diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-10-07 00:33:54 +0200 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-10-07 00:33:54 +0200 |
commit | e071bfc14476877b9731bfe84904858444eb1dbd (patch) | |
tree | 9390d2e60965aa8b71bb0f31448aeb6541efbc1d /lib/private/appframework | |
parent | 3829a746a154863dc264bc83aa8bde4970d59949 (diff) | |
download | nextcloud-server-e071bfc14476877b9731bfe84904858444eb1dbd.tar.gz nextcloud-server-e071bfc14476877b9731bfe84904858444eb1dbd.zip |
fixing SecurityMiddleware to use OC6 API
Diffstat (limited to 'lib/private/appframework')
4 files changed, 70 insertions, 20 deletions
diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php index 3755d45fa09..7276a11e4d9 100644 --- a/lib/private/appframework/dependencyinjection/dicontainer.php +++ b/lib/private/appframework/dependencyinjection/dicontainer.php @@ -35,6 +35,7 @@ use OC\AppFramework\Utility\TimeFactory; use OCP\AppFramework\IApi; use OCP\AppFramework\IAppContainer; use OCP\AppFramework\IMiddleWare; +use OCP\AppFramework\Middleware; use OCP\IServerContainer; @@ -86,7 +87,7 @@ class DIContainer extends SimpleContainer implements IAppContainer{ * Middleware */ $this['SecurityMiddleware'] = $this->share(function($c){ - return new SecurityMiddleware($c['API'], $c['Request']); + return new SecurityMiddleware($this, $c['Request']); }); $this['MiddlewareDispatcher'] = $this->share(function($c){ @@ -129,10 +130,10 @@ class DIContainer extends SimpleContainer implements IAppContainer{ } /** - * @param IMiddleWare $middleWare + * @param Middleware $middleWare * @return boolean */ - function registerMiddleWare(IMiddleWare $middleWare) { + function registerMiddleWare(Middleware $middleWare) { array_push($this->middleWares, $middleWare); } @@ -143,4 +144,49 @@ class DIContainer extends SimpleContainer implements IAppContainer{ function getAppName() { return $this->query('AppName'); } + + /** + * @return boolean + */ + function isLoggedIn() { + return \OC_User::isLoggedIn(); + } + + /** + * @return boolean + */ + function isAdminUser() { + $uid = $this->getUserId(); + return \OC_User::isAdminUser($uid); + } + + private function getUserId() { + return \OC::$session->get('user_id'); + } + + /** + * @param $message + * @param $level + * @return mixed + */ + function log($message, $level) { + switch($level){ + case 'debug': + $level = \OCP\Util::DEBUG; + break; + case 'info': + $level = \OCP\Util::INFO; + break; + case 'warn': + $level = \OCP\Util::WARN; + break; + case 'fatal': + $level = \OCP\Util::FATAL; + break; + default: + $level = \OCP\Util::ERROR; + break; + } + \OCP\Util::writeLog($this->getAppName(), $message, $level); + } } diff --git a/lib/private/appframework/http/dispatcher.php b/lib/private/appframework/http/dispatcher.php index ea57a6860cc..2a9ed121488 100644 --- a/lib/private/appframework/http/dispatcher.php +++ b/lib/private/appframework/http/dispatcher.php @@ -24,8 +24,8 @@ namespace OC\AppFramework\Http; -use \OC\AppFramework\Controller\Controller; use \OC\AppFramework\Middleware\MiddlewareDispatcher; +use OCP\AppFramework\Controller\Controller; /** diff --git a/lib/private/appframework/middleware/middlewaredispatcher.php b/lib/private/appframework/middleware/middlewaredispatcher.php index c2377b8844b..c46ddc7cb02 100644 --- a/lib/private/appframework/middleware/middlewaredispatcher.php +++ b/lib/private/appframework/middleware/middlewaredispatcher.php @@ -24,7 +24,7 @@ namespace OC\AppFramework\Middleware; -use OC\AppFramework\Controller\Controller; +use OCP\AppFramework\Controller\Controller; use OCP\AppFramework\Http\Response; use OCP\AppFramework\MiddleWare; diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php index d6daf737bb4..80f3f6d966f 100644 --- a/lib/private/appframework/middleware/security/securitymiddleware.php +++ b/lib/private/appframework/middleware/security/securitymiddleware.php @@ -24,15 +24,14 @@ namespace OC\AppFramework\Middleware\Security; -use OC\AppFramework\Controller\Controller; use OC\AppFramework\Http\Http; -use OC\AppFramework\Http\Request; use OC\AppFramework\Http\RedirectResponse; use OC\AppFramework\Utility\MethodAnnotationReader; -use OC\AppFramework\Core\API; use OCP\AppFramework\Middleware; use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\IAppContainer; +use OCP\IRequest; /** @@ -43,18 +42,22 @@ use OCP\AppFramework\Http\JSONResponse; */ class SecurityMiddleware extends Middleware { - private $api; + /** + * @var \OCP\AppFramework\IAppContainer + */ + private $app; /** - * @var \OC\AppFramework\Http\Request + * @var \OCP\IRequest */ private $request; /** - * @param API $api an instance of the api + * @param IAppContainer $app + * @param IRequest $request */ - public function __construct(API $api, Request $request){ - $this->api = $api; + public function __construct(IAppContainer $app, IRequest $request){ + $this->app = $app; $this->request = $request; } @@ -74,24 +77,24 @@ class SecurityMiddleware extends Middleware { // this will set the current navigation entry of the app, use this only // for normal HTML requests and not for AJAX requests - $this->api->activateNavigationEntry(); + $this->app->getServer()->getNavigationManager()->setActiveEntry($this->api->getAppName()); // security checks $isPublicPage = $annotationReader->hasAnnotation('PublicPage'); if(!$isPublicPage) { - if(!$this->api->isLoggedIn()) { + if(!$this->app->isLoggedIn()) { throw new SecurityException('Current user is not logged in', Http::STATUS_UNAUTHORIZED); } if(!$annotationReader->hasAnnotation('NoAdminRequired')) { - if(!$this->api->isAdminUser($this->api->getUserId())) { + if(!$this->app->isAdminUser()) { throw new SecurityException('Logged in user must be an admin', Http::STATUS_FORBIDDEN); } } } if(!$annotationReader->hasAnnotation('NoCSRFRequired')) { - if(!$this->api->passesCSRFCheck()) { + if(!$this->request->passesCSRFCheck()) { throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); } } @@ -118,12 +121,13 @@ class SecurityMiddleware extends Middleware { array('message' => $exception->getMessage()), $exception->getCode() ); - $this->api->log($exception->getMessage(), 'debug'); + $this->app->log($exception->getMessage(), 'debug'); } else { - $url = $this->api->linkToAbsolute('index.php', ''); // TODO: replace with link to route + // TODO: replace with link to route + $url = $this->app->getServer()->getURLGenerator()->getAbsoluteURL('index.php'); $response = new RedirectResponse($url); - $this->api->log($exception->getMessage(), 'debug'); + $this->app->log($exception->getMessage(), 'debug'); } return $response; |