Make Security module strict
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
This commit is contained in:
parent
9a69b88393
commit
ca7b37ce5a
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
|
||||
*
|
||||
|
@ -46,7 +49,7 @@ class Capabilities implements IPublicCapability {
|
|||
$this->throttler = $throttler;
|
||||
}
|
||||
|
||||
public function getCapabilities() {
|
||||
public function getCapabilities(): array {
|
||||
if (version_compare(\OC::$server->getConfig()->getSystemValue('version', '0.0.0.0'), '12.0.0.0', '<')) {
|
||||
return [];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -49,7 +52,7 @@ class Certificate implements ICertificate {
|
|||
* @param string $name
|
||||
* @throws \Exception If the certificate could not get parsed
|
||||
*/
|
||||
public function __construct($data, $name) {
|
||||
public function __construct(string $data, string $name) {
|
||||
$this->name = $name;
|
||||
$gmt = new \DateTimeZone('GMT');
|
||||
|
||||
|
@ -75,42 +78,42 @@ class Certificate implements ICertificate {
|
|||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getName() {
|
||||
public function getName(): string {
|
||||
return $this->name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string|null
|
||||
*/
|
||||
public function getCommonName() {
|
||||
public function getCommonName(): ?string {
|
||||
return $this->commonName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
* @return string|null
|
||||
*/
|
||||
public function getOrganization() {
|
||||
public function getOrganization(): ?string {
|
||||
return $this->organization;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \DateTime
|
||||
*/
|
||||
public function getIssueDate() {
|
||||
public function getIssueDate(): \DateTime {
|
||||
return $this->issueDate;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \DateTime
|
||||
*/
|
||||
public function getExpireDate() {
|
||||
public function getExpireDate(): \DateTime {
|
||||
return $this->expireDate;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function isExpired() {
|
||||
public function isExpired(): bool {
|
||||
$now = new \DateTime();
|
||||
return $this->issueDate > $now or $now > $this->expireDate;
|
||||
}
|
||||
|
@ -118,14 +121,14 @@ class Certificate implements ICertificate {
|
|||
/**
|
||||
* @return string|null
|
||||
*/
|
||||
public function getIssuerName() {
|
||||
public function getIssuerName(): ?string {
|
||||
return $this->issuerName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string|null
|
||||
*/
|
||||
public function getIssuerOrganization() {
|
||||
public function getIssuerOrganization(): ?string {
|
||||
return $this->issuerOrganization;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -30,6 +33,7 @@
|
|||
namespace OC\Security;
|
||||
|
||||
use OC\Files\Filesystem;
|
||||
use OCP\ICertificate;
|
||||
use OCP\ICertificateManager;
|
||||
use OCP\IConfig;
|
||||
use OCP\ILogger;
|
||||
|
@ -78,7 +82,7 @@ class CertificateManager implements ICertificateManager {
|
|||
*
|
||||
* @return \OCP\ICertificate[]
|
||||
*/
|
||||
public function listCertificates() {
|
||||
public function listCertificates(): array {
|
||||
if (!$this->config->getSystemValue('installed', false)) {
|
||||
return [];
|
||||
}
|
||||
|
@ -130,7 +134,7 @@ class CertificateManager implements ICertificateManager {
|
|||
/**
|
||||
* create the certificate bundle of all trusted certificated
|
||||
*/
|
||||
public function createCertificateBundle() {
|
||||
public function createCertificateBundle(): void {
|
||||
$path = $this->getPathToCertificates();
|
||||
$certs = $this->listCertificates();
|
||||
|
||||
|
@ -182,7 +186,7 @@ class CertificateManager implements ICertificateManager {
|
|||
* @return \OCP\ICertificate
|
||||
* @throws \Exception If the certificate could not get added
|
||||
*/
|
||||
public function addCertificate($certificate, $name) {
|
||||
public function addCertificate(string $certificate, string $name): ICertificate {
|
||||
