Merge pull request #19360 from owncloud/move-filter-method-into-config-object
Move the filtering of sensitive data to the config class
This commit is contained in:
commit
787c668b39
|
@ -207,6 +207,7 @@ class Expiration_Test extends \PHPUnit_Framework_TestCase {
|
|||
'setSystemValues',
|
||||
'setSystemValue',
|
||||
'getSystemValue',
|
||||
'getFilteredSystemValue',
|
||||
'deleteSystemValue',
|
||||
'getAppKeys',
|
||||
'setAppValue',
|
||||
|
|
|
@ -177,6 +177,7 @@ class Expiration_Test extends \Test\TestCase {
|
|||
'setSystemValues',
|
||||
'setSystemValue',
|
||||
'getSystemValue',
|
||||
'getFilteredSystemValue',
|
||||
'deleteSystemValue',
|
||||
'getAppKeys',
|
||||
'setAppValue',
|
||||
|
|
|
@ -32,20 +32,6 @@ use Symfony\Component\Console\Output\OutputInterface;
|
|||
class ListConfigs extends Base {
|
||||
protected $defaultOutputFormat = self::OUTPUT_FORMAT_JSON_PRETTY;
|
||||
|
||||
/** @var array */
|
||||
protected $sensitiveValues = [
|
||||
'dbpassword' => true,
|
||||
'dbuser' => true,
|
||||
'mail_smtpname' => true,
|
||||
'mail_smtppassword' => true,
|
||||
'passwordsalt' => true,
|
||||
'secret' => true,
|
||||
'ldap_agent_password' => true,
|
||||
'objectstore' => ['arguments' => ['password' => true]],
|
||||
];
|
||||
|
||||
const SENSITIVE_VALUE = '***REMOVED SENSITIVE VALUE***';
|
||||
|
||||
/** * @var SystemConfig */
|
||||
protected $systemConfig;
|
||||
|
||||
|
@ -127,10 +113,10 @@ class ListConfigs extends Base {
|
|||
|
||||
$configs = [];
|
||||
foreach ($keys as $key) {
|
||||
$value = $this->systemConfig->getValue($key, serialize(null));
|
||||
|
||||
if ($noSensitiveValues && isset($this->sensitiveValues[$key])) {
|
||||
$value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value);
|
||||
if ($noSensitiveValues) {
|
||||
$value = $this->systemConfig->getFilteredValue($key, serialize(null));
|
||||
} else {
|
||||
$value = $this->systemConfig->getValue($key, serialize(null));
|
||||
}
|
||||
|
||||
if ($value !== 'N;') {
|
||||
|
@ -140,25 +126,4 @@ class ListConfigs extends Base {
|
|||
|
||||
return $configs;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param bool|array $keysToRemove
|
||||
* @param mixed $value
|
||||
* @return mixed
|
||||
*/
|
||||
protected function removeSensitiveValue($keysToRemove, $value) {
|
||||
if ($keysToRemove === true) {
|
||||
return self::SENSITIVE_VALUE;
|
||||
}
|
||||
|
||||
if (is_array($value)) {
|
||||
foreach ($keysToRemove as $keyToRemove => $valueToRemove) {
|
||||
if (isset($value[$keyToRemove])) {
|
||||
$value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -118,6 +118,17 @@ class AllConfig implements \OCP\IConfig {
|
|||
return $this->systemConfig->getValue($key, $default);
|
||||
}
|
||||
|
||||
/**
|
||||
* Looks up a system wide defined value and filters out sensitive data
|
||||
*
|
||||
* @param string $key the key of the value, under which it was saved
|
||||
* @param mixed $default the default value to be returned if the value isn't set
|
||||
* @return mixed the value or $default
|
||||
*/
|
||||
public function getFilteredSystemValue($key, $default = '') {
|
||||
return $this->systemConfig->getFilteredValue($key, $default);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete a system wide defined value
|
||||
*
|
||||
|
|
|
@ -22,12 +22,28 @@
|
|||
|
||||
namespace OC;
|
||||
|
||||
|
||||
use OCP\IConfig;
|
||||
|
||||
/**
|
||||
* Class which provides access to the system config values stored in config.php
|
||||
* Internal class for bootstrap only.
