diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-04-24 17:13:18 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-04-25 14:50:32 +0200 |
| commit | ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d (patch) | |
| tree | c07f24f3837a96ea963e45092b08a73658c10ace /lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php | |
| parent | 2abefff2899952ea422d708fbda611f1695125fd (diff) | |
| download | nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.tar.gz nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.zip | |
feat(security): Add PHP \Attribute for remaining security annotations
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php')
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php index 0ee9fdff881..a72a7a40016 100644 --- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php @@ -26,11 +26,13 @@ namespace OC\AppFramework\Middleware\Security; use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException; use OC\AppFramework\Utility\ControllerMethodReflector; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Middleware; use OCP\AppFramework\Utility\ITimeFactory; use OCP\ISession; use OCP\IUserSession; use OCP\User\Backend\IPasswordConfirmationBackend; +use ReflectionMethod; class PasswordConfirmationMiddleware extends Middleware { /** @var ControllerMethodReflector */ @@ -68,7 +70,9 @@ class PasswordConfirmationMiddleware extends Middleware { * @throws NotConfirmedException */ public function beforeController($controller, $methodName) { - if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) { + $reflectionMethod = new ReflectionMethod($controller, $methodName); + + if ($this->hasAnnotationOrAttribute($reflectionMethod, 'PasswordConfirmationRequired', PasswordConfirmationRequired::class)) { $user = $this->userSession->getUser(); $backendClassName = ''; if ($user !== null) { @@ -89,4 +93,24 @@ class PasswordConfirmationMiddleware extends Middleware { } } } + + /** + * @template T + * + * @param ReflectionMethod $reflectionMethod + * @param string $annotationName + * @param class-string<T> $attributeClass + * @return boolean + */ + protected function hasAnnotationOrAttribute(ReflectionMethod $reflectionMethod, string $annotationName, string $attributeClass): bool { + if (!empty($reflectionMethod->getAttributes($attributeClass))) { + return true; + } + + if ($this->reflector->hasAnnotation($annotationName)) { + return true; + } + + return false; + } } |