aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2016-10-26 00:20:27 +0200
committerGitHub <noreply@github.com>2016-10-26 00:20:27 +0200
commit9a70c137d2afa3dc1a6f6361c3fa36d5a9ca4f71 (patch)
treebdfcaaca14022c13bcc2088b791ce2a16dd562db
parent1b6ba5ad322cb3d6e2139393798d243f1d4cc68a (diff)
parent015affb082a7c9bbfeef552b3c74e5ae77e01ab3 (diff)
downloadnextcloud-server-9a70c137d2afa3dc1a6f6361c3fa36d5a9ca4f71.tar.gz
nextcloud-server-9a70c137d2afa3dc1a6f6361c3fa36d5a9ca4f71.zip
Merge pull request #1917 from nextcloud/ocjs_inline
Inline oc.js when possible!
-rw-r--r--core/Controller/OCJSController.php92
-rw-r--r--core/routes.php4
-rw-r--r--core/templates/layout.base.php5
-rw-r--r--core/templates/layout.guest.php5
-rw-r--r--core/templates/layout.user.php5
-rw-r--r--lib/composer/composer/autoload_classmap.php2
-rw-r--r--lib/composer/composer/autoload_static.php2
-rw-r--r--lib/private/AppFramework/DependencyInjection/DIContainer.php3
-rw-r--r--lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php27
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php30
-rw-r--r--lib/private/Server.php3
-rw-r--r--lib/private/Template/JSConfigHelper.php243
-rw-r--r--lib/private/TemplateLayout.php18
-rw-r--r--tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php15
-rw-r--r--tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php4
15 files changed, 426 insertions, 32 deletions
diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php
new file mode 100644
index 00000000000..b1c2208377e
--- /dev/null
+++ b/core/Controller/OCJSController.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Core\Controller;
+
+use bantu\IniGetWrapper\IniGetWrapper;
+use OC\Template\JSConfigHelper;
+use OCP\App\IAppManager;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\DataDisplayResponse;
+use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IL10N;
+use OCP\IRequest;
+use OCP\IURLGenerator;
+use OCP\IUserSession;
+
+class OCJSController extends Controller {
+
+ /** @var JSConfigHelper */
+ private $helper;
+
+ /**
+ * OCJSController constructor.
+ *
+ * @param string $appName
+ * @param IRequest $request
+ * @param IL10N $l
+ * @param \OC_Defaults $defaults
+ * @param IAppManager $appManager
+ * @param IUserSession $session
+ * @param IConfig $config
+ * @param IGroupManager $groupManager
+ * @param IniGetWrapper $iniWrapper
+ * @param IURLGenerator $urlGenerator
+ */
+ public function __construct($appName,
+ IRequest $request,
+ IL10N $l,
+ \OC_Defaults $defaults,
+ IAppManager $appManager,
+ IUserSession $session,
+ IConfig $config,
+ IGroupManager $groupManager,
+ IniGetWrapper $iniWrapper,
+ IURLGenerator $urlGenerator) {
+ parent::__construct($appName, $request);
+
+ $this->helper = new JSConfigHelper(
+ $l,
+ $defaults,
+ $appManager,
+ $session->getUser(),
+ $config,
+ $groupManager,
+ $iniWrapper,
+ $urlGenerator
+ );
+ }
+
+ /**
+ * @NoCSRFRequired
+ * @PublicPage
+ *
+ * @return DataDisplayResponse
+ */
+ public function getConfig() {
+ $data = $this->helper->getConfig();
+
+ return new DataDisplayResponse($data, Http::STATUS_OK, ['Content-type' => 'text/javascript']);
+ }
+}
diff --git a/core/routes.php b/core/routes.php
index 3ca83815ad4..7978001af7d 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -51,6 +51,7 @@ $application->registerRoutes($this, [
['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
+ ['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
],
'ocs' => [
['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
@@ -66,9 +67,6 @@ $application->registerRoutes($this, [
// Search
$this->create('search_ajax_search', '/core/search')
->actionInclude('core/search/ajax/search.php');
-// oC JS config
-$this->create('js_config', '/core/js/oc.js')
