diff options
| author | Joas Schilling <coding@schilljs.com> | 2024-07-17 15:25:51 +0200 |
|---|---|---|
| committer | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2024-07-19 16:28:03 +0200 |
| commit | 047479ccf9ff332cc249cd08d5c315394f3e48da (patch) | |
| tree | 1001b114f3857338bba5e520e941fca4914a2be4 /lib/private/AppFramework/Middleware | |
| parent | 202e5b1e957a7692165a313710e38406ca4f6ff3 (diff) | |
| download | nextcloud-server-047479ccf9ff332cc249cd08d5c315394f3e48da.tar.gz nextcloud-server-047479ccf9ff332cc249cd08d5c315394f3e48da.zip | |
feat(security): Add public API to allow validating IP Ranges and checking for "in range"
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
Diffstat (limited to 'lib/private/AppFramework/Middleware')
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index df20c131e03..b8de09072ce 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -17,7 +17,6 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException; use OC\AppFramework\Middleware\Security\Exceptions\SecurityException; use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException; use OC\AppFramework\Utility\ControllerMethodReflector; -use OC\Security\RemoteIpAddress; use OC\Settings\AuthorizedGroupMapper; use OC\User\Session; use OCP\App\AppPathNotFoundException; @@ -42,6 +41,7 @@ use OCP\INavigationManager; use OCP\IRequest; use OCP\IURLGenerator; use OCP\IUserSession; +use OCP\Security\Ip\IRemoteAddress; use OCP\Util; use Psr\Log\LoggerInterface; use ReflectionMethod; @@ -67,7 +67,7 @@ class SecurityMiddleware extends Middleware { private IL10N $l10n, private AuthorizedGroupMapper $groupAuthorizationMapper, private IUserSession $userSession, - private RemoteIpAddress $remoteIpAddress, + private IRemoteAddress $remoteAddress, ) { } @@ -134,7 +134,7 @@ class SecurityMiddleware extends Middleware { if (!$authorized) { throw new NotAdminException($this->l10n->t('Logged in account must be an admin, a sub admin or gotten special right to access this setting')); } - if (!$this->remoteIpAddress->allowsAdminActions()) { + if (!$this->remoteAddress->allowsAdminActions()) { throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions')); } } @@ -151,12 +151,12 @@ class SecurityMiddleware extends Middleware { throw new NotAdminException($this->l10n->t('Logged in account must be an admin')); } if ($this->hasAnnotationOrAttribute($reflectionMethod, 'SubAdminRequired', SubAdminRequired::class) - && !$this->remoteIpAddress->allowsAdminActions()) { + && !$this->remoteAddress->allowsAdminActions()) { throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions')); } if (!$this->hasAnnotationOrAttribute($reflectionMethod, 'SubAdminRequired', SubAdminRequired::class) && !$this->hasAnnotationOrAttribute($reflectionMethod, 'NoAdminRequired', NoAdminRequired::class) - && !$this->remoteIpAddress->allowsAdminActions()) { + && !$this->remoteAddress->allowsAdminActions()) { throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions')); } |