From 047479ccf9ff332cc249cd08d5c315394f3e48da Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 17 Jul 2024 15:25:51 +0200
Subject: feat(security): Add public API to allow validating IP Ranges and
 checking for "in range"

Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
---
 .../AppFramework/Middleware/Security/SecurityMiddleware.php    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'lib/private/AppFramework/Middleware')

diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index df20c131e03..b8de09072ce 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -17,7 +17,6 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException;
 use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
 use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException;
 use OC\AppFramework\Utility\ControllerMethodReflector;
-use OC\Security\RemoteIpAddress;
 use OC\Settings\AuthorizedGroupMapper;
 use OC\User\Session;
 use OCP\App\AppPathNotFoundException;
@@ -42,6 +41,7 @@ use OCP\INavigationManager;
 use OCP\IRequest;
 use OCP\IURLGenerator;
 use OCP\IUserSession;
+use OCP\Security\Ip\IRemoteAddress;
 use OCP\Util;
 use Psr\Log\LoggerInterface;
 use ReflectionMethod;
@@ -67,7 +67,7 @@ class SecurityMiddleware extends Middleware {
 		private IL10N $l10n,
 		private AuthorizedGroupMapper $groupAuthorizationMapper,
 		private IUserSession $userSession,
-		private RemoteIpAddress $remoteIpAddress,
+		private IRemoteAddress $remoteAddress,
 	) {
 	}
 
@@ -134,7 +134,7 @@ class SecurityMiddleware extends Middleware {
 				if (!$authorized) {
 					throw new NotAdminException($this->l10n->t('Logged in account must be an admin, a sub admin or gotten special right to access this setting'));
 				}
-				if (!$this->remoteIpAddress->allowsAdminActions()) {
+				if (!$this->remoteAddress->allowsAdminActions()) {
 					throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions'));
 				}
 			}
@@ -151,12 +151,12 @@ class SecurityMiddleware extends Middleware {
 				throw new NotAdminException($this->l10n->t('Logged in account must be an admin'));
 			}
 			if ($this->hasAnnotationOrAttribute($reflectionMethod, 'SubAdminRequired', SubAdminRequired::class)
-				&& !$this->remoteIpAddress->allowsAdminActions()) {
+				&& !$this->remoteAddress->allowsAdminActions()) {
 				throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions'));
 			}
 			if (!$this->hasAnnotationOrAttribute($reflectionMethod, 'SubAdminRequired', SubAdminRequired::class)
 				&& !$this->hasAnnotationOrAttribute($reflectionMethod, 'NoAdminRequired', NoAdminRequired::class)
-				&& !$this->remoteIpAddress->allowsAdminActions()) {
+				&& !$this->remoteAddress->allowsAdminActions()) {
 				throw new AdminIpNotAllowedException($this->l10n->t('Your current IP address doesn’t allow you to perform admin actions'));
 			}
 
-- 
cgit v1.2.3