- ->actionInclude('core/js/config.php');
// Routing
$this->create('core_ajax_preview', '/core/preview')
->actionInclude('core/ajax/preview.php');
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index 3f13523afcb..d6d70f31362 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -18,6 +18,11 @@
<?php foreach($_['printcssfiles'] as $cssfile): ?>
<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
<?php endforeach; ?>
+ <?php if (isset($_['inline_ocjs'])): ?>
+ <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
+ <?php print_unescaped($_['inline_ocjs']); ?>
+ </script>
+ <?php endif; ?>
<?php foreach ($_['jsfiles'] as $jsfile): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index 6d46ac6cf2c..1692e4268d4 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -19,6 +19,11 @@
<?php foreach($_['printcssfiles'] as $cssfile): ?>
<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
<?php endforeach; ?>
+ <?php if (isset($_['inline_ocjs'])): ?>
+ <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
+ <?php print_unescaped($_['inline_ocjs']); ?>
+ </script>
+ <?php endif; ?>
<?php foreach($_['jsfiles'] as $jsfile): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index d258e3582d0..bc8edf085d0 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -26,6 +26,11 @@
<?php foreach($_['printcssfiles'] as $cssfile): ?>
<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
<?php endforeach; ?>
+ <?php if (isset($_['inline_ocjs'])): ?>
+ <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
+ <?php print_unescaped($_['inline_ocjs']); ?>
+ </script>
+ <?php endif; ?>
<?php foreach($_['jsfiles'] as $jsfile): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 0d2a782a867..1332a570a27 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -402,6 +402,7 @@ return array(
'OC\\Core\\Controller\\AvatarController' => $baseDir . '/core/Controller/AvatarController.php',
'OC\\Core\\Controller\\LoginController' => $baseDir . '/core/Controller/LoginController.php',
'OC\\Core\\Controller\\LostController' => $baseDir . '/core/Controller/LostController.php',
+ 'OC\\Core\\Controller\\OCJSController' => $baseDir . '/core/Controller/OCJSController.php',
'OC\\Core\\Controller\\OCSController' => $baseDir . '/core/Controller/OCSController.php',
'OC\\Core\\Controller\\SetupController' => $baseDir . '/core/Controller/SetupController.php',
'OC\\Core\\Controller\\TwoFactorChallengeController' => $baseDir . '/core/Controller/TwoFactorChallengeController.php',
@@ -752,6 +753,7 @@ return array(
'OC\\TemplateLayout' => $baseDir . '/lib/private/TemplateLayout.php',
'OC\\Template\\Base' => $baseDir . '/lib/private/Template/Base.php',
'OC\\Template\\CSSResourceLocator' => $baseDir . '/lib/private/Template/CSSResourceLocator.php',
+ 'OC\\Template\\JSConfigHelper' => $baseDir . '/lib/private/Template/JSConfigHelper.php',
'OC\\Template\\JSResourceLocator' => $baseDir . '/lib/private/Template/JSResourceLocator.php',
'OC\\Template\\ResourceLocator' => $baseDir . '/lib/private/Template/ResourceLocator.php',
'OC\\Template\\ResourceNotFoundException' => $baseDir . '/lib/private/Template/ResourceNotFoundException.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 43e3fc3de34..c9bdc5305fe 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -432,6 +432,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Core\\Controller\\AvatarController' => __DIR__ . '/../../..' . '/core/Controller/AvatarController.php',
'OC\\Core\\Controller\\LoginController' => __DIR__ . '/../../..' . '/core/Controller/LoginController.php',
'OC\\Core\\Controller\\LostController' => __DIR__ . '/../../..' . '/core/Controller/LostController.php',
