From 82cd86a2079c515df5889648c828c29e51424dab Mon Sep 17 00:00:00 2001 From: VicDeo Date: Thu, 8 Sep 2016 22:54:14 +0300 Subject: Allow one more origin. Log the reason of occ controller failure (#26031) * Log the reason of occ controller failure * Allow requests from SERVER_ADDR --- core/Controller/OccController.php | 23 ++++++++++++++++++++--- tests/Core/Controller/OccControllerTest.php | 10 +++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/core/Controller/OccController.php b/core/Controller/OccController.php index 917d02f37f1..0d63c131789 100644 --- a/core/Controller/OccController.php +++ b/core/Controller/OccController.php @@ -26,6 +26,7 @@ use OCP\AppFramework\Http\JSONResponse; use OC\Console\Application; use OCP\IConfig; use OCP\IRequest; +use OCP\ILogger; use Symfony\Component\Console\Input\ArrayInput; use Symfony\Component\Console\Output\BufferedOutput; @@ -48,6 +49,8 @@ class OccController extends Controller { private $config; /** @var Application */ private $console; + /** @var ILogger */ + private $logger; /** * OccController constructor. @@ -56,12 +59,14 @@ class OccController extends Controller { * @param IRequest $request * @param IConfig $config * @param Application $console + * @param ILogger $logger */ public function __construct($appName, IRequest $request, - IConfig $config, Application $console) { + IConfig $config, Application $console, ILogger $logger) { parent::__construct($appName, $request); $this->config = $config; $this->console = $console; + $this->logger = $logger; } /** @@ -108,6 +113,13 @@ class OccController extends Controller { ]; } catch (\UnexpectedValueException $e){ + $this->logger->warning( + 'Invalid request to occ controller. Details: "{details}"', + [ + 'app' => 'core', + 'details' => $e->getMessage() + ] + ); $json = [ 'exitCode' => 126, 'response' => 'Not allowed', @@ -123,8 +135,13 @@ class OccController extends Controller { * @param $token */ protected function validateRequest($command, $token){ - if (!in_array($this->request->getRemoteAddress(), ['::1', '127.0.0.1', 'localhost'])) { - throw new \UnexpectedValueException('Web executor is not allowed to run from a different host'); + $allowedHosts = ['::1', '127.0.0.1', 'localhost']; + if (isset($this->request->server['SERVER_ADDR'])){ + array_push($allowedHosts, $this->request->server['SERVER_ADDR']); + } + + if (!in_array($this->request->getRemoteAddress(), $allowedHosts)) { + throw new \UnexpectedValueException('Web executor is not allowed to run from a host ' . $this->request->getRemoteAddress()); } if (!in_array($command, $this->allowedCommands)) { diff --git a/tests/Core/Controller/OccControllerTest.php b/tests/Core/Controller/OccControllerTest.php index 682d9170096..46221d68b54 100644 --- a/tests/Core/Controller/OccControllerTest.php +++ b/tests/Core/Controller/OccControllerTest.php @@ -46,7 +46,8 @@ class OccControllerTest extends TestCase { private $console; public function testFromInvalidLocation(){ - $this->getControllerMock('example.org'); + $fakeHost = 'example.org'; + $this->getControllerMock($fakeHost); $response = $this->controller->execute('status', ''); $responseData = $response->getData(); @@ -55,7 +56,7 @@ class OccControllerTest extends TestCase { $this->assertEquals(126, $responseData['exitCode']); $this->assertArrayHasKey('details', $responseData); - $this->assertEquals('Web executor is not allowed to run from a different host', $responseData['details']); + $this->assertEquals('Web executor is not allowed to run from a host ' . $fakeHost, $responseData['details']); } public function testNotWhiteListedCommand(){ @@ -136,7 +137,10 @@ class OccControllerTest extends TestCase { 'core', $this->request, $this->config, - $this->console + $this->console, + $this->getMockBuilder('\OCP\ILogger') + ->disableOriginalConstructor() + ->getMock() ); } -- cgit v1.2.3