diff options
| author | Christoph Wurst <ChristophWurst@users.noreply.github.com> | 2017-01-17 11:01:42 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-17 11:01:42 +0100 |
| commit | 012708e1badebe5dab6260c2e9edb521d5dbfee0 (patch) | |
| tree | cc0e6a1abe9a38b03d1d922a832c78b50b3d87a2 /lib | |
| parent | b1a82969e66fb25d59cfef63d2a8744e374b2500 (diff) | |
| parent | 5dc6899d1a3e11841b62971a52f0aa8e577c3065 (diff) | |
| download | nextcloud-server-012708e1badebe5dab6260c2e9edb521d5dbfee0.tar.gz nextcloud-server-012708e1badebe5dab6260c2e9edb521d5dbfee0.zip | |
Merge pull request #3023 from nextcloud/issue-2915-filter-out-sensitive-appconfigs
Filter out sensitive appconfig values
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/AllConfig.php | 2 | ||||
| -rw-r--r-- | lib/private/AppConfig.php | 55 | ||||
| -rw-r--r-- | lib/private/SystemConfig.php | 1 | ||||
| -rw-r--r-- | lib/public/IAppConfig.php | 9 |
4 files changed, 57 insertions, 10 deletions
diff --git a/lib/private/AllConfig.php b/lib/private/AllConfig.php index a58aec4aeea..1f59e677a54 100644 --- a/lib/private/AllConfig.php +++ b/lib/private/AllConfig.php @@ -68,7 +68,7 @@ class AllConfig implements \OCP\IConfig { /** * @param SystemConfig $systemConfig */ - function __construct(SystemConfig $systemConfig) { + public function __construct(SystemConfig $systemConfig) { $this->userCache = new CappedMemoryCache(); $this->systemConfig = $systemConfig; } diff --git a/lib/private/AppConfig.php b/lib/private/AppConfig.php index d92e8965b5c..06e760e86f6 100644 --- a/lib/private/AppConfig.php +++ b/lib/private/AppConfig.php @@ -29,7 +29,9 @@ namespace OC; +use OC\DB\OracleConnection; use OCP\IAppConfig; +use OCP\IConfig; use OCP\IDBConnection; /** @@ -37,12 +39,22 @@ use OCP\IDBConnection; * database. */ class AppConfig implements IAppConfig { - /** - * @var \OCP\IDBConnection $conn - */ + + /** @var array[] */ + protected $sensitiveValues = [ + 'user_ldap' => [ + 'ldap_agent_password', + ], + ]; + + /** @var \OCP\IDBConnection */ protected $conn; - private $cache = array(); + /** @var array[] */ + private $cache = []; + + /** @var bool */ + private $configLoaded = false; /** * @param IDBConnection $conn @@ -85,6 +97,7 @@ class AppConfig implements IAppConfig { * * @param string $app the app we are looking for * @return array an array of key names + * @deprecated 8.0.0 use method getAppKeys of \OCP\IConfig * * This function gets all keys of an app. Please note that the values are * not returned. @@ -112,6 +125,7 @@ class AppConfig implements IAppConfig { * @param string $key key * @param string $default = null, default value if the key does not exist * @return string the value or $default + * @deprecated 8.0.0 use method getAppValue of \OCP\IConfig * * This function gets a value from the appconfig table. If the key does * not exist the default value will be returned @@ -146,6 +160,7 @@ class AppConfig implements IAppConfig { * @param string $key key * @param string|float|int $value value * @return bool True if the value was inserted or updated, false if the value was the same + * @deprecated 8.0.0 use method setAppValue of \OCP\IConfig */ public function setValue($app, $key, $value) { if (!$this->hasKey($app, $key)) { @@ -182,7 +197,7 @@ class AppConfig implements IAppConfig { * http://docs.oracle.com/cd/E11882_01/server.112/e26088/conditions002.htm#i1033286 * > Large objects (LOBs) are not supported in comparison conditions. */ - if (!($this->conn instanceof \OC\DB\OracleConnection)) { + if (!($this->conn instanceof OracleConnection)) { // Only update the value when it is not the same $sql->andWhere($sql->expr()->neq('configvalue', $sql->createParameter('configvalue'))) ->setParameter('configvalue', $value); @@ -200,7 +215,8 @@ class AppConfig implements IAppConfig { * * @param string $app app * @param string $key key - * @return boolean|null + * @return boolean + * @deprecated 8.0.0 use method deleteAppValue of \OCP\IConfig */ public function deleteKey($app, $key) { $this->loadConfigValues(); @@ -214,13 +230,15 @@ class AppConfig implements IAppConfig { $sql->execute(); unset($this->cache[$app][$key]); + return false; } /** * Remove app from appconfig * * @param string $app app - * @return boolean|null + * @return boolean + * @deprecated 8.0.0 use method deleteAppValue of \OCP\IConfig * * Removes all keys in appconfig belonging to the app. */ @@ -234,6 +252,7 @@ class AppConfig implements IAppConfig { $sql->execute(); unset($this->cache[$app]); + return false; } /** @@ -262,10 +281,30 @@ class AppConfig implements IAppConfig { } /** + * get all values of the app or and filters out sensitive data + * + * @param string $app + * @return array + */ + public function getFilteredValues($app) { + $values = $this->getValues($app, false); + + foreach ($this->sensitiveValues[$app] as $sensitiveKey) { + if (isset($values[$sensitiveKey])) { + $values[$sensitiveKey] = IConfig::SENSITIVE_VALUE; + } + } + + return $values; + } + + /** * Load all the app config values */ protected function loadConfigValues() { - if ($this->configLoaded) return; + if ($this->configLoaded) { + return; + } $this->cache = []; diff --git a/lib/private/SystemConfig.php b/lib/private/SystemConfig.php index 1029a6619ff..e5f1adaf004 100644 --- a/lib/private/SystemConfig.php +++ b/lib/private/SystemConfig.php @@ -44,7 +44,6 @@ class SystemConfig { 'passwordsalt' => true, 'secret' => true, 'updater.secret' => true, - 'ldap_agent_password' => true, 'proxyuserpwd' => true, 'log.condition' => [ 'shared_secret' => true, diff --git a/lib/public/IAppConfig.php b/lib/public/IAppConfig.php index 01aca47ad81..4a92a224840 100644 --- a/lib/public/IAppConfig.php +++ b/lib/public/IAppConfig.php @@ -87,6 +87,15 @@ interface IAppConfig { public function getValues($app, $key); /** + * get all values of the app or and filters out sensitive data + * + * @param string $app + * @return array + * @since 12.0.0 + */ + public function getFilteredValues($app); + + /** * sets a value in the appconfig * @param string $app app * @param string $key key |