+ 'OC\\Core\\Controller\\OCJSController' => __DIR__ . '/../../..' . '/core/Controller/OCJSController.php',
'OC\\Core\\Controller\\OCSController' => __DIR__ . '/../../..' . '/core/Controller/OCSController.php',
'OC\\Core\\Controller\\SetupController' => __DIR__ . '/../../..' . '/core/Controller/SetupController.php',
'OC\\Core\\Controller\\TwoFactorChallengeController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorChallengeController.php',
@@ -782,6 +783,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\TemplateLayout' => __DIR__ . '/../../..' . '/lib/private/TemplateLayout.php',
'OC\\Template\\Base' => __DIR__ . '/../../..' . '/lib/private/Template/Base.php',
'OC\\Template\\CSSResourceLocator' => __DIR__ . '/../../..' . '/lib/private/Template/CSSResourceLocator.php',
+ 'OC\\Template\\JSConfigHelper' => __DIR__ . '/../../..' . '/lib/private/Template/JSConfigHelper.php',
'OC\\Template\\JSResourceLocator' => __DIR__ . '/../../..' . '/lib/private/Template/JSResourceLocator.php',
'OC\\Template\\ResourceLocator' => __DIR__ . '/../../..' . '/lib/private/Template/ResourceLocator.php',
'OC\\Template\\ResourceNotFoundException' => __DIR__ . '/../../..' . '/lib/private/Template/ResourceNotFoundException.php',
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 97faa0edf49..8fe9b4dca03 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -380,7 +380,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$app->isLoggedIn(),
$app->isAdminUser(),
$app->getServer()->getContentSecurityPolicyManager(),
- $app->getServer()->getCsrfTokenManager()
+ $app->getServer()->getCsrfTokenManager(),
+ $app->getServer()->getContentSecurityPolicyNonceManager()
);
});
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index 6c33c0023ea..183e55740ea 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -36,6 +36,7 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException;
use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\CSP\ContentSecurityPolicyManager;
+use OC\Security\CSP\ContentSecurityPolicyNonceManager;
use OC\Security\CSRF\CsrfTokenManager;
use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
@@ -80,6 +81,8 @@ class SecurityMiddleware extends Middleware {
private $contentSecurityPolicyManager;
/** @var CsrfTokenManager */
private $csrfTokenManager;
+ /** @var ContentSecurityPolicyNonceManager */
+ private $cspNonceManager;
/**
* @param IRequest $request
@@ -92,6 +95,7 @@ class SecurityMiddleware extends Middleware {
* @param bool $isAdminUser
* @param ContentSecurityPolicyManager $contentSecurityPolicyManager
* @param CSRFTokenManager $csrfTokenManager
+ * @param ContentSecurityPolicyNonceManager $cspNonceManager
*/
public function __construct(IRequest $request,
ControllerMethodReflector $reflector,
@@ -102,7 +106,8 @@ class SecurityMiddleware extends Middleware {
$isLoggedIn,
$isAdminUser,
ContentSecurityPolicyManager $contentSecurityPolicyManager,
- CsrfTokenManager $csrfTokenManager) {
+ CsrfTokenManager $csrfTokenManager,
+ ContentSecurityPolicyNonceManager $cspNonceManager) {
$this->navigationManager = $navigationManager;
$this->request = $request;
$this->reflector = $reflector;
@@ -113,6 +118,7 @@ class SecurityMiddleware extends Middleware {
$this->isAdminUser = $isAdminUser;
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
$this->csrfTokenManager = $csrfTokenManager;
+ $this->cspNonceManager = $cspNonceManager;
}
@@ -177,23 +183,6 @@ class SecurityMiddleware extends Middleware {
}
- private function browserSupportsCspV3() {
- $browserWhitelist = [
- // Chrome 40+
- '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Chrome\/[4-9][0-9].[0-9.]+ (Mobile Safari|Safari)\/[0-9.]+$/',
- // Firefox 45+
- '/^Mozilla\/5\.0 \([^)]+\) Gecko\/[0-9.]+ Firefox\/(4[5-9]|[5-9][0-9])\.[0-9.]+$/',
