Merge pull request #6921 from nextcloud/appmanager-securitymiddleware
Use proper DI for security middleware for app enabled check
This commit is contained in:
Roeland Jago Douma
GitHub
commit
b88db3a389
|
|
@ -230,7 +230,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
|
|||
$app->isAdminUser(),
|
||||
$server->getContentSecurityPolicyManager(),
|
||||
$server->getCsrfTokenManager(),
|
||||
$server->getContentSecurityPolicyNonceManager()
|
||||
$server->getContentSecurityPolicyNonceManager(),
|
||||
$server->getAppManager()
|
||||
);
|
||||
|
||||
});
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ use OC\AppFramework\Utility\ControllerMethodReflector;
|
|||
use OC\Security\CSP\ContentSecurityPolicyManager;
|
||||
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
|
||||
use OC\Security\CSRF\CsrfTokenManager;
|
||||
use OCP\App\IAppManager;
|
||||
use OCP\AppFramework\Http\ContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
|
@ -87,6 +88,8 @@ class SecurityMiddleware extends Middleware {
|
|||
private $csrfTokenManager;
|
||||
/** @var ContentSecurityPolicyNonceManager */
|
||||
private $cspNonceManager;
|
||||
/** @var IAppManager */
|
||||
private $appManager;
|
||||
|
||||
/**
|
||||
* @param IRequest $request
|
||||
|
|
@ -101,6 +104,7 @@ class SecurityMiddleware extends Middleware {
|
|||
* @param ContentSecurityPolicyManager $contentSecurityPolicyManager
|
||||
* @param CSRFTokenManager $csrfTokenManager
|
||||
* @param ContentSecurityPolicyNonceManager $cspNonceManager
|
||||
* @param IAppManager $appManager
|
||||
*/
|
||||
public function __construct(IRequest $request,
|
||||
ControllerMethodReflector $reflector,
|
||||
|
|
@ -113,7 +117,8 @@ class SecurityMiddleware extends Middleware {
|
|||
$isAdminUser,
|
||||
ContentSecurityPolicyManager $contentSecurityPolicyManager,
|
||||
CsrfTokenManager $csrfTokenManager,
|
||||
ContentSecurityPolicyNonceManager $cspNonceManager) {
|
||||
ContentSecurityPolicyNonceManager $cspNonceManager,
|
||||
IAppManager $appManager) {
|
||||
$this->navigationManager = $navigationManager;
|
||||
$this->request = $request;
|
||||
$this->reflector = $reflector;
|
||||
|
|
@ -126,6 +131,7 @@ class SecurityMiddleware extends Middleware {
|
|||
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
|
||||
$this->csrfTokenManager = $csrfTokenManager;
|
||||
$this->cspNonceManager = $cspNonceManager;
|
||||
$this->appManager = $appManager;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -190,7 +196,7 @@ class SecurityMiddleware extends Middleware {
|
|||
* The getAppPath() check is here since components such as settings also use the AppFramework and
|
||||
* therefore won't pass this check.
|
||||
*/
|
||||
if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
|
||||
if(\OC_App::getAppPath($this->appName) !== false && !$this->appManager->isEnabledForUser($this->appName)) {
|
||||
throw new AppNotEnabledException();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ use OC\Security\CSP\ContentSecurityPolicyManager;
|
|||
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
|
||||
use OC\Security\CSRF\CsrfToken;
|
||||
use OC\Security\CSRF\CsrfTokenManager;
|
||||
use OCP\App\IAppManager;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
|
@ -79,6 +80,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
private $csrfTokenManager;
|
||||
/** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $cspNonceManager;
|
||||
/** @var IAppManager|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $appManager;
|
||||
|
||||
protected function setUp() {
|
||||
parent::setUp();
|
||||
|
|
@ -93,6 +96,10 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class);
|
||||
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
|
||||
$this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class);
|
||||
$this->appManager = $this->createMock(IAppManager::class);
|
||||
$this->appManager->expects($this->any())
|
||||
->method('isEnabledForUser')
|
||||
->willReturn(true);
|
||||
$this->middleware = $this->getMiddleware(true, true);
|
||||
$this->secException = new SecurityException('hey', false);
|
||||
$this->secAjaxException = new SecurityException('hey', true);
|
||||
|
|
@ -116,7 +123,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
$isAdminUser,
|
||||
$this->contentSecurityPolicyManager,
|
||||
$this->csrfTokenManager,
|
||||
$this->cspNonceManager
|
||||
$this->cspNonceManager,
|
||||
$this->appManager
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue