diff options
author | Joas Schilling <coding@schilljs.com> | 2016-08-17 10:23:13 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-17 10:23:13 +0200 |
commit | 027069cbae9e67a205c77095be09bac9a75bfa2a (patch) | |
tree | 78a2af1e3e7d8f2b9038a3d64a309303f3804610 /lib/private/AppFramework | |
parent | c1632c3abd0f136b4ecb8d7a5bef5c3c72f9cb95 (diff) | |
parent | 77542817d1bfb260c4bff74f77b9507b699f1d76 (diff) | |
download | nextcloud-server-027069cbae9e67a205c77095be09bac9a75bfa2a.tar.gz nextcloud-server-027069cbae9e67a205c77095be09bac9a75bfa2a.zip |
Merge pull request #846 from nextcloud/provisioning_api_ocs
Move Provisioning API to the AppFramework
Diffstat (limited to 'lib/private/AppFramework')
-rw-r--r-- | lib/private/AppFramework/DependencyInjection/DIContainer.php | 2 | ||||
-rw-r--r-- | lib/private/AppFramework/Middleware/OCSMiddleware.php | 62 |
2 files changed, 61 insertions, 3 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index 77192847867..20351d1321c 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -408,6 +408,7 @@ class DIContainer extends SimpleContainer implements IAppContainer { $this->registerService('MiddlewareDispatcher', function($c) use (&$middleWares) { $dispatcher = new MiddlewareDispatcher(); $dispatcher->registerMiddleware($c['CORSMiddleware']); + $dispatcher->registerMiddleware($c['OCSMiddleware']); $dispatcher->registerMiddleware($c['SecurityMiddleware']); $dispatcher->registerMiddleWare($c['TwoFactorMiddleware']); @@ -416,7 +417,6 @@ class DIContainer extends SimpleContainer implements IAppContainer { } $dispatcher->registerMiddleware($c['SessionMiddleware']); - $dispatcher->registerMiddleware($c['OCSMiddleware']); return $dispatcher; }); diff --git a/lib/private/AppFramework/Middleware/OCSMiddleware.php b/lib/private/AppFramework/Middleware/OCSMiddleware.php index e07d100d8ac..68445bbcc51 100644 --- a/lib/private/AppFramework/Middleware/OCSMiddleware.php +++ b/lib/private/AppFramework/Middleware/OCSMiddleware.php @@ -23,8 +23,14 @@ namespace OC\AppFramework\Middleware; use OC\AppFramework\Http; +use OCP\API; +use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\OCSResponse; +use OCP\AppFramework\Http\Response; use OCP\AppFramework\OCS\OCSException; +use OCP\AppFramework\OCS\OCSForbiddenException; +use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; use OCP\IRequest; use OCP\AppFramework\Middleware; @@ -54,12 +60,35 @@ class OCSMiddleware extends Middleware { $code = $exception->getCode(); if ($code === 0) { - $code = Http::STATUS_INTERNAL_SERVER_ERROR; + $code = API::RESPOND_UNKNOWN_ERROR; } + + // Build the response $response = new OCSResponse($format, $code, $exception->getMessage()); + // Forbidden always sets 401 (even on v1.php) + if ($exception instanceof OCSForbiddenException || $code === API::RESPOND_UNAUTHORISED) { + $response->setStatus(Http::STATUS_UNAUTHORIZED); + } + + // On v2.php we set actual HTTP error codes if (substr_compare($this->request->getScriptName(), '/ocs/v2.php', -strlen('/ocs/v2.php')) === 0) { - $response->setStatus($code); + if ($code === API::RESPOND_NOT_FOUND) { + $response->setStatus(Http::STATUS_NOT_FOUND); + } else if ($code === API::RESPOND_SERVER_ERROR) { + $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); + } else if ($code === API::RESPOND_UNKNOWN_ERROR) { + $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); + } else if ($code === API::RESPOND_UNAUTHORISED) { + // Already set + } + // 4xx and 5xx codes are forwarded as is. + else if ($code >= 400 && $code < 600) { + $response->setStatus($code); + } else { + // All other codes get a bad request + $response->setStatus(Http::STATUS_BAD_REQUEST); + } } return $response; } @@ -69,6 +98,35 @@ class OCSMiddleware extends Middleware { /** * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @param Response $response + * @return \OCP\AppFramework\Http\Response + */ + public function afterController($controller, $methodName, Response $response) { + /* + * If a different middleware has detected that a request unauthorized or forbidden + * we need to catch the response and convert it to a proper OCS response. + */ + if ($controller instanceof OCSController && !($response instanceof OCSResponse)) { + if ($response->getStatus() === Http::STATUS_UNAUTHORIZED || + $response->getStatus() === Http::STATUS_FORBIDDEN) { + $format = $this->getFormat($controller); + + $message = ''; + if ($response instanceof JSONResponse) { + /** @var DataResponse $response */ + $message = $response->getData()['message']; + } + $response = new OCSResponse($format, \OCP\API::RESPOND_UNAUTHORISED, $message); + $response->setStatus(Http::STATUS_UNAUTHORIZED); + } + } + + return $response; + } + + /** + * @param \OCP\AppFramework\Controller $controller * @return string */ private function getFormat($controller) { |