- // Safari 10+
- '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Version\/1[0-9.]+ Safari\/[0-9.A-Z]+$/',
- ];
-
- if($this->request->isUserAgent($browserWhitelist)) {
- return true;
- }
-
- return false;
- }
-
/**
* Performs the default CSP modifications that may be injected by other
* applications
@@ -213,7 +202,7 @@ class SecurityMiddleware extends Middleware {
$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
- if($this->browserSupportsCspV3()) {
+ if($this->cspNonceManager->browserSupportsCspV3()) {
$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
}
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 0482ea49e5c..e6a39b12a42 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -22,6 +22,7 @@
namespace OC\Security\CSP;
use OC\Security\CSRF\CsrfTokenManager;
+use OCP\IRequest;
/**
* @package OC\Security\CSP
@@ -29,14 +30,19 @@ use OC\Security\CSRF\CsrfTokenManager;
class ContentSecurityPolicyNonceManager {
/** @var CsrfTokenManager */
private $csrfTokenManager;
+ /** @var IRequest */
+ private $request;
/** @var string */
private $nonce = '';
/**
* @param CsrfTokenManager $csrfTokenManager
+ * @param IRequest $request
*/
- public function __construct(CsrfTokenManager $csrfTokenManager) {
+ public function __construct(CsrfTokenManager $csrfTokenManager,
+ IRequest $request) {
$this->csrfTokenManager = $csrfTokenManager;
+ $this->request = $request;
}
/**
@@ -51,4 +57,26 @@ class ContentSecurityPolicyNonceManager {
return $this->nonce;
}
+
+ /**
+ * Check if the browser supports CSP v3
+ *
+ * @return bool
+ */
+ public function browserSupportsCspV3() {
+ $browserWhitelist = [
+ // Chrome 40+
+ '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Chrome\/[4-9][0-9].[0-9.]+ (Mobile Safari|Safari)\/[0-9.]+$/',
+ // Firefox 45+
+ '/^Mozilla\/5\.0 \([^)]+\) Gecko\/[0-9.]+ Firefox\/(4[5-9]|[5-9][0-9])\.[0-9.]+$/',
+ // Safari 10+
+ '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Version\/1[0-9.]+ Safari\/[0-9.A-Z]+$/',
+ ];
+
+ if($this->request->isUserAgent($browserWhitelist)) {
+ return true;
+ }
+
+ return false;
+ }
}
diff --git a/lib/private/Server.php b/lib/private/Server.php
index 1ccc27802d2..21ec311401d 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -711,7 +711,8 @@ class Server extends ServerContainer implements IServerContainer {
});
$this->registerService('ContentSecurityPolicyNonceManager', function(Server $c) {
return new ContentSecurityPolicyNonceManager(
- $c->getCsrfTokenManager()
+ $c->getCsrfTokenManager(),
+ $c->getRequest()
);
});
$this->registerService('ShareManager', function(Server $c) {
diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
new file mode 100644
index 00000000000..a7f8c251cee
--- /dev/null
+++ b/lib/private/Template/JSConfigHelper.php
@@ -0,0 +1,243 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Template;
+
+use bantu\IniGetWrapper\IniGetWrapper;
+use OCP\App\IAppManager;
+use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+use OCP\IUser;
+
+class JSConfigHelper {
+
+ /** @var IL10N */
+ private $l;
+
+ /** @var \OC_Defaults */
+ private $defaults;
+
+ /** @var IAppManager */
+ private $appManager;
+
+ /** @var IUser */
+ private $currentUser;
+
+ /** @var IConfig */
+ private $config;
+
+ /** @var IGroupManager */
+ private $groupManager;
+
+ /** @var IniGetWrapper */
+ private $iniWrapper;
+
+ /** @var IURLGenerator */
+ private $urlGenerator;
+
+ /**
+ * @param IL10N $l
+ * @param \OC_Defaults $defaults
+ * @param IAppManager $appManager
+ * @param IUser|null $currentUser
+ * @param IConfig $config
+ * @param IGroupManager $groupManager
+ * @param IniGetWrapper $iniWrapper
+ * @param IURLGenerator $urlGenerator
+ */
+ public function __construct(IL10N $l,
