diff options
| author | Joas Schilling <coding@schilljs.com> | 2024-07-17 15:25:51 +0200 |
|---|---|---|
| committer | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2024-07-19 16:28:03 +0200 |
| commit | 047479ccf9ff332cc249cd08d5c315394f3e48da (patch) | |
| tree | 1001b114f3857338bba5e520e941fca4914a2be4 /apps/settings/lib | |
| parent | 202e5b1e957a7692165a313710e38406ca4f6ff3 (diff) | |
| download | nextcloud-server-047479ccf9ff332cc249cd08d5c315394f3e48da.tar.gz nextcloud-server-047479ccf9ff332cc249cd08d5c315394f3e48da.zip | |
feat(security): Add public API to allow validating IP Ranges and checking for "in range"
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
Diffstat (limited to 'apps/settings/lib')
| -rw-r--r-- | apps/settings/lib/SetupChecks/AllowedAdminRanges.php | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/apps/settings/lib/SetupChecks/AllowedAdminRanges.php b/apps/settings/lib/SetupChecks/AllowedAdminRanges.php index 7c50c261dea..87e11b06be7 100644 --- a/apps/settings/lib/SetupChecks/AllowedAdminRanges.php +++ b/apps/settings/lib/SetupChecks/AllowedAdminRanges.php @@ -8,8 +8,8 @@ declare(strict_types=1); */ namespace OCA\Settings\SetupChecks; -use IPLib\Factory; -use OC\Security\RemoteIpAddress; +use OC\Security\Ip\Range; +use OC\Security\Ip\RemoteAddress; use OCP\IConfig; use OCP\IL10N; use OCP\SetupCheck\ISetupCheck; @@ -31,8 +31,11 @@ class AllowedAdminRanges implements ISetupCheck { } public function run(): SetupResult { - $allowedAdminRanges = $this->config->getSystemValue(RemoteIpAddress::SETTING_NAME, false); - if ($allowedAdminRanges === false) { + $allowedAdminRanges = $this->config->getSystemValue(RemoteAddress::SETTING_NAME, false); + if ( + $allowedAdminRanges === false + || (is_array($allowedAdminRanges) && empty($allowedAdminRanges)) + ) { return SetupResult::success($this->l10n->t('Admin IP filtering isn’t applied.')); } @@ -40,23 +43,17 @@ class AllowedAdminRanges implements ISetupCheck { return SetupResult::error( $this->l10n->t( 'Configuration key "%1$s" expects an array (%2$s found). Admin IP range validation will not be applied.', - [RemoteIpAddress::SETTING_NAME, gettype($allowedAdminRanges)], + [RemoteAddress::SETTING_NAME, gettype($allowedAdminRanges)], ) ); } - $invalidRanges = array_reduce($allowedAdminRanges, static function (array $carry, mixed $range) { - if (!is_string($range) || Factory::parseRangeString($range) === null) { - $carry[] = $range; - } - - return $carry; - }, []); - if (count($invalidRanges) > 0) { + $invalidRanges = array_filter($allowedAdminRanges, static fn (mixed $range): bool => !is_string($range) || !Range::isValid($range)); + if (!empty($invalidRanges)) { return SetupResult::warning( $this->l10n->t( 'Configuration key "%1$s" contains invalid IP range(s): "%2$s"', - [RemoteIpAddress::SETTING_NAME, implode('", "', $invalidRanges)], + [RemoteAddress::SETTING_NAME, implode('", "', $invalidRanges)], ), ); } |