diff options
| author | Joas Schilling <nickvergessen@owncloud.com> | 2015-09-25 11:08:33 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@owncloud.com> | 2015-09-25 11:08:33 +0200 |
| commit | faba02564a24187e69ebe274078793d66fd1a2a2 (patch) | |
| tree | 204c7294e0a1a61e54c01e233a70e1f922967d48 /lib/private | |
| parent | bf73665a35470432ae939a70eb91ecf9f8933240 (diff) | |
| download | nextcloud-server-faba02564a24187e69ebe274078793d66fd1a2a2.tar.gz nextcloud-server-faba02564a24187e69ebe274078793d66fd1a2a2.zip | |
Move the filtering of sensitive data to the config class
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/allconfig.php | 11 | ||||
| -rw-r--r-- | lib/private/systemconfig.php | 53 |
2 files changed, 64 insertions, 0 deletions
diff --git a/lib/private/allconfig.php b/lib/private/allconfig.php index 63cc92601bb..7c2037e8048 100644 --- a/lib/private/allconfig.php +++ b/lib/private/allconfig.php @@ -119,6 +119,17 @@ class AllConfig implements \OCP\IConfig { } /** + * Looks up a system wide defined value and filters out sensitive data + * + * @param string $key the key of the value, under which it was saved + * @param mixed $default the default value to be returned if the value isn't set + * @return mixed the value or $default + */ + public function getFilteredSystemValue($key, $default = '') { + return $this->systemConfig->getFilteredValue($key, $default); + } + + /** * Delete a system wide defined value * * @param string $key the key of the value, under which it was saved diff --git a/lib/private/systemconfig.php b/lib/private/systemconfig.php index 13b0959768a..3b7930f2842 100644 --- a/lib/private/systemconfig.php +++ b/lib/private/systemconfig.php @@ -28,6 +28,21 @@ namespace OC; * fixes cyclic DI: AllConfig needs AppConfig needs Database needs AllConfig */ class SystemConfig { + + /** @var array */ + protected $sensitiveValues = [ + 'dbpassword' => true, + 'dbuser' => true, + 'mail_smtpname' => true, + 'mail_smtppassword' => true, + 'passwordsalt' => true, + 'secret' => true, + 'ldap_agent_password' => true, + 'objectstore' => ['arguments' => ['password' => true]], + ]; + + const SENSITIVE_VALUE = '***REMOVED SENSITIVE VALUE***'; + /** * Lists all available config keys * @return array an array of key names @@ -68,6 +83,23 @@ class SystemConfig { } /** + * Looks up a system wide defined value and filters out sensitive data + * + * @param string $key the key of the value, under which it was saved + * @param mixed $default the default value to be returned if the value isn't set + * @return mixed the value or $default + */ + public function getFilteredValue($key, $default = '') { + $value = $this->getValue($key, $default); + + if (isset($this->sensitiveValues[$key])) { + $value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value); + } + + return $value; + } + + /** * Delete a system wide defined value * * @param string $key the key of the value, under which it was saved @@ -75,4 +107,25 @@ class SystemConfig { public function deleteValue($key) { \OC_Config::deleteKey($key); } + + /** + * @param bool|array $keysToRemove + * @param mixed $value + * @return mixed + */ + protected function removeSensitiveValue($keysToRemove, $value) { + if ($keysToRemove === true) { + return self::SENSITIVE_VALUE; + } + + if (is_array($value)) { + foreach ($keysToRemove as $keyToRemove => $valueToRemove) { + if (isset($value[$keyToRemove])) { + $value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]); + } + } + } + + return $value; + } } |