+ \OC_Defaults $defaults,
+ IAppManager $appManager,
+ $currentUser,
+ IConfig $config,
+ IGroupManager $groupManager,
+ IniGetWrapper $iniWrapper,
+ IURLGenerator $urlGenerator) {
+ $this->l = $l;
+ $this->defaults = $defaults;
+ $this->appManager = $appManager;
+ $this->currentUser = $currentUser;
+ $this->config = $config;
+ $this->groupManager = $groupManager;
+ $this->iniWrapper = $iniWrapper;
+ $this->urlGenerator = $urlGenerator;
+ }
+
+ public function getConfig() {
+
+ if ($this->currentUser !== null) {
+ $uid = $this->currentUser->getUID();
+ } else {
+ $uid = null;
+ }
+
+ // Get the config
+ $apps_paths = [];
+
+ if ($this->currentUser === null) {
+ $apps = $this->appManager->getInstalledApps();
+ } else {
+ $apps = $this->appManager->getEnabledAppsForUser($this->currentUser);
+ }
+
+ foreach($apps as $app) {
+ $apps_paths[$app] = \OC_App::getAppWebPath($app);
+ }
+
+ $defaultExpireDateEnabled = $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no') === 'yes';
+ $defaultExpireDate = $enforceDefaultExpireDate = null;
+ if ($defaultExpireDateEnabled) {
+ $defaultExpireDate = (int) $this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7');
+ $enforceDefaultExpireDate = $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes';
+ }
+ $outgoingServer2serverShareEnabled = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes';
+
+ $countOfDataLocation = 0;
+ $dataLocation = str_replace(\OC::$SERVERROOT .'/', '', $this->config->getSystemValue('datadirectory', ''), $countOfDataLocation);
+ if($countOfDataLocation !== 1 || !$this->groupManager->isAdmin($uid)) {
+ $dataLocation = false;
+ }
+
+ $array = [
+ "oc_debug" => $this->config->getSystemValue('debug', false) ? 'true' : 'false',
+ "oc_isadmin" => $this->groupManager->isAdmin($uid) ? 'true' : 'false',
+ "oc_dataURL" => is_string($dataLocation) ? "\"".$dataLocation."\"" : 'false',
+ "oc_webroot" => "\"".\OC::$WEBROOT."\"",
+ "oc_appswebroots" => str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution
+ "datepickerFormatDate" => json_encode($this->l->l('jsdate', null)),
+ "dayNames" => json_encode([
+ (string)$this->l->t('Sunday'),
+ (string)$this->l->t('Monday'),
+ (string)$this->l->t('Tuesday'),
+ (string)$this->l->t('Wednesday'),
+ (string)$this->l->t('Thursday'),
+ (string)$this->l->t('Friday'),
+ (string)$this->l->t('Saturday')
+ ]),
+ "dayNamesShort" => json_encode([
+ (string)$this->l->t('Sun.'),
+ (string)$this->l->t('Mon.'),
+ (string)$this->l->t('Tue.'),
+ (string)$this->l->t('Wed.'),
+ (string)$this->l->t('Thu.'),
+ (string)$this->l->t('Fri.'),
+ (string)$this->l->t('Sat.')
+ ]),
+ "dayNamesMin" => json_encode([
+ (string)$this->l->t('Su'),
+ (string)$this->l->t('Mo'),
+ (string)$this->l->t('Tu'),
+ (string)$this->l->t('We'),
+ (string)$this->l->t('Th'),
+ (string)$this->l->t('Fr'),
+ (string)$this->l->t('Sa')
+ ]),
+ "monthNames" => json_encode([
+ (string)$this->l->t('January'),
+ (string)$this->l->t('February'),
+ (string)$this->l->t('March'),
+ (string)$this->l->t('April'),
+ (string)$this->l->t('May'),
+ (string)$this->l->t('June'),
+ (string)$this->l->t('July'),
+ (string)$this->l->t('August'),
+ (string)$this->l->t('September'),
+ (string)$this->l->t('October'),
+ (string)$this->l->t('November'),
+ (string)$this->l->t('December')
+ ]),
+ "monthNamesShort" => json_encode([
+ (string)$this->l->t('Jan.'),
+ (string)$this->l->t('Feb.'),
+ (string)$this->l->t('Mar.'),
+ (string)$this->l->t('Apr.'),
+ (string)$this->l->t('May.'),
+ (string)$this->l->t('Jun.'),
+ (string)$this->l->t('Jul.'),
+ (string)$this->l->t('Aug.'),
+ (string)$this->l->t('Sep.'),
+ (string)$this->l->t('Oct.'),
+ (string)$this->l->t('Nov.'),
+ (string)$this->l->t('Dec.')
