mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cleanup middleware registering 

Fixes #12224

Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-11-23 11:11:10 +01:00
parent 36b3117d50
commit 54ff913de6
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 87 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
lib/private/AppFramework/DependencyInjection/DIContainer.php
View File

@ -58,9 +58,11 @@ use OCP\Files\IAppData;
use OCP\GlobalScale\IConfig; use OCP\GlobalScale\IConfig;
use OCP\IL10N; use OCP\IL10N;
use OCP\ILogger; use OCP\ILogger;
use OCP\INavigationManager;
use OCP\IRequest; use OCP\IRequest;
use OCP\IServerContainer; use OCP\IServerContainer;
use OCP\ISession; use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUserSession; use OCP\IUserSession;
use OCA\WorkflowEngine\Manager; use OCA\WorkflowEngine\Manager;
@ -69,7 +71,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
/** /**
* @var array * @var array
*/ */
private $middleWares = array(); private $middleWares = [];
/** @var ServerContainer */ /** @var ServerContainer */
private $server; private $server;
@ -102,7 +104,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
/** /**
* Core services * Core services
*/ */
$this->registerService(IOutput::class, function($c){ $this->registerService(IOutput::class, function(){
return new Output($this->getServer()->getWebRoot()); return new Output($this->getServer()->getWebRoot());
}); });
@ -123,7 +125,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
return new OC\AppFramework\Logger($this->server->query(ILogger::class), $c->query('AppName')); return new OC\AppFramework\Logger($this->server->query(ILogger::class), $c->query('AppName'));
}); });
$this->registerService(IServerContainer::class, function ($c) { $this->registerService(IServerContainer::class, function () {
return $this->getServer(); return $this->getServer();
}); });
$this->registerAlias('ServerContainer', IServerContainer::class); $this->registerAlias('ServerContainer', IServerContainer::class);
@ -179,16 +181,35 @@ class DIContainer extends SimpleContainer implements IAppContainer {
/** /**
* Middleware * Middleware
*/ */
$app = $this; $this->registerService('MiddlewareDispatcher', function(SimpleContainer $c) {
$this->registerService('SecurityMiddleware', function($c) use ($app){ $server = $this->getServer();
/** @var \OC\Server $server */
$server = $app->getServer();
return new SecurityMiddleware( $dispatcher = new MiddlewareDispatcher();
$c['Request'], $dispatcher->registerMiddleware(
$server->query(IControllerMethodReflector::class), new OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware(
$server->getNavigationManager(), $c->query(IRequest::class),
$server->getURLGenerator(), $c->query(IControllerMethodReflector::class)
)
);
$dispatcher->registerMiddleware(
new CORSMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class),
$c->query(IUserSession::class),
$c->query(OC\Security\Bruteforce\Throttler::class)
)
);
$dispatcher->registerMiddleware(
new OCSMiddleware(
$c->query(IRequest::class)
)
);
$securityMiddleware = new SecurityMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class),
$c->query(INavigationManager::class),
$c->query(IURLGenerator::class),
$server->getLogger(), $server->getLogger(),
$c['AppName'], $c['AppName'],
$server->getUserSession()->isLoggedIn(), $server->getUserSession()->isLoggedIn(),
@ -199,105 +220,59 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$server->getAppManager(), $server->getAppManager(),
$server->getL10N('lib') $server->getL10N('lib')
); );
}); $dispatcher->registerMiddleware($securityMiddleware);
$dispatcher->registerMiddleware(
$this->registerService(OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware::class, function ($c) use ($app) { new OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware(
/** @var \OC\Server $server */ $c->query(IControllerMethodReflector::class),
$server = $app->getServer(); $c->query(ISession::class),
$c->query(IUserSession::class),
return new OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware( $c->query(ITimeFactory::class)
$c->query(IControllerMethodReflector::class), )
$server->getSession(),
$server->getUserSession(),
$server->query(ITimeFactory::class)
); );
}); $dispatcher->registerMiddleware(
new TwoFactorMiddleware(
$this->registerService('BruteForceMiddleware', function($c) use ($app) { $c->query(OC\Authentication\TwoFactorAuth\Manager::class),
/** @var \OC\Server $server */ $c->query(IUserSession::class),
$server = $app->getServer(); $c->query(ISession::class),
$c->query(IURLGenerator::class),
return new OC\AppFramework\Middleware\Security\BruteForceMiddleware( $c->query(IControllerMethodReflector::class),
$c->query(IControllerMethodReflector::class), $c->query(IRequest::class)
$server->getBruteForceThrottler(), )
$server->getRequest()
); );
}); $dispatcher->registerMiddleware(
new OC\AppFramework\Middleware\Security\BruteForceMiddleware(
$this->registerService('RateLimitingMiddleware', function($c) use ($app) { $c->query(IControllerMethodReflector::class),
/** @var \OC\Server $server */ $c->query(OC\Security\Bruteforce\Throttler::class),
$server = $app->getServer(); $c->query(IRequest::class)
)
return new RateLimitingMiddleware(
$server->getRequest(),
$server->getUserSession(),
$c->query(IControllerMethodReflector::class),
$c->query(OC\Security\RateLimiting\Limiter::class)
); );
}); $dispatcher->registerMiddleware(
new RateLimitingMiddleware(
$this->registerService('CORSMiddleware', function($c) { $c->query(IRequest::class),
return new CORSMiddleware( $c->query(IUserSession::class),
$c['Request'], $c->query(IControllerMethodReflector::class),
$c->query(IControllerMethodReflector::class), $c->query(OC\Security\RateLimiting\Limiter::class)
$c->query(IUserSession::class), )
$c->getServer()->getBruteForceThrottler()
); );
}); $dispatcher->registerMiddleware(
new OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware(
$this->registerService('SessionMiddleware', function($c) use ($app) { $c->query(IRequest::class),
return new SessionMiddleware( $c->query(ISession::class),
$c['Request'], $c->query(\OCP\IConfig::class)
$c->query(IControllerMethodReflector::class), )
$app->getServer()->getSession()
); );
});
$this->registerService('TwoFactorMiddleware', function (SimpleContainer $c) use ($app) { foreach($this->middleWares as $middleWare) {
$twoFactorManager = $c->getServer()->getTwoFactorAuthManager();
$userSession = $app->getServer()->getUserSession();
$session = $app->getServer()->getSession();
$urlGenerator = $app->getServer()->getURLGenerator();
$reflector = $c->query(IControllerMethodReflector::class);
$request = $app->getServer()->getRequest();
return new TwoFactorMiddleware($twoFactorManager, $userSession, $session, $urlGenerator, $reflector, $request);
});
$this->registerService('OCSMiddleware', function (SimpleContainer $c) {
return new OCSMiddleware(
$c['Request']
);
});
$this->registerService(OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware::class, function (SimpleContainer $c) {
return new OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware(
$c['Request'],
$c->query(IControllerMethodReflector::class)
);
});
$middleWares = &$this->middleWares;
$this->registerService('MiddlewareDispatcher', function(SimpleContainer $c) use (&$middleWares) {
$dispatcher = new MiddlewareDispatcher();
$dispatcher->registerMiddleware($c[OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware::class]);
$dispatcher->registerMiddleware($c['CORSMiddleware']);
$dispatcher->registerMiddleware($c['OCSMiddleware']);
$dispatcher->registerMiddleware($c['SecurityMiddleware']);
$dispatcher->registerMiddleware($c[OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware::class]);
$dispatcher->registerMiddleware($c['TwoFactorMiddleware']);
$dispatcher->registerMiddleware($c['BruteForceMiddleware']);
$dispatcher->registerMiddleware($c['RateLimitingMiddleware']);
$dispatcher->registerMiddleware(new OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware(
$c['Request'],
$c->query(ISession::class),
$c->query(\OCP\IConfig::class)
));
foreach($middleWares as $middleWare) {
$dispatcher->registerMiddleware($c[$middleWare]); $dispatcher->registerMiddleware($c[$middleWare]);
} }
$dispatcher->registerMiddleware($c['SessionMiddleware']); $dispatcher->registerMiddleware(
new SessionMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class),
$c->query(ISession::class)
)
);
return $dispatcher; return $dispatcher;
}); });

