Merge pull request #8743 from nextcloud/strict_settings

Strict settings
This commit is contained in:
Roeland Jago Douma 2018-03-12 12:37:03 +01:00 committed by GitHub
commit af89db3407
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 56 additions and 114 deletions

View File

@ -1,4 +1,5 @@
<?php <?php
declare(strict_types=1);
/** /**
* *
* *
@ -26,12 +27,12 @@
*/ */
namespace OC\Settings\Controller; namespace OC\Settings\Controller;
use OC\Group\Manager as GroupManager;
use OC\HintException; use OC\HintException;
use OC\User\Session; use OC\User\Session;
use OCP\App\IAppManager; use OCP\App\IAppManager;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\JSONResponse;
use OCP\IGroupManager;
use OCP\IL10N; use OCP\IL10N;
use OCP\IRequest; use OCP\IRequest;
use OCP\IUser; use OCP\IUser;
@ -49,7 +50,7 @@ class ChangePasswordController extends Controller {
/** @var IL10N */ /** @var IL10N */
private $l; private $l;
/** @var IGroupManager */ /** @var GroupManager */
private $groupManager; private $groupManager;
/** @var Session */ /** @var Session */
@ -58,24 +59,12 @@ class ChangePasswordController extends Controller {
/** @var IAppManager */ /** @var IAppManager */
private $appManager; private $appManager;
/** public function __construct(string $appName,
* ChangePasswordController constructor.
*
* @param string $appName
* @param IRequest $request
* @param $userId
* @param IUserManager $userManager
* @param IUserSession $userSession
* @param IGroupManager $groupManager
* @param IAppManager $appManager
* @param IL10N $l
*/
public function __construct($appName,
IRequest $request, IRequest $request,
$userId, string $userId,
IUserManager $userManager, IUserManager $userManager,
IUserSession $userSession, IUserSession $userSession,
IGroupManager $groupManager, GroupManager $groupManager,
IAppManager $appManager, IAppManager $appManager,
IL10N $l) { IL10N $l) {
parent::__construct($appName, $request); parent::__construct($appName, $request);
@ -98,7 +87,7 @@ class ChangePasswordController extends Controller {
* *
* @return JSONResponse * @return JSONResponse
*/ */
public function changePersonalPassword($oldpassword = '', $newpassword = null) { public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse {
/** @var IUser $user */ /** @var IUser $user */
$user = $this->userManager->checkPassword($this->userId, $oldpassword); $user = $this->userManager->checkPassword($this->userId, $oldpassword);
if ($user === false) { if ($user === false) {
@ -148,7 +137,7 @@ class ChangePasswordController extends Controller {
* *
* @return JSONResponse * @return JSONResponse
*/ */
public function changeUserPassword($username = null, $password = null, $recoveryPassword = null) { public function changeUserPassword(string $username = null, string $password = null, string $recoveryPassword = null): JSONResponse {
if ($username === null) { if ($username === null) {
return new JSONResponse([ return new JSONResponse([
'status' => 'error', 'status' => 'error',

