use new controllermethodreflector for corsmiddleware

This commit is contained in:
Bernhard Posselt 2014-05-11 17:55:59 +02:00
parent 474b8f071d
commit 63f2f16b85
3 changed files with 27 additions and 11 deletions

View File

@ -104,7 +104,10 @@ class DIContainer extends SimpleContainer implements IAppContainer{
}); });
$this['CORSMiddleware'] = $this->share(function($c) { $this['CORSMiddleware'] = $this->share(function($c) {
return new CORSMiddleware($c['Request']); return new CORSMiddleware(
$c['Request'],
$c['ControllerMethodReflector']
);
}); });
$middleWares = &$this->middleWares; $middleWares = &$this->middleWares;

View File

@ -11,7 +11,7 @@
namespace OC\AppFramework\Middleware\Security; namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Utility\MethodAnnotationReader; use OC\AppFramework\Utility\ControllerMethodReflector;
use OCP\IRequest; use OCP\IRequest;
use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware; use OCP\AppFramework\Middleware;
@ -25,12 +25,16 @@ use OCP\AppFramework\Middleware;
class CORSMiddleware extends Middleware { class CORSMiddleware extends Middleware {
private $request; private $request;
private $reflector;
/** /**
* @param IRequest $request * @param IRequest $request
* @param ControllerMethodReflector $reflector
*/ */
public function __construct(IRequest $request) { public function __construct(IRequest $request,
ControllerMethodReflector $reflector) {
$this->request = $request; $this->request = $request;
$this->reflector = $reflector;
} }
@ -46,10 +50,9 @@ class CORSMiddleware extends Middleware {
*/ */
public function afterController($controller, $methodName, Response $response){ public function afterController($controller, $methodName, Response $response){
// only react if its a CORS request and if the request sends origin and // only react if its a CORS request and if the request sends origin and
$reflector = new MethodAnnotationReader($controller, $methodName);
if(isset($this->request->server['HTTP_ORIGIN']) && if(isset($this->request->server['HTTP_ORIGIN']) &&
$reflector->hasAnnotation('CORS')) { $this->reflector->hasAnnotation('CORS')) {
// allow credentials headers must not be true or CSRF is possible // allow credentials headers must not be true or CSRF is possible
// otherwise // otherwise

View File

@ -13,11 +13,19 @@
namespace OC\AppFramework\Middleware\Security; namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Http\Request; use OC\AppFramework\Http\Request;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\Response;
class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase { class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
private $reflector;
protected function setUp() {
$this->reflector = new ControllerMethodReflector();
}
/** /**
* @CORS * @CORS
*/ */
@ -25,11 +33,11 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
$request = new Request( $request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test')) array('server' => array('HTTP_ORIGIN' => 'test'))
); );
$this->reflector->reflect($this, __FUNCTION__);
$middleware = new CORSMiddleware($request, $this->reflector);
$middleware = new CORSMiddleware($request);
$response = $middleware->afterController($this, __FUNCTION__, new Response()); $response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders(); $headers = $response->getHeaders();
$this->assertEquals('test', $headers['Access-Control-Allow-Origin']); $this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
} }
@ -38,7 +46,7 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
$request = new Request( $request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test')) array('server' => array('HTTP_ORIGIN' => 'test'))
); );
$middleware = new CORSMiddleware($request); $middleware = new CORSMiddleware($request, $this->reflector);
$response = $middleware->afterController($this, __FUNCTION__, new Response()); $response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders(); $headers = $response->getHeaders();
@ -51,8 +59,9 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
*/ */
public function testNoOriginHeaderNoCORSHEADER() { public function testNoOriginHeaderNoCORSHEADER() {
$request = new Request(); $request = new Request();
$this->reflector->reflect($this, __FUNCTION__);
$middleware = new CORSMiddleware($request, $this->reflector);
$middleware = new CORSMiddleware($request);
$response = $middleware->afterController($this, __FUNCTION__, new Response()); $response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders(); $headers = $response->getHeaders();
$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers)); $this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
@ -67,7 +76,8 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
$request = new Request( $request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test')) array('server' => array('HTTP_ORIGIN' => 'test'))
); );
$middleware = new CORSMiddleware($request); $this->reflector->reflect($this, __FUNCTION__);
$middleware = new CORSMiddleware($request, $this->reflector);
$response = new Response(); $response = new Response();
$response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE'); $response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE');