diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-01-25 17:15:54 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-01-25 20:03:40 +0100 |
| commit | a977465af5834a76b1e98854a2c9bfbe413c218c (patch) | |
| tree | 7a47d606f7935ac7de09fe8169188691cc9e4373 /lib/private/server.php | |
| parent | 37f5f5077a59d69723965d1345536d46605589f5 (diff) | |
| download | nextcloud-server-a977465af5834a76b1e98854a2c9bfbe413c218c.tar.gz nextcloud-server-a977465af5834a76b1e98854a2c9bfbe413c218c.zip | |
Add new CSRF manager for unit testing purposes
This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly.
Diffstat (limited to 'lib/private/server.php')
| -rw-r--r-- | lib/private/server.php | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/lib/private/server.php b/lib/private/server.php index 6e9c5ca0c68..eca7ac348ef 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -64,6 +64,9 @@ use OC\Mail\Mailer; use OC\Notification\Manager; use OC\Security\CertificateManager; use OC\Security\Crypto; +use OC\Security\CSRF\CsrfTokenGenerator; +use OC\Security\CSRF\CsrfTokenManager; +use OC\Security\CSRF\TokenStorage\SessionStorage; use OC\Security\Hasher; use OC\Security\CredentialsManager; use OC\Security\SecureRandom; @@ -469,12 +472,6 @@ class Server extends ServerContainer implements IServerContainer { $urlParams = []; } - if ($this->getSession()->exists('requesttoken')) { - $requestToken = $this->getSession()->get('requesttoken'); - } else { - $requestToken = false; - } - if (defined('PHPUNIT_RUN') && PHPUNIT_RUN && in_array('fakeinput', stream_get_wrappers()) ) { @@ -495,10 +492,10 @@ class Server extends ServerContainer implements IServerContainer { ? $_SERVER['REQUEST_METHOD'] : null, 'urlParams' => $urlParams, - 'requesttoken' => $requestToken, ], $this->getSecureRandom(), $this->getConfig(), + $this->getCsrfTokenManager(), $stream ); }); @@ -588,6 +585,15 @@ class Server extends ServerContainer implements IServerContainer { $request ); }); + $this->registerService('CsrfTokenManager', function (Server $c) { + $tokenGenerator = new CsrfTokenGenerator($c->getSecureRandom()); + $sessionStorage = new SessionStorage($c->getSession()); + + return new CsrfTokenManager( + $tokenGenerator, + $sessionStorage + ); + }); $this->registerService('ShareManager', function(Server $c) { $config = $c->getConfig(); $factoryClass = $config->getSystemValue('sharing.managerFactory', '\OC\Share20\ProviderFactory'); @@ -1205,6 +1211,13 @@ class Server extends ServerContainer implements IServerContainer { } /** + * @return CsrfTokenManager + */ + public function getCsrfTokenManager() { + return $this->query('CsrfTokenManager'); + } + + /** * Not a public API as of 8.2, wait for 9.0 * * @return \OCA\Files_External\Service\BackendService |