19
tests/lib/AppFramework/DependencyInjection/DIContainerTest.php
View File

@ -29,6 +29,7 @@ namespace Test\AppFramework\DependencyInjection;
use OC\AppFramework\DependencyInjection\DIContainer; use OC\AppFramework\DependencyInjection\DIContainer;
use \OC\AppFramework\Http\Request; use \OC\AppFramework\Http\Request;
use OC\AppFramework\Middleware\Security\SecurityMiddleware;
use OCP\AppFramework\QueryException; use OCP\AppFramework\QueryException;
use OCP\IConfig; use OCP\IConfig;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
@ -54,17 +55,10 @@ class DIContainerTest extends \Test\TestCase {
$this->assertTrue(isset($this->container['Request'])); $this->assertTrue(isset($this->container['Request']));
} }
public function testProvidesSecurityMiddleware(){
$this->assertTrue(isset($this->container['SecurityMiddleware']));
}
public function testProvidesMiddlewareDispatcher(){ public function testProvidesMiddlewareDispatcher(){
$this->assertTrue(isset($this->container['MiddlewareDispatcher'])); $this->assertTrue(isset($this->container['MiddlewareDispatcher']));
} }
public function testProvidesAppName(){ public function testProvidesAppName(){
$this->assertTrue(isset($this->container['AppName'])); $this->assertTrue(isset($this->container['AppName']));
} }
@ -80,10 +74,17 @@ class DIContainerTest extends \Test\TestCase {
$this->createMock(ISecureRandom::class), $this->createMock(ISecureRandom::class),
$this->createMock(IConfig::class) $this->createMock(IConfig::class)
); );
$security = $this->container['SecurityMiddleware'];
$dispatcher = $this->container['MiddlewareDispatcher']; $dispatcher = $this->container['MiddlewareDispatcher'];
$middlewares = $dispatcher->getMiddlewares();
$this->assertContains($security, $dispatcher->getMiddlewares()); $found = false;
foreach ($middlewares as $middleware) {
if ($middleware instanceof SecurityMiddleware) {
$found = true;
}
}
$this->assertTrue($found);
} }
public function testInvalidAppClass() { public function testInvalidAppClass() {