summaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2017-10-24 19:58:24 +0200
committerGitHub <noreply@github.com>2017-10-24 19:58:24 +0200
commitb88db3a389c8211e58bcbc63674e336783ce81fe (patch)
tree6200429e786f19918bd62cbbd05f4156dcd2b7aa /lib/private
parent93d5500f9aada67e3adef585438aec5382de75ff (diff)
parentce0c45a4eabbe622500a4b621ccc4393720fc5ad (diff)
downloadnextcloud-server-b88db3a389c8211e58bcbc63674e336783ce81fe.tar.gz
nextcloud-server-b88db3a389c8211e58bcbc63674e336783ce81fe.zip
Merge pull request #6921 from nextcloud/appmanager-securitymiddleware
Use proper DI for security middleware for app enabled check
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/AppFramework/DependencyInjection/DIContainer.php3
-rw-r--r--lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php10
2 files changed, 10 insertions, 3 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 2290f0d0045..0ea7eed4ae2 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -230,7 +230,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$app->isAdminUser(),
$server->getContentSecurityPolicyManager(),
$server->getCsrfTokenManager(),
- $server->getContentSecurityPolicyNonceManager()
+ $server->getContentSecurityPolicyNonceManager(),
+ $server->getAppManager()
);
});
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index 4e41c946432..52004987909 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -39,6 +39,7 @@ use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\CSP\ContentSecurityPolicyManager;
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
use OC\Security\CSRF\CsrfTokenManager;
+use OCP\App\IAppManager;
use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
use OCP\AppFramework\Http\RedirectResponse;
@@ -87,6 +88,8 @@ class SecurityMiddleware extends Middleware {
private $csrfTokenManager;
/** @var ContentSecurityPolicyNonceManager */
private $cspNonceManager;
+ /** @var IAppManager */
+ private $appManager;
/**
* @param IRequest $request
@@ -101,6 +104,7 @@ class SecurityMiddleware extends Middleware {
* @param ContentSecurityPolicyManager $contentSecurityPolicyManager
* @param CSRFTokenManager $csrfTokenManager
* @param ContentSecurityPolicyNonceManager $cspNonceManager
+ * @param IAppManager $appManager
*/
public function __construct(IRequest $request,
ControllerMethodReflector $reflector,
@@ -113,7 +117,8 @@ class SecurityMiddleware extends Middleware {
$isAdminUser,
ContentSecurityPolicyManager $contentSecurityPolicyManager,
CsrfTokenManager $csrfTokenManager,
- ContentSecurityPolicyNonceManager $cspNonceManager) {
+ ContentSecurityPolicyNonceManager $cspNonceManager,
+ IAppManager $appManager) {
$this->navigationManager = $navigationManager;
$this->request = $request;
$this->reflector = $reflector;
@@ -126,6 +131,7 @@ class SecurityMiddleware extends Middleware {
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
$this->csrfTokenManager = $csrfTokenManager;
$this->cspNonceManager = $cspNonceManager;
+ $this->appManager = $appManager;
}
/**
@@ -190,7 +196,7 @@ class SecurityMiddleware extends Middleware {
* The getAppPath() check is here since components such as settings also use the AppFramework and
* therefore won't pass this check.
*/
- if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+ if(\OC_App::getAppPath($this->appName) !== false && !$this->appManager->isEnabledForUser($this->appName)) {
throw new AppNotEnabledException();
}