mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow 2FA providers to specify their custom CSP 

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2017-08-24 14:00:33 +02:00 committed by Roeland Jago Douma
parent cfe5d35862
commit 6676232a56
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/Controller/TwoFactorChallengeController.php
View File

@ -1,4 +1,5 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@ -29,6 +30,7 @@ use OC_Util;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\Authentication\TwoFactorAuth\IProvidesCustomCSP;
use OCP\Authentication\TwoFactorAuth\TwoFactorException;
use OCP\IRequest;
use OCP\ISession;
@ -135,7 +137,11 @@ class TwoFactorChallengeController extends Controller {
'redirect_url' => $redirect_url,
'template' => $tmpl->fetchPage(),
];
return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
$response = new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
if ($provider instanceof IProvidesCustomCSP) {
$response->setContentSecurityPolicy($provider->getCSP());
}
return $response;
}
/**

38
lib/public/Authentication/TwoFactorAuth/IProvidesCustomCSP.php Normal file
View File

@ -0,0 +1,38 @@
<?php
/**
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCP\Authentication\TwoFactorAuth;
use OCP\AppFramework\Http\ContentSecurityPolicy;
/**
* @since 13.0.0
*/
interface IProvidesCustomCSP {
/**
* @return ContentSecurityPolicy
*
* @since 13.0.0
*/
public function getCSP();
}