diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-05-06 16:29:19 +0200 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-05-11 17:54:08 +0200 |
| commit | 80648da43197c91ed52f36cee8bc818038b88eb6 (patch) | |
| tree | ea604192691d7b74857ed639311185de0d93504c /lib/private/appframework/middleware | |
| parent | a252f59cd436d2c005755955bc93ab44544df766 (diff) | |
| download | nextcloud-server-80648da43197c91ed52f36cee8bc818038b88eb6.tar.gz nextcloud-server-80648da43197c91ed52f36cee8bc818038b88eb6.zip | |
implement most of the basic stuff that was suggested in #8290
Diffstat (limited to 'lib/private/appframework/middleware')
| -rw-r--r-- | lib/private/appframework/middleware/security/securitymiddleware.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php index 0f160d224ad..b4ace5d0e90 100644 --- a/lib/private/appframework/middleware/security/securitymiddleware.php +++ b/lib/private/appframework/middleware/security/securitymiddleware.php @@ -25,7 +25,7 @@ namespace OC\AppFramework\Middleware\Security; use OC\AppFramework\Http; -use OC\AppFramework\Utility\MethodAnnotationReader; +use OC\AppFramework\Utility\ControllerMethodReflector; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Middleware; use OCP\AppFramework\Http\Response; @@ -55,10 +55,13 @@ class SecurityMiddleware extends Middleware { /** * @param IAppContainer $app * @param IRequest $request + * @param ControllerMethodReflector $reflector */ - public function __construct(IAppContainer $app, IRequest $request){ + public function __construct(IAppContainer $app, IRequest $request, + ControllerMethodReflector $reflector){ $this->app = $app; $this->request = $request; + $this->reflector = $reflector; } @@ -72,28 +75,25 @@ class SecurityMiddleware extends Middleware { */ public function beforeController($controller, $methodName){ - // get annotations from comments - $annotationReader = new MethodAnnotationReader($controller, $methodName); - // this will set the current navigation entry of the app, use this only // for normal HTML requests and not for AJAX requests $this->app->getServer()->getNavigationManager()->setActiveEntry($this->app->getAppName()); // security checks - $isPublicPage = $annotationReader->hasAnnotation('PublicPage'); + $isPublicPage = $this->reflector->hasAnnotation('PublicPage'); if(!$isPublicPage) { if(!$this->app->isLoggedIn()) { throw new SecurityException('Current user is not logged in', Http::STATUS_UNAUTHORIZED); } - if(!$annotationReader->hasAnnotation('NoAdminRequired')) { + if(!$this->reflector->hasAnnotation('NoAdminRequired')) { if(!$this->app->isAdminUser()) { throw new SecurityException('Logged in user must be an admin', Http::STATUS_FORBIDDEN); } } } - if(!$annotationReader->hasAnnotation('NoCSRFRequired')) { + if(!$this->reflector->hasAnnotation('NoCSRFRequired')) { if(!$this->request->passesCSRFCheck()) { throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); } |