summaryrefslogtreecommitdiffstats
path: root/lib/private/appframework
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2013-10-07 00:33:54 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2013-10-07 00:33:54 +0200
commite071bfc14476877b9731bfe84904858444eb1dbd (patch)
tree9390d2e60965aa8b71bb0f31448aeb6541efbc1d /lib/private/appframework
parent3829a746a154863dc264bc83aa8bde4970d59949 (diff)
downloadnextcloud-server-e071bfc14476877b9731bfe84904858444eb1dbd.tar.gz
nextcloud-server-e071bfc14476877b9731bfe84904858444eb1dbd.zip
fixing SecurityMiddleware to use OC6 API
Diffstat (limited to 'lib/private/appframework')
-rw-r--r--lib/private/appframework/dependencyinjection/dicontainer.php52
-rw-r--r--lib/private/appframework/http/dispatcher.php2
-rw-r--r--lib/private/appframework/middleware/middlewaredispatcher.php2
-rw-r--r--lib/private/appframework/middleware/security/securitymiddleware.php34
4 files changed, 70 insertions, 20 deletions
diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php
index 3755d45fa09..7276a11e4d9 100644
--- a/lib/private/appframework/dependencyinjection/dicontainer.php
+++ b/lib/private/appframework/dependencyinjection/dicontainer.php
@@ -35,6 +35,7 @@ use OC\AppFramework\Utility\TimeFactory;
use OCP\AppFramework\IApi;
use OCP\AppFramework\IAppContainer;
use OCP\AppFramework\IMiddleWare;
+use OCP\AppFramework\Middleware;
use OCP\IServerContainer;
@@ -86,7 +87,7 @@ class DIContainer extends SimpleContainer implements IAppContainer{
* Middleware
*/
$this['SecurityMiddleware'] = $this->share(function($c){
- return new SecurityMiddleware($c['API'], $c['Request']);
+ return new SecurityMiddleware($this, $c['Request']);
});
$this['MiddlewareDispatcher'] = $this->share(function($c){
@@ -129,10 +130,10 @@ class DIContainer extends SimpleContainer implements IAppContainer{
}
/**
- * @param IMiddleWare $middleWare
+ * @param Middleware $middleWare
* @return boolean
*/
- function registerMiddleWare(IMiddleWare $middleWare) {
+ function registerMiddleWare(Middleware $middleWare) {
array_push($this->middleWares, $middleWare);
}
@@ -143,4 +144,49 @@ class DIContainer extends SimpleContainer implements IAppContainer{
function getAppName() {
return $this->query('AppName');
}
+
+ /**
+ * @return boolean
+ */
+ function isLoggedIn() {
+ return \OC_User::isLoggedIn();
+ }
+
+ /**
+ * @return boolean
+ */
+ function isAdminUser() {
+ $uid = $this->getUserId();
+ return \OC_User::isAdminUser($uid);
+ }
+
+ private function getUserId() {
+ return \OC::$session->get('user_id');
+ }
+
+ /**
+ * @param $message
+ * @param $level
+ * @return mixed
+ */
+ function log($message, $level) {
+ switch($level){
+ case 'debug':
+ $level = \OCP\Util::DEBUG;
+ break;
+ case 'info':
+ $level = \OCP\Util::INFO;
+ break;
+ case 'warn':
+ $level = \OCP\Util::WARN;
+ break;
+ case 'fatal':
+ $level = \OCP\Util::FATAL;
+ break;
+ default:
+ $level = \OCP\Util::ERROR;
+ break;
+ }
+ \OCP\Util::writeLog($this->getAppName(), $message, $level);
+ }
}
diff --git a/lib/private/appframework/http/dispatcher.php b/lib/private/appframework/http/dispatcher.php
index ea57a6860cc..2a9ed121488 100644
--- a/lib/private/appframework/http/dispatcher.php
+++ b/lib/private/appframework/http/dispatcher.php
@@ -24,8 +24,8 @@
namespace OC\AppFramework\Http;
-use \OC\AppFramework\Controller\Controller;
use \OC\AppFramework\Middleware\MiddlewareDispatcher;
+use OCP\AppFramework\Controller\Controller;
/**
