diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-09-25 14:05:04 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-09-25 14:05:04 +0200 |
| commit | 787c668b39f51f0ffe5741d980eaf3472155abff (patch) | |
| tree | 17a49a3b4ac03273113eaec61eda571ce1a5b028 /lib | |
| parent | 68bf4440d327e5eea71bcbf282640e3c115ec59c (diff) | |
| parent | ab69a226065d576120d629f857464633fb5d17d9 (diff) | |
| download | nextcloud-server-787c668b39f51f0ffe5741d980eaf3472155abff.tar.gz nextcloud-server-787c668b39f51f0ffe5741d980eaf3472155abff.zip | |
Merge pull request #19360 from owncloud/move-filter-method-into-config-object
Move the filtering of sensitive data to the config class
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/allconfig.php | 11 | ||||
| -rw-r--r-- | lib/private/systemconfig.php | 54 | ||||
| -rw-r--r-- | lib/public/iconfig.php | 15 |
3 files changed, 80 insertions, 0 deletions
diff --git a/lib/private/allconfig.php b/lib/private/allconfig.php index 63cc92601bb..7c2037e8048 100644 --- a/lib/private/allconfig.php +++ b/lib/private/allconfig.php @@ -119,6 +119,17 @@ class AllConfig implements \OCP\IConfig { } /** + * Looks up a system wide defined value and filters out sensitive data + * + * @param string $key the key of the value, under which it was saved + * @param mixed $default the default value to be returned if the value isn't set + * @return mixed the value or $default + */ + public function getFilteredSystemValue($key, $default = '') { + return $this->systemConfig->getFilteredValue($key, $default); + } + + /** * Delete a system wide defined value * * @param string $key the key of the value, under which it was saved diff --git a/lib/private/systemconfig.php b/lib/private/systemconfig.php index 13b0959768a..94b815aebd7 100644 --- a/lib/private/systemconfig.php +++ b/lib/private/systemconfig.php @@ -22,12 +22,28 @@ namespace OC; + +use OCP\IConfig; + /** * Class which provides access to the system config values stored in config.php * Internal class for bootstrap only. * fixes cyclic DI: AllConfig needs AppConfig needs Database needs AllConfig */ class SystemConfig { + + /** @var array */ + protected $sensitiveValues = [ + 'dbpassword' => true, + 'dbuser' => true, + 'mail_smtpname' => true, + 'mail_smtppassword' => true, + 'passwordsalt' => true, + 'secret' => true, + 'ldap_agent_password' => true, + 'objectstore' => ['arguments' => ['password' => true]], + ]; + /** * Lists all available config keys * @return array an array of key names @@ -68,6 +84,23 @@ class SystemConfig { } /** + * Looks up a system wide defined value and filters out sensitive data + * + * @param string $key the key of the value, under which it was saved + * @param mixed $default the default value to be returned if the value isn't set + * @return mixed the value or $default + */ + public function getFilteredValue($key, $default = '') { + $value = $this->getValue($key, $default); + + if (isset($this->sensitiveValues[$key])) { + $value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value); + } + + return $value; + } + + /** * Delete a system wide defined value * * @param string $key the key of the value, under which it was saved @@ -75,4 +108,25 @@ class SystemConfig { public function deleteValue($key) { \OC_Config::deleteKey($key); } + + /** + * @param bool|array $keysToRemove + * @param mixed $value + * @return mixed + */ + protected function removeSensitiveValue($keysToRemove, $value) { + if ($keysToRemove === true) { + return IConfig::SENSITIVE_VALUE; + } + + if (is_array($value)) { + foreach ($keysToRemove as $keyToRemove => $valueToRemove) { + if (isset($value[$keyToRemove])) { + $value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]); + } + } + } + + return $value; + } } diff --git a/lib/public/iconfig.php b/lib/public/iconfig.php index ff0b6c6a5b0..933eef97ae1 100644 --- a/lib/public/iconfig.php +++ b/lib/public/iconfig.php @@ -41,6 +41,11 @@ namespace OCP; */ interface IConfig { /** + * @since 8.2.0 + */ + const SENSITIVE_VALUE = '***REMOVED SENSITIVE VALUE***'; + + /** * Sets and deletes system wide values * * @param array $configs Associative array with `key => value` pairs @@ -69,6 +74,16 @@ interface IConfig { public function getSystemValue($key, $default = ''); /** + * Looks up a system wide defined value and filters out sensitive data + * + * @param string $key the key of the value, under which it was saved + * @param mixed $default the default value to be returned if the value isn't set + * @return mixed the value or $default + * @since 8.2.0 + */ + public function getFilteredSystemValue($key, $default = ''); + + /** * Delete a system wide defined value * * @param string $key the key of the value, under which it was saved |