Introduce PasswordConfirmRequired annotation
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
Lukas Reschke
parent
d75e35b75e
commit
827b6a610e
|
|
@ -383,6 +383,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
|
|||
$app->getServer()->getNavigationManager(),
|
||||
$app->getServer()->getURLGenerator(),
|
||||
$app->getServer()->getLogger(),
|
||||
$app->getServer()->getSession(),
|
||||
$c['AppName'],
|
||||
$app->isLoggedIn(),
|
||||
$app->isAdminUser(),
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\AppFramework\Middleware\Security\Exceptions;
|
||||
|
||||
use OCP\AppFramework\Http;
|
||||
|
||||
/**
|
||||
* Class NotConfirmedException is thrown when a resource has been requested by a
|
||||
* user that has not confirmed their password in the last 30 minutes.
|
||||
*
|
||||
* @package OC\AppFramework\Middleware\Security\Exceptions
|
||||
*/
|
||||
class NotConfirmedException extends SecurityException {
|
||||
public function __construct() {
|
||||
parent::__construct('Password confirmation is required', Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
}
|
||||
|
|
@ -32,6 +32,7 @@ namespace OC\AppFramework\Middleware\Security;
|
|||
use OC\AppFramework\Middleware\Security\Exceptions\AppNotEnabledException;
|
||||
use OC\AppFramework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException;
|
||||
use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;
|
||||
use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException;
|
||||
use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException;
|
||||
use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException;
|
||||
use OC\AppFramework\Utility\ControllerMethodReflector;
|
||||
|
|
@ -47,6 +48,7 @@ use OCP\AppFramework\Http\Response;
|
|||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\OCSController;
|
||||
use OCP\INavigationManager;
|
||||
use OCP\ISession;
|
||||
use OCP\IURLGenerator;
|
||||
use OCP\IRequest;
|
||||
use OCP\ILogger;
|
||||
|
|
@ -73,6 +75,8 @@ class SecurityMiddleware extends Middleware {
|
|||
private $urlGenerator;
|
||||
/** @var ILogger */
|
||||
private $logger;
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var bool */
|
||||
private $isLoggedIn;
|
||||
/** @var bool */
|
||||
|
|
@ -90,6 +94,7 @@ class SecurityMiddleware extends Middleware {
|
|||
* @param INavigationManager $navigationManager
|
||||
* @param IURLGenerator $urlGenerator
|
||||
* @param ILogger $logger
|
||||
* @param ISession $session
|
||||
* @param string $appName
|
||||
* @param bool $isLoggedIn
|
||||
* @param bool $isAdminUser
|
||||
|
|
@ -102,6 +107,7 @@ class SecurityMiddleware extends Middleware {
|
|||
INavigationManager $navigationManager,
|
||||
IURLGenerator $urlGenerator,
|
||||
ILogger $logger,
|
||||
ISession $session,
|
||||
$appName,
|
||||
$isLoggedIn,
|
||||
$isAdminUser,
|
||||
|
|
@ -114,6 +120,7 @@ class SecurityMiddleware extends Middleware {
|
|||
$this->appName = $appName;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->logger = $logger;
|
||||
$this->session = $session;
|
||||
$this->isLoggedIn = $isLoggedIn;
|
||||
$this->isAdminUser = $isAdminUser;
|
||||
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
|
||||
|
|
@ -150,6 +157,13 @@ class SecurityMiddleware extends Middleware {
|
|||
}
|
||||
}
|
||||
|
||||
if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
|
||||
$lastConfirm = (int) $this->session->get('last-password-confirm');
|
||||
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
|
||||
throw new NotConfirmedException();
|
||||
}
|
||||
}
|
||||
|
||||
// Check for strict cookie requirement
|
||||
if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
|
||||
if(!$this->request->passesStrictCookieCheck()) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue