\DB\OracleConnection)) {
+ if (!($this->conn instanceof OracleConnection)) {
// Only update the value when it is not the same
$sql->andWhere($sql->expr()->neq('configvalue', $sql->createParameter('configvalue')))
->setParameter('configvalue', $value);
@@ -200,7 +215,8 @@ class AppConfig implements IAppConfig {
*
* @param string $app app
* @param string $key key
- * @return boolean|null
+ * @return boolean
+ * @deprecated 8.0.0 use method deleteAppValue of \OCP\IConfig
*/
public function deleteKey($app, $key) {
$this->loadConfigValues();
@@ -214,13 +230,15 @@ class AppConfig implements IAppConfig {
$sql->execute();
unset($this->cache[$app][$key]);
+ return false;
}
/**
* Remove app from appconfig
*
* @param string $app app
- * @return boolean|null
+ * @return boolean
+ * @deprecated 8.0.0 use method deleteAppValue of \OCP\IConfig
*
* Removes all keys in appconfig belonging to the app.
*/
@@ -234,6 +252,7 @@ class AppConfig implements IAppConfig {
$sql->execute();
unset($this->cache[$app]);
+ return false;
}
/**
@@ -262,10 +281,30 @@ class AppConfig implements IAppConfig {
}
/**
+ * get all values of the app or and filters out sensitive data
+ *
+ * @param string $app
+ * @return array
+ */
+ public function getFilteredValues($app) {
+ $values = $this->getValues($app, false);
+
+ foreach ($this->sensitiveValues[$app] as $sensitiveKey) {
+ if (isset($values[$sensitiveKey])) {
+ $values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
+ }
+ }
+
+ return $values;
+ }
+
+ /**
* Load all the app config values
*/
protected function loadConfigValues() {
- if ($this->configLoaded) return;
+ if ($this->configLoaded) {
+ return;
+ }
$this->cache = [];
diff --git a/lib/private/SystemConfig.php b/lib/private/SystemConfig.php
index 1029a6619ff..e5f1adaf004 100644
--- a/lib/private/SystemConfig.php
+++ b/lib/private/SystemConfig.php
@@ -44,7 +44,6 @@ class SystemConfig {
'passwordsalt' => true,
'secret' => true,
'updater.secret' => true,
- 'ldap_agent_password' => true,
'proxyuserpwd' => true,
'log.condition' => [
'shared_secret' => true,
diff --git a/lib/public/IAppConfig.php b/lib/public/IAppConfig.php
index 01aca47ad81..4a92a224840 100644
--- a/lib/public/IAppConfig.php
+++ b/lib/public/IAppConfig.php
@@ -87,6 +87,15 @@ interface IAppConfig {
public function getValues($app, $key);
/**
+ * get all values of the app or and filters out sensitive data
+ *
+ * @param string $app
+ * @return array
+ * @since 12.0.0
+ */
+ public function getFilteredValues($app);
+
+ /**
* sets a value in the appconfig
* @param string $app app
* @param string $key key
diff --git a/tests/Core/Command/Config/ListConfigsTest.php b/tests/Core/Command/Config/ListConfigsTest.php
index 0f170cee840..861c1f59d5e 100644
--- a/tests/Core/Command/Config/ListConfigsTest.php
+++ b/tests/Core/Command/Config/ListConfigsTest.php
@@ -285,10 +285,16 @@ class ListConfigsTest extends TestCase {
$this->systemConfig->expects($this->any())
->method('getValue')
->willReturnMap($systemConfigMap);
+ $this->appConfig->expects($this->any())
+ ->method('getValues')
+ ->willReturnMap($appConfig);
} else {
$this->systemConfig->expects($this->any())
->method('getFilteredValue')
->willReturnMap($systemConfigMap);
+ $this->appConfig->expects($this->any())
+ ->method('getFilteredValues')
+ ->willReturnMap($appConfig);
}
$this->appConfig->expects($this->any())
diff --git a/tests/lib/AppConfigTest.php b/tests/lib/AppConfigTest.php
index c4da7507752..fed929352d3 100644
--- a/tests/lib/AppConfigTest.php
+++ b/tests/lib/AppConfigTest.php
@@ -8,6 +8,7 @@
*/
namespace Test;
+use OCP\IConfig;
/**
* Class AppConfigTest
@@ -305,6 +306,28 @@ class AppConfigTest extends TestCase {
$this->assertEquals($expected, $values);
}
+ public function testGetFilteredValues() {
+ /** @var \OC\AppConfig|\PHPUnit_Framework_MockObject_MockObject $config */
+ $config = $this->getMockBuilder(\OC\AppConfig::class)
+ ->setConstructorArgs([\OC::$server->getDatabaseConnection()])
+ ->setMethods(['getValues'])
+ ->getMock();
+
+ $config->expects($this->once())
+ ->method('getValues')
+ ->with('user_ldap', false)
+ ->willReturn([
+ 'ldap_agent_password' => 'secret',
+ 'ldap_dn' => 'dn',
+ ]);
+
+ $values = $config->getFilteredValues('user_ldap');
+ $this->assertEquals([
+ 'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
+ 'ldap_dn' => 'dn',
+ ], $values);
+ }
+
public function testSettingConfigParallel() {
$appConfig1 = new \OC\AppConfig(\OC::$server->getDatabaseConnection());
$appConfig2 = new \OC\AppConfig(\OC::$server->getDatabaseConnection());