View File

@ -1,4 +1,5 @@
<?php <?php
declare(strict_types=1);
/** /**
* @copyright Copyright (c) 2016, ownCloud, Inc. * @copyright Copyright (c) 2016, ownCloud, Inc.
* *
@ -39,6 +40,7 @@ namespace OC\Settings\Controller;
use OC\Accounts\AccountManager; use OC\Accounts\AccountManager;
use OC\AppFramework\Http; use OC\AppFramework\Http;
use OC\ForbiddenException; use OC\ForbiddenException;
use OC\Group\Manager as GroupManager;
use OC\HintException; use OC\HintException;
use OC\Settings\Mailer\NewUserMailHelper; use OC\Settings\Mailer\NewUserMailHelper;
use OC\Security\IdentityProof\Manager; use OC\Security\IdentityProof\Manager;
@ -50,7 +52,6 @@ use OCP\Files\Config\IUserMountCache;
use OCP\Encryption\IEncryptionModule; use OCP\Encryption\IEncryptionModule;
use OCP\Encryption\IManager; use OCP\Encryption\IManager;
use OCP\IConfig; use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IL10N; use OCP\IL10N;
use OCP\ILogger; use OCP\ILogger;
use OCP\IRequest; use OCP\IRequest;
@ -76,7 +77,7 @@ class UsersController extends Controller {
private $isAdmin; private $isAdmin;
/** @var IUserManager */ /** @var IUserManager */
private $userManager; private $userManager;
/** @var IGroupManager */ /** @var GroupManager */
private $groupManager; private $groupManager;
/** @var IConfig */ /** @var IConfig */
private $config; private $config;
@ -109,36 +110,13 @@ class UsersController extends Controller {
/** @var IManager */ /** @var IManager */
private $encryptionManager; private $encryptionManager;
public function __construct(string $appName,
/**
* @param string $appName
* @param IRequest $request
* @param IUserManager $userManager
* @param IGroupManager $groupManager
* @param IUserSession $userSession
* @param IConfig $config
* @param bool $isAdmin
* @param IL10N $l10n
* @param ILogger $log
* @param IMailer $mailer
* @param IURLGenerator $urlGenerator
* @param IAppManager $appManager
* @param IAvatarManager $avatarManager
* @param AccountManager $accountManager
* @param ISecureRandom $secureRandom
* @param NewUserMailHelper $newUserMailHelper
* @param Manager $keyManager
* @param IJobList $jobList
* @param IUserMountCache $userMountCache
* @param IManager $encryptionManager
*/
public function __construct($appName,
IRequest $request, IRequest $request,
IUserManager $userManager, IUserManager $userManager,
IGroupManager $groupManager, GroupManager $groupManager,
IUserSession $userSession, IUserSession $userSession,
IConfig $config, IConfig $config,
$isAdmin, bool $isAdmin,
IL10N $l10n, IL10N $l10n,
ILogger $log, ILogger $log,
IMailer $mailer, IMailer $mailer,
@ -185,7 +163,7 @@ class UsersController extends Controller {
* @param array|null $userGroups * @param array|null $userGroups
* @return array * @return array
*/ */
private function formatUserForIndex(IUser $user, array $userGroups = null) { private function formatUserForIndex(IUser $user, array $userGroups = null): array {
// TODO: eliminate this encryption specific code below and somehow // TODO: eliminate this encryption specific code below and somehow
// hook in additional user info from other apps // hook in additional user info from other apps
@ -261,7 +239,7 @@ class UsersController extends Controller {
* @param array $userIDs Array with schema [$uid => $displayName] * @param array $userIDs Array with schema [$uid => $displayName]
* @return IUser[] * @return IUser[]
*/ */
private function getUsersForUID(array $userIDs) { private function getUsersForUID(array $userIDs): array {
$users = []; $users = [];
foreach ($userIDs as $uid => $displayName) { foreach ($userIDs as $uid => $displayName) {
$users[$uid] = $this->userManager->get($uid); $users[$uid] = $this->userManager->get($uid);
@ -281,7 +259,7 @@ class UsersController extends Controller {
* *
* TODO: Tidy up and write unit tests - code is mainly static method calls * TODO: Tidy up and write unit tests - code is mainly static method calls
*/ */
public function index($offset = 0, $limit = 10, $gid = '', $pattern = '', $backend = '') { public function index(int $offset = 0, int $limit = 10, string $gid = '', string $pattern = '', string $backend = ''): DataResponse {
// Remove backends // Remove backends
if (!empty($backend)) { if (!empty($backend)) {
$activeBackends = $this->userManager->getBackends(); $activeBackends = $this->userManager->getBackends();
@ -375,11 +353,11 @@ class UsersController extends Controller {
* @param string $email * @param string $email
* @return DataResponse * @return DataResponse
*/ */
public function create($username, $password, array $groups = [], $email = '') { public function create(string $username, string $password, array $groups = [], $email = ''): DataResponse {
if ($email !== '' && !$this->mailer->validateMailAddress($email)) { if ($email !== '' && !$this->mailer->validateMailAddress($email)) {
return new DataResponse( return new DataResponse(
[ [
'message' => (string)$this->l10n->t('Invalid mail address') 'message' => $this->l10n->t('Invalid mail address')
], ],
Http::STATUS_UNPROCESSABLE_ENTITY Http::STATUS_UNPROCESSABLE_ENTITY
); );
@ -396,7 +374,7 @@ class UsersController extends Controller {
