diff options
Diffstat (limited to 'lib/private/server.php')
-rw-r--r-- | lib/private/server.php | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/lib/private/server.php b/lib/private/server.php index 6e9c5ca0c68..eca7ac348ef 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -64,6 +64,9 @@ use OC\Mail\Mailer; use OC\Notification\Manager; use OC\Security\CertificateManager; use OC\Security\Crypto; +use OC\Security\CSRF\CsrfTokenGenerator; +use OC\Security\CSRF\CsrfTokenManager; +use OC\Security\CSRF\TokenStorage\SessionStorage; use OC\Security\Hasher; use OC\Security\CredentialsManager; use OC\Security\SecureRandom; @@ -469,12 +472,6 @@ class Server extends ServerContainer implements IServerContainer { $urlParams = []; } - if ($this->getSession()->exists('requesttoken')) { - $requestToken = $this->getSession()->get('requesttoken'); - } else { - $requestToken = false; - } - if (defined('PHPUNIT_RUN') && PHPUNIT_RUN && in_array('fakeinput', stream_get_wrappers()) ) { @@ -495,10 +492,10 @@ class Server extends ServerContainer implements IServerContainer { ? $_SERVER['REQUEST_METHOD'] : null, 'urlParams' => $urlParams, - 'requesttoken' => $requestToken, ], $this->getSecureRandom(), $this->getConfig(), + $this->getCsrfTokenManager(), $stream ); }); @@ -588,6 +585,15 @@ class Server extends ServerContainer implements IServerContainer { $request ); }); + $this->registerService('CsrfTokenManager', function (Server $c) { + $tokenGenerator = new CsrfTokenGenerator($c->getSecureRandom()); + $sessionStorage = new SessionStorage($c->getSession()); + + return new CsrfTokenManager( + $tokenGenerator, + $sessionStorage + ); + }); $this->registerService('ShareManager', function(Server $c) { $config = $c->getConfig(); $factoryClass = $config->getSystemValue('sharing.managerFactory', '\OC\Share20\ProviderFactory'); @@ -1205,6 +1211,13 @@ class Server extends ServerContainer implements IServerContainer { } /** + * @return CsrfTokenManager + */ + public function getCsrfTokenManager() { + return $this->query('CsrfTokenManager'); + } + + /** * Not a public API as of 8.2, wait for 9.0 * * @return \OCA\Files_External\Service\BackendService |