From 047479ccf9ff332cc249cd08d5c315394f3e48da Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 17 Jul 2024 15:25:51 +0200 Subject: feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling Signed-off-by: Benjamin Gaussorgues --- .../AppFramework/Middleware/Security/SecurityMiddleware.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/private/AppFramework/Middleware') diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index df20c131e03..b8de09072ce 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -17,7 +17,6 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException; use OC\AppFramework\Middleware\Security\Exceptions\SecurityException; use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException; use OC\AppFramework\Utility\ControllerMethodReflector; -use OC\Security\RemoteIpAddress; use OC\Settings\AuthorizedGroupMapper; use OC\User\Session; use OCP\App\AppPathNotFoundException; @@ -42,6 +41,7 @@ use OCP\INavigationManager; use OCP\IRequest; use OCP\IURLGenerator; use OCP\IUserSession; +use OCP\Security\Ip\IRemoteAddress; use OCP\Util; use Psr\Log\LoggerInterface; use ReflectionMethod; @@ -67,7 +67,7 @@ class SecurityMiddleware extends Middleware { private IL10N $l10n, private AuthorizedGroupMapper $groupAuthorizationMapper, private IUserSession $userSession, - private RemoteIpAddress $remoteIpAddress, + private IRemoteAddress $remoteAddress, ) { } @@ -134,7 +134,7 @@ class SecurityMiddleware extends Middleware { if (!$authorized) { throw new NotAdminException($this->l10n->t('Logged in account must be an admin, a sub admin or gotten special right to access this setting')); } - if (!$this->remoteIpAddress->allowsAdminActions()) { + if (!$this->remoteAddress->allowsAdminActions()) { throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions')); } } @@ -151,12 +151,12 @@ class SecurityMiddleware extends Middleware { throw new NotAdminException($this->l10n->t('Logged in account must be an admin')); } if ($this->hasAnnotationOrAttribute($reflectionMethod, 'SubAdminRequired', SubAdminRequired::class) - && !$this->remoteIpAddress->allowsAdminActions()) { + && !$this->remoteAddress->allowsAdminActions()) { throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions')); } if (!$this->hasAnnotationOrAttribute($reflectionMethod, 'SubAdminRequired', SubAdminRequired::class) && !$this->hasAnnotationOrAttribute($reflectionMethod, 'NoAdminRequired', NoAdminRequired::class) - && !$this->remoteIpAddress->allowsAdminActions()) { + && !$this->remoteAddress->allowsAdminActions()) { throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions')); } -- cgit v1.2.3