continue; continue;
} }
if (!$this->groupManager->getSubAdmin()->isSubAdminofGroup($currentUser, $groupObject)) { if (!$this->groupManager->getSubAdmin()->isSubAdminOfGroup($currentUser, $groupObject)) {
unset($groups[$key]); unset($groups[$key]);
} }
} }
@ -415,7 +393,7 @@ class UsersController extends Controller {
if ($this->userManager->userExists($username)) { if ($this->userManager->userExists($username)) {
return new DataResponse( return new DataResponse(
[ [
'message' => (string)$this->l10n->t('A user with that name already exists.') 'message' => $this->l10n->t('A user with that name already exists.')
], ],
Http::STATUS_CONFLICT Http::STATUS_CONFLICT
); );
@ -426,7 +404,7 @@ class UsersController extends Controller {
if ($email === '') { if ($email === '') {
return new DataResponse( return new DataResponse(
[ [
'message' => (string)$this->l10n->t('To send a password link to the user an email address is required.') 'message' => $this->l10n->t('To send a password link to the user an email address is required.')
], ],
Http::STATUS_UNPROCESSABLE_ENTITY Http::STATUS_UNPROCESSABLE_ENTITY
); );
@ -494,7 +472,7 @@ class UsersController extends Controller {
return new DataResponse( return new DataResponse(
[ [
'message' => (string)$this->l10n->t('Unable to create user.') 'message' => $this->l10n->t('Unable to create user.')
], ],
Http::STATUS_FORBIDDEN Http::STATUS_FORBIDDEN
); );
@ -508,7 +486,7 @@ class UsersController extends Controller {
* @param string $id * @param string $id
* @return DataResponse * @return DataResponse
*/ */
public function destroy($id) { public function destroy(string $id): DataResponse {
$userId = $this->userSession->getUser()->getUID(); $userId = $this->userSession->getUser()->getUID();
$user = $this->userManager->get($id); $user = $this->userManager->get($id);
@ -517,7 +495,7 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Unable to delete user.') 'message' => $this->l10n->t('Unable to delete user.')
] ]
], ],
Http::STATUS_FORBIDDEN Http::STATUS_FORBIDDEN
@ -529,15 +507,14 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Authentication error') 'message' => $this->l10n->t('Authentication error')
] ]
], ],
Http::STATUS_FORBIDDEN Http::STATUS_FORBIDDEN
); );
} }
if ($user) { if ($user && $user->delete()) {
if ($user->delete()) {
return new DataResponse( return new DataResponse(
[ [
'status' => 'success', 'status' => 'success',
@ -548,13 +525,12 @@ class UsersController extends Controller {
Http::STATUS_NO_CONTENT Http::STATUS_NO_CONTENT
); );
} }
}
return new DataResponse( return new DataResponse(
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Unable to delete user.') 'message' => $this->l10n->t('Unable to delete user.')
] ]
], ],
Http::STATUS_FORBIDDEN Http::STATUS_FORBIDDEN
@ -568,12 +544,12 @@ class UsersController extends Controller {
* @param int $enabled * @param int $enabled
* @return DataResponse * @return DataResponse
*/ */
public function setEnabled($id, $enabled) { public function setEnabled(string $id, int $enabled): DataResponse {
$enabled = (bool)$enabled; $enabled = (bool)$enabled;
if ($enabled) { if ($enabled) {
$errorMsgGeneral = (string)$this->l10n->t('Error while enabling user.'); $errorMsgGeneral = $this->l10n->t('Error while enabling user.');
} else { } else {
$errorMsgGeneral = (string)$this->l10n->t('Error while disabling user.'); $errorMsgGeneral = $this->l10n->t('Error while disabling user.');
} }
$userId = $this->userSession->getUser()->getUID(); $userId = $this->userSession->getUser()->getUID();
@ -596,7 +572,7 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Authentication error') 'message' => $this->l10n->t('Authentication error')
] ]
], ],
Http::STATUS_FORBIDDEN Http::STATUS_FORBIDDEN
@ -638,7 +614,7 @@ class UsersController extends Controller {
* @param bool $onlyVerificationCode only return verification code without updating the data * @param bool $onlyVerificationCode only return verification code without updating the data
* @return DataResponse * @return DataResponse
*/ */
public function getVerificationCode($account, $onlyVerificationCode) { public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
$user = $this->userSession->getUser(); $user = $this->userSession->getUser();
@ -648,7 +624,7 @@ class UsersController extends Controller {
$accountData = $this->accountManager->getUser($user); $accountData = $this->accountManager->getUser($user);
$cloudId = $user->getCloudId(); $cloudId = $user->getCloudId();
$message = "Use my Federated Cloud ID to share with me: " . $cloudId; $message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
$signature = $this->signMessage($user, $message); $signature = $this->signMessage($user, $message);
$code = $message . ' ' . $signature; $code = $message . ' ' . $signature;
@ -697,7 +673,7 @@ class UsersController extends Controller {
* *
* @return int * @return int
*/ */
protected function getCurrentTime() { protected function getCurrentTime(): int {
return time(); return time();
} }
@ -709,7 +685,7 @@ class UsersController extends Controller {
* *
* @return string base64 encoded signature * @return string base64 encoded signature