diff --git a/lib/private/appframework/middleware/middlewaredispatcher.php b/lib/private/appframework/middleware/middlewaredispatcher.php
index c2377b8844b..c46ddc7cb02 100644
--- a/lib/private/appframework/middleware/middlewaredispatcher.php
+++ b/lib/private/appframework/middleware/middlewaredispatcher.php
@@ -24,7 +24,7 @@
namespace OC\AppFramework\Middleware;
-use OC\AppFramework\Controller\Controller;
+use OCP\AppFramework\Controller\Controller;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\MiddleWare;
diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php
index d6daf737bb4..80f3f6d966f 100644
--- a/lib/private/appframework/middleware/security/securitymiddleware.php
+++ b/lib/private/appframework/middleware/security/securitymiddleware.php
@@ -24,15 +24,14 @@
namespace OC\AppFramework\Middleware\Security;
-use OC\AppFramework\Controller\Controller;
use OC\AppFramework\Http\Http;
-use OC\AppFramework\Http\Request;
use OC\AppFramework\Http\RedirectResponse;
use OC\AppFramework\Utility\MethodAnnotationReader;
-use OC\AppFramework\Core\API;
use OCP\AppFramework\Middleware;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\IAppContainer;
+use OCP\IRequest;
/**
@@ -43,18 +42,22 @@ use OCP\AppFramework\Http\JSONResponse;
*/
class SecurityMiddleware extends Middleware {
- private $api;
+ /**
+ * @var \OCP\AppFramework\IAppContainer
+ */
+ private $app;
/**
- * @var \OC\AppFramework\Http\Request
+ * @var \OCP\IRequest
*/
private $request;
/**
- * @param API $api an instance of the api
+ * @param IAppContainer $app
+ * @param IRequest $request
*/
- public function __construct(API $api, Request $request){
- $this->api = $api;
+ public function __construct(IAppContainer $app, IRequest $request){
+ $this->app = $app;
$this->request = $request;
}
@@ -74,24 +77,24 @@ class SecurityMiddleware extends Middleware {
// this will set the current navigation entry of the app, use this only
// for normal HTML requests and not for AJAX requests
- $this->api->activateNavigationEntry();
+ $this->app->getServer()->getNavigationManager()->setActiveEntry($this->api->getAppName());
// security checks
$isPublicPage = $annotationReader->hasAnnotation('PublicPage');
if(!$isPublicPage) {
- if(!$this->api->isLoggedIn()) {
+ if(!$this->app->isLoggedIn()) {
throw new SecurityException('Current user is not logged in', Http::STATUS_UNAUTHORIZED);
}
if(!$annotationReader->hasAnnotation('NoAdminRequired')) {
- if(!$this->api->isAdminUser($this->api->getUserId())) {
+ if(!$this->app->isAdminUser()) {
throw new SecurityException('Logged in user must be an admin', Http::STATUS_FORBIDDEN);
}
}
}
if(!$annotationReader->hasAnnotation('NoCSRFRequired')) {
- if(!$this->api->passesCSRFCheck()) {
+ if(!$this->request->passesCSRFCheck()) {
throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);
}
}
@@ -118,12 +121,13 @@ class SecurityMiddleware extends Middleware {
array('message' => $exception->getMessage()),
$exception->getCode()
);
- $this->api->log($exception->getMessage(), 'debug');
+ $this->app->log($exception->getMessage(), 'debug');
} else {
- $url = $this->api->linkToAbsolute('index.php', ''); // TODO: replace with link to route
+ // TODO: replace with link to route
+ $url = $this->app->getServer()->getURLGenerator()->getAbsoluteURL('index.php');
$response = new RedirectResponse($url);
- $this->api->log($exception->getMessage(), 'debug');
+ $this->app->log($exception->getMessage(), 'debug');
}
return $response;