diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-26 11:36:56 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-26 11:36:56 +0100 |
| commit | 2bafb1c6493d67360f9ac6f4997a56664f3f2751 (patch) | |
| tree | 7ccba69806bebf24d2adc790adc363cb184b5e2b /lib/private/server.php | |
| parent | ecf2d178b1c3db3000f4d9c9d65f08ec3890488e (diff) | |
| parent | 12b22c275974ef544adff2029a542d97210c8087 (diff) | |
| download | nextcloud-server-2bafb1c6493d67360f9ac6f4997a56664f3f2751.tar.gz nextcloud-server-2bafb1c6493d67360f9ac6f4997a56664f3f2751.zip | |
Merge pull request #21894 from owncloud/refactor-csrf
Add new CSRF manager for unit testing purposes
Diffstat (limited to 'lib/private/server.php')
| -rw-r--r-- | lib/private/server.php | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/lib/private/server.php b/lib/private/server.php index ee126e0c3e6..b8f4bdb53fe 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -64,6 +64,9 @@ use OC\Mail\Mailer; use OC\Notification\Manager; use OC\Security\CertificateManager; use OC\Security\Crypto; +use OC\Security\CSRF\CsrfTokenGenerator; +use OC\Security\CSRF\CsrfTokenManager; +use OC\Security\CSRF\TokenStorage\SessionStorage; use OC\Security\Hasher; use OC\Security\CredentialsManager; use OC\Security\SecureRandom; @@ -469,12 +472,6 @@ class Server extends ServerContainer implements IServerContainer { $urlParams = []; } - if ($this->getSession()->exists('requesttoken')) { - $requestToken = $this->getSession()->get('requesttoken'); - } else { - $requestToken = false; - } - if (defined('PHPUNIT_RUN') && PHPUNIT_RUN && in_array('fakeinput', stream_get_wrappers()) ) { @@ -495,10 +492,10 @@ class Server extends ServerContainer implements IServerContainer { ? $_SERVER['REQUEST_METHOD'] : null, 'urlParams' => $urlParams, - 'requesttoken' => $requestToken, ], $this->getSecureRandom(), $this->getConfig(), + $this->getCsrfTokenManager(), $stream ); }); @@ -588,6 +585,15 @@ class Server extends ServerContainer implements IServerContainer { $request ); }); + $this->registerService('CsrfTokenManager', function (Server $c) { + $tokenGenerator = new CsrfTokenGenerator($c->getSecureRandom()); + $sessionStorage = new SessionStorage($c->getSession()); + + return new CsrfTokenManager( + $tokenGenerator, + $sessionStorage + ); + }); $this->registerService('ShareManager', function(Server $c) { $config = $c->getConfig(); $factoryClass = $config->getSystemValue('sharing.managerFactory', '\OC\Share20\ProviderFactory'); @@ -1204,6 +1210,13 @@ class Server extends ServerContainer implements IServerContainer { } /** + * @return CsrfTokenManager + */ + public function getCsrfTokenManager() { + return $this->query('CsrfTokenManager'); + } + + /** * Not a public API as of 8.2, wait for 9.0 * * @return \OCA\Files_External\Service\BackendService |