+ ]),
+ "firstDay" => json_encode($this->l->l('firstday', null)) ,
+ "oc_config" => json_encode([
+ 'session_lifetime' => min($this->config->getSystemValue('session_lifetime', $this->iniWrapper->getNumeric('session.gc_maxlifetime')), $this->iniWrapper->getNumeric('session.gc_maxlifetime')),
+ 'session_keepalive' => $this->config->getSystemValue('session_keepalive', true),
+ 'version' => implode('.', \OCP\Util::getVersion()),
+ 'versionstring' => \OC_Util::getVersionString(),
+ 'enable_avatars' => $this->config->getSystemValue('enable_avatars', true) === true,
+ 'lost_password_link'=> $this->config->getSystemValue('lost_password_link', null),
+ 'modRewriteWorking' => (getenv('front_controller_active') === 'true'),
+ ]),
+ "oc_appconfig" => json_encode([
+ 'core' => [
+ 'defaultExpireDateEnabled' => $defaultExpireDateEnabled,
+ 'defaultExpireDate' => $defaultExpireDate,
+ 'defaultExpireDateEnforced' => $enforceDefaultExpireDate,
+ 'enforcePasswordForPublicLink' => \OCP\Util::isPublicLinkPasswordRequired(),
+ 'sharingDisabledForUser' => \OCP\Util::isSharingDisabledForUser(),
+ 'resharingAllowed' => \OCP\Share::isResharingAllowed(),
+ 'remoteShareAllowed' => $outgoingServer2serverShareEnabled,
+ 'federatedCloudShareDoc' => $this->urlGenerator->linkToDocs('user-sharing-federated'),
+ 'allowGroupSharing' => \OC::$server->getShareManager()->allowGroupSharing()
+ ]
+ ]),
+ "oc_defaults" => json_encode([
+ 'entity' => $this->defaults->getEntity(),
+ 'name' => $this->defaults->getName(),
+ 'title' => $this->defaults->getTitle(),
+ 'baseUrl' => $this->defaults->getBaseUrl(),
+ 'syncClientUrl' => $this->defaults->getSyncClientUrl(),
+ 'docBaseUrl' => $this->defaults->getDocBaseUrl(),
+ 'docPlaceholderUrl' => $this->defaults->buildDocLinkToKey('PLACEHOLDER'),
+ 'slogan' => $this->defaults->getSlogan(),
+ 'logoClaim' => $this->defaults->getLogoClaim(),
+ 'shortFooter' => $this->defaults->getShortFooter(),
+ 'longFooter' => $this->defaults->getLongFooter(),
+ 'folder' => \OC_Util::getTheme(),
+ ]),
+ ];
+
+ if ($this->currentUser !== null) {
+ $array['oc_userconfig'] = json_encode([
+ 'avatar' => [
+ 'version' => (int)$this->config->getUserValue($uid, 'avatar', 'version', 0),
+ ]
+ ]);
+ }
+
+ // Allow hooks to modify the output values
+ \OC_Hook::emit('\OCP\Config', 'js', array('array' => &$array));
+
+ $result = '';
+
+ // Echo it
+ foreach ($array as $setting => $value) {
+ $result .= 'var '. $setting . '='. $value . ';' . PHP_EOL;
+ }
+
+ return $result;
+ }
+}
diff --git a/lib/private/TemplateLayout.php b/lib/private/TemplateLayout.php
index da845d80d04..9f89174e7f9 100644
--- a/lib/private/TemplateLayout.php
+++ b/lib/private/TemplateLayout.php
@@ -43,6 +43,7 @@ use Assetic\Filter\CssMinFilter;
use Assetic\Filter\CssRewriteFilter;
use Assetic\Filter\JSqueezeFilter;
use Assetic\Filter\SeparatorFilter;
+use OC\Template\JSConfigHelper;
class TemplateLayout extends \OC_Template {
@@ -142,7 +143,22 @@ class TemplateLayout extends \OC_Template {
$jsFiles = self::findJavascriptFiles(\OC_Util::$scripts);
$this->assign('jsfiles', array());
if ($this->config->getSystemValue('installed', false) && $renderAs != 'error') {
- $this->append( 'jsfiles', \OC::$server->getURLGenerator()->linkToRoute('js_config', ['v' => self::$versionHash]));
+ if (\OC::$server->getContentSecurityPolicyNonceManager()->browserSupportsCspV3()) {
+ $jsConfigHelper = new JSConfigHelper(
+ \OC::$server->getL10N('core'),
+ \OC::$server->getThemingDefaults(),
+ \OC::$server->getAppManager(),