*/ */
protected function signMessage(IUser $user, $message) { protected function signMessage(IUser $user, string $message): string {
$privateKey = $this->keyManager->getKey($user)->getPrivate(); $privateKey = $this->keyManager->getKey($user)->getPrivate();
openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512); openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
return base64_encode($signature); return base64_encode($signature);
@ -755,7 +731,7 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Invalid mail address') 'message' => $this->l10n->t('Invalid mail address')
] ]
], ],
Http::STATUS_UNPROCESSABLE_ENTITY Http::STATUS_UNPROCESSABLE_ENTITY
@ -799,7 +775,7 @@ class UsersController extends Controller {
'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'], 'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],
'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'], 'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],
'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'], 'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],
'message' => (string)$this->l10n->t('Settings saved') 'message' => $this->l10n->t('Settings saved')
] ]
], ],
Http::STATUS_OK Http::STATUS_OK
@ -823,7 +799,7 @@ class UsersController extends Controller {
* @param array $data * @param array $data
* @throws ForbiddenException * @throws ForbiddenException
*/ */
protected function saveUserSettings(IUser $user, $data) { protected function saveUserSettings(IUser $user, array $data) {
// keep the user back-end up-to-date with the latest display name and email // keep the user back-end up-to-date with the latest display name and email
// address // address
@ -861,7 +837,7 @@ class UsersController extends Controller {
* *
* @return DataResponse * @return DataResponse
*/ */
public function stats() { public function stats(): DataResponse {
$userCount = 0; $userCount = 0;
if ($this->isAdmin) { if ($this->isAdmin) {
$countByBackend = $this->userManager->countUsers(); $countByBackend = $this->userManager->countUsers();
@ -904,7 +880,7 @@ class UsersController extends Controller {
* @param string $displayName * @param string $displayName
* @return DataResponse * @return DataResponse
*/ */
public function setDisplayName($username, $displayName) { public function setDisplayName(string $username, string $displayName) {
$currentUser = $this->userSession->getUser(); $currentUser = $this->userSession->getUser();
$user = $this->userManager->get($username); $user = $this->userManager->get($username);
@ -961,7 +937,7 @@ class UsersController extends Controller {
* @param string $mailAddress * @param string $mailAddress
* @return DataResponse * @return DataResponse
*/ */
public function setEMailAddress($id, $mailAddress) { public function setEMailAddress(string $id, string $mailAddress) {
$user = $this->userManager->get($id); $user = $this->userManager->get($id);
if (!$this->isAdmin if (!$this->isAdmin
&& !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user) && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)
@ -970,7 +946,7 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Forbidden') 'message' => $this->l10n->t('Forbidden')
] ]
], ],
Http::STATUS_FORBIDDEN Http::STATUS_FORBIDDEN
@ -982,7 +958,7 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Invalid mail address') 'message' => $this->l10n->t('Invalid mail address')
] ]
], ],
Http::STATUS_UNPROCESSABLE_ENTITY Http::STATUS_UNPROCESSABLE_ENTITY
@ -994,7 +970,7 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Invalid user') 'message' => $this->l10n->t('Invalid user')
] ]
], ],
Http::STATUS_UNPROCESSABLE_ENTITY Http::STATUS_UNPROCESSABLE_ENTITY
@ -1007,7 +983,7 @@ class UsersController extends Controller {
[ [
'status' => 'error', 'status' => 'error',
'data' => [ 'data' => [
'message' => (string)$this->l10n->t('Unable to change mail address') 'message' => $this->l10n->t('Unable to change mail address')
] ]
], ],
Http::STATUS_FORBIDDEN Http::STATUS_FORBIDDEN
@ -1025,7 +1001,7 @@ class UsersController extends Controller {
'data' => [ 'data' => [
'username' => $id, 'username' => $id,
'mailAddress' => $mailAddress, 'mailAddress' => $mailAddress,
'message' => (string)$this->l10n->t('Email saved') 'message' => $this->l10n->t('Email saved')
] ]
], ],
Http::STATUS_OK Http::STATUS_OK

View File

@ -1878,29 +1878,6 @@ class UsersControllerTest extends \Test\TestCase {
$this->assertEquals($expectedResponse, $response); $this->assertEquals($expectedResponse, $response);
} }
public function testSetDisplayNameNull() {
$user = $this->createMock(IUser::class);
$user->method('getUID')->willReturn('userName');
$this->userSession
->expects($this->once())
->method('getUser')
->willReturn($user);
$expectedResponse = new DataResponse(
[
'status' => 'error',
'data' => [
'message' => 'Authentication error',
],
]
);
$controller = $this->getController(true);
$response = $controller->setDisplayName(null, 'displayName');
$this->assertEquals($expectedResponse, $response);
}
public function dataSetDisplayName() { public function dataSetDisplayName() {
$data = []; $data = [];