|
||||
* fixes cyclic DI: AllConfig needs AppConfig needs Database needs AllConfig
|
||||
*/
|
||||
class SystemConfig {
|
||||
|
||||
/** @var array */
|
||||
protected $sensitiveValues = [
|
||||
'dbpassword' => true,
|
||||
'dbuser' => true,
|
||||
'mail_smtpname' => true,
|
||||
'mail_smtppassword' => true,
|
||||
'passwordsalt' => true,
|
||||
'secret' => true,
|
||||
'ldap_agent_password' => true,
|
||||
'objectstore' => ['arguments' => ['password' => true]],
|
||||
];
|
||||
|
||||
/**
|
||||
* Lists all available config keys
|
||||
* @return array an array of key names
|
||||
|
@ -67,6 +83,23 @@ class SystemConfig {
|
|||
return \OC_Config::getValue($key, $default);
|
||||
}
|
||||
|
||||
/**
|
||||
* Looks up a system wide defined value and filters out sensitive data
|
||||
*
|
||||
* @param string $key the key of the value, under which it was saved
|
||||
* @param mixed $default the default value to be returned if the value isn't set
|
||||
* @return mixed the value or $default
|
||||
*/
|
||||
public function getFilteredValue($key, $default = '') {
|
||||
$value = $this->getValue($key, $default);
|
||||
|
||||
if (isset($this->sensitiveValues[$key])) {
|
||||
$value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value);
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete a system wide defined value
|
||||
*
|
||||
|
@ -75,4 +108,25 @@ class SystemConfig {
|
|||
public function deleteValue($key) {
|
||||
\OC_Config::deleteKey($key);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param bool|array $keysToRemove
|
||||
* @param mixed $value
|
||||
* @return mixed
|
||||
*/
|
||||
protected function removeSensitiveValue($keysToRemove, $value) {
|
||||
if ($keysToRemove === true) {
|
||||
return IConfig::SENSITIVE_VALUE;
|
||||
}
|
||||
|
||||
if (is_array($value)) {
|
||||
foreach ($keysToRemove as $keyToRemove => $valueToRemove) {
|
||||
if (isset($value[$keyToRemove])) {
|
||||
$value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -40,6 +40,11 @@ namespace OCP;
|
|||
* @since 6.0.0
|
||||
*/
|
||||
interface IConfig {
|
||||
/**
|
||||
* @since 8.2.0
|
||||
*/
|
||||
const SENSITIVE_VALUE = '***REMOVED SENSITIVE VALUE***';
|
||||
|
||||
/**
|
||||
* Sets and deletes system wide values
|
||||
*
|
||||
|
@ -68,6 +73,16 @@ interface IConfig {
|
|||
*/
|
||||
public function getSystemValue($key, $default = '');
|
||||
|
||||
/**
|
||||
* Looks up a system wide defined value and filters out sensitive data
|
||||
*
|
||||
* @param string $key the key of the value, under which it was saved
|
||||
* @param mixed $default the default value to be returned if the value isn't set
|
||||
* @return mixed the value or $default
|
||||
* @since 8.2.0
|
||||
*/
|
||||
public function getFilteredSystemValue($key, $default = '');
|
||||
|
||||
/**
|
||||
* Delete a system wide defined value
|
||||
*
|
||||
|
|
|
@ -23,6 +23,7 @@ namespace Tests\Core\Command\Config;
|
|||
|
||||
|
||||
use OC\Core\Command\Config\ListConfigs;
|
||||
use OCP\IConfig;
|
||||
use Test\TestCase;
|
||||
|
||||
class ListConfigsTest extends TestCase {
|
||||
|
@ -66,7 +67,7 @@ class ListConfigsTest extends TestCase {
|
|||
'overwrite.cli.url',
|
||||
],
|
||||
[
|
||||
['secret', 'N;', 'my secret'],
|
||||
['secret', 'N;', IConfig::SENSITIVE_VALUE],
|
||||
['overwrite.cli.url', 'N;', 'http://localhost'],
|
||||
],
|
||||
// app config
|
||||
|
@ -81,7 +82,7 @@ class ListConfigsTest extends TestCase {
|
|||
false,
|
||||
json_encode([
|
||||
'system' => [
|
||||
'secret' => ListConfigs::SENSITIVE_VALUE,
|
||||
'secret' => IConfig::SENSITIVE_VALUE,
|
||||
'overwrite.cli.url' => 'http://localhost',
|
||||
],
|
||||
'apps' => [
|
||||
|
@ -139,12 +140,12 @@ class ListConfigsTest extends TestCase {
|
|||
'overwrite.cli.url',
|
||||
],
|
||||
[
|
||||
['secret', 'N;', 'my secret'],
|
||||
['secret', 'N;', IConfig::SENSITIVE_VALUE],
|
||||
['objectstore', 'N;', [
|
||||
'class' => 'OC\\Files\\ObjectStore\\Swift',
|
||||
'arguments' => [
|
||||
'username' => 'facebook100000123456789',
|
||||
'password' => 'Secr3tPaSSWoRdt7',
|
||||
'password' => IConfig::SENSITIVE_VALUE,
|
||||
],
|
||||
]],
|
||||
['overwrite.cli.url', 'N;', 'http://localhost'],
|
||||
|
@ -161,12 +162,12 @@ class ListConfigsTest extends TestCase {
|
|||
false,
|
||||
json_encode([
|
||||
'system' => [
|
||||
'secret' => ListConfigs::SENSITIVE_VALUE,
|
||||
'secret' => IConfig::SENSITIVE_VALUE,
|
||||
'objectstore' => [
|
||||
'class' => 'OC\\Files\\ObjectStore\\Swift',
|
||||
'arguments' => [
|
||||
'username' => 'facebook100000123456789',
|
||||
'password' => ListConfigs::SENSITIVE_VALUE,
|
||||
'password' => IConfig::SENSITIVE_VALUE,
|
||||
],
|
||||
],
|
||||
'overwrite.cli.url' => 'http://localhost',
|
||||
|
@ -276,9 +277,15 @@ class ListConfigsTest extends TestCase {
|
|||
$this->systemConfig->expects($this->any())
|
||||
->method('getKeys')
|
||||
->willReturn($systemConfigs);
|
||||
$this->systemConfig->expects($this->any())
|
||||
->method('getValue')
|
||||
->willReturnMap($systemConfigMap);
|
||||
if ($private) {
|
||||
$this->systemConfig->expects($this->any())
|
||||
->method('getValue')
|
||||
->willReturnMap($systemConfigMap);
|
||||
} else {
|
||||
$this->systemConfig->expects($this->any())
|
||||
->method('getFilteredValue')
|
||||
->willReturnMap($systemConfigMap);
|
||||
}
|
||||
|
||||
$this->appConfig->expects($this->any())
|
||||
->method('getApps')
|
||||
|
|
Loading…
Reference in New Issue