+ \OC::$server->getUserSession()->getUser(),
+ \OC::$server->getConfig(),
+ \OC::$server->getGroupManager(),
+ \OC::$server->getIniWrapper(),
+ \OC::$server->getURLGenerator()
+ );
+ $this->assign('inline_ocjs', $jsConfigHelper->getConfig());
+ $this->assign('foo', 'bar');
+ } else {
+ $this->append('jsfiles', \OC::$server->getURLGenerator()->linkToRoute('core.OCJS.getConfig', ['v' => self::$versionHash]));
+ }
}
foreach($jsFiles as $info) {
$web = $info[1];
diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
index b597317fca4..1fdcf485c28 100644
--- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
@@ -36,6 +36,7 @@ use OC\AppFramework\Middleware\Security\SecurityMiddleware;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\CSP\ContentSecurityPolicy;
use OC\Security\CSP\ContentSecurityPolicyManager;
+use OC\Security\CSP\ContentSecurityPolicyNonceManager;
use OC\Security\CSRF\CsrfToken;
use OC\Security\CSRF\CsrfTokenManager;
use OCP\AppFramework\Controller;
@@ -76,6 +77,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
private $contentSecurityPolicyManager;
/** @var CsrfTokenManager|\PHPUnit_Framework_MockObject_MockObject */
private $csrfTokenManager;
+ /** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */
+ private $cspNonceManager;
protected function setUp() {
parent::setUp();
@@ -88,6 +91,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->request = $this->createMock(IRequest::class);
$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class);
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
+ $this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class);
$this->middleware = $this->getMiddleware(true, true);
$this->secException = new SecurityException('hey', false);
$this->secAjaxException = new SecurityException('hey', true);
@@ -109,7 +113,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$isLoggedIn,
$isAdminUser,
$this->contentSecurityPolicyManager,
- $this->csrfTokenManager
+ $this->csrfTokenManager,
+ $this->cspNonceManager
);
}
@@ -559,9 +564,9 @@ class SecurityMiddlewareTest extends \Test\TestCase {
}
public function testAfterController() {
- $this->request
+ $this->cspNonceManager
->expects($this->once())
- ->method('isUserAgent')
+ ->method('browserSupportsCspV3')
->willReturn(false);
$response = $this->createMock(Response::class);
$defaultPolicy = new ContentSecurityPolicy();
@@ -603,9 +608,9 @@ class SecurityMiddlewareTest extends \Test\TestCase {
}
public function testAfterControllerWithContentSecurityPolicy3Support() {
- $this->request
+ $this->cspNonceManager
->expects($this->once())
- ->method('isUserAgent')
+ ->method('browserSupportsCspV3')
->willReturn(true);
$token = $this->createMock(CsrfToken::class);
$token
diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
index 39d24807d5b..3211a5284f8 100644
--- a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
+++ b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
@@ -24,6 +24,7 @@ namespace Test\Security\CSP;
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
use OC\Security\CSRF\CsrfToken;
use OC\Security\CSRF\CsrfTokenManager;
+use OCP\IRequest;
use Test\TestCase;
class ContentSecurityPolicyNonceManagerTest extends TestCase {
@@ -35,7 +36,8 @@ class ContentSecurityPolicyNonceManagerTest extends TestCase {
public function setUp() {
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
$this->nonceManager = new ContentSecurityPolicyNonceManager(
- $this->csrfTokenManager
+ $this->csrfTokenManager,
+ $this->createMock(IRequest::class)
);
}