if (!Filesystem::isValidPath($name) or Filesystem::isFileBlacklisted($name)) {
|
||||
throw new \Exception('Filename is not valid');
|
||||
}
|
||||
|
@ -209,7 +213,7 @@ class CertificateManager implements ICertificateManager {
|
|||
* @param string $name
|
||||
* @return bool
|
||||
*/
|
||||
public function removeCertificate($name) {
|
||||
public function removeCertificate(string $name): bool {
|
||||
if (!Filesystem::isValidPath($name)) {
|
||||
return false;
|
||||
}
|
||||
|
@ -226,7 +230,7 @@ class CertificateManager implements ICertificateManager {
|
|||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getCertificateBundle() {
|
||||
public function getCertificateBundle(): string {
|
||||
return $this->getPathToCertificates() . 'rootcerts.crt';
|
||||
}
|
||||
|
||||
|
@ -235,7 +239,7 @@ class CertificateManager implements ICertificateManager {
|
|||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getAbsoluteBundlePath() {
|
||||
public function getAbsoluteBundlePath(): string {
|
||||
if (!$this->hasCertificates()) {
|
||||
return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
|
||||
}
|
||||
|
@ -250,7 +254,7 @@ class CertificateManager implements ICertificateManager {
|
|||
/**
|
||||
* @return string
|
||||
*/
|
||||
private function getPathToCertificates() {
|
||||
private function getPathToCertificates(): string {
|
||||
return '/files_external/';
|
||||
}
|
||||
|
||||
|
@ -259,7 +263,7 @@ class CertificateManager implements ICertificateManager {
|
|||
*
|
||||
* @return bool
|
||||
*/
|
||||
private function needsRebundling() {
|
||||
private function needsRebundling(): bool {
|
||||
$targetBundle = $this->getCertificateBundle();
|
||||
if (!$this->view->file_exists($targetBundle)) {
|
||||
return true;
|
||||
|
@ -274,7 +278,7 @@ class CertificateManager implements ICertificateManager {
|
|||
*
|
||||
* @return int
|
||||
*/
|
||||
protected function getFilemtimeOfCaBundle() {
|
||||
protected function getFilemtimeOfCaBundle(): int {
|
||||
return filemtime(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -59,11 +62,11 @@ class CredentialsManager implements ICredentialsManager {
|
|||
* @param string $identifier
|
||||
* @param mixed $credentials
|
||||
*/
|
||||
public function store($userId, $identifier, $credentials) {
|
||||
public function store(string $userId, string $identifier, $credentials): void {
|
||||
$value = $this->crypto->encrypt(json_encode($credentials));
|
||||
|
||||
$this->dbConnection->setValues(self::DB_TABLE, [
|
||||
'user' => (string)$userId,
|
||||
'user' => $userId,
|
||||
'identifier' => $identifier,
|
||||
], [
|
||||
'credentials' => $value,
|
||||
|
@ -77,7 +80,7 @@ class CredentialsManager implements ICredentialsManager {
|
|||
* @param string $identifier
|
||||
* @return mixed
|
||||
*/
|
||||
public function retrieve($userId, $identifier) {
|
||||
public function retrieve(string $userId, string $identifier) {
|
||||
$qb = $this->dbConnection->getQueryBuilder();
|
||||
$qb->select('credentials')
|
||||
->from(self::DB_TABLE)
|
||||
|
@ -86,7 +89,7 @@ class CredentialsManager implements ICredentialsManager {
|
|||
if ($userId === '') {
|
||||
$qb->andWhere($qb->expr()->emptyString('user'));
|
||||
} else {
|
||||
$qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)));
|
||||
$qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter($userId)));
|
||||
}
|
||||
|
||||
$qResult = $qb->execute();
|
||||
|
@ -108,7 +111,7 @@ class CredentialsManager implements ICredentialsManager {
|
|||
* @param string $identifier
|
||||
* @return int rows removed
|
||||
*/
|
||||
public function delete($userId, $identifier) {
|
||||
public function delete(string $userId, string $identifier): int {
|
||||
$qb = $this->dbConnection->getQueryBuilder();
|
||||
$qb->delete(self::DB_TABLE)
|
||||
->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)));
|
||||
|
@ -116,7 +119,7 @@ class CredentialsManager implements ICredentialsManager {
|
|||
if ($userId === '') {
|
||||
$qb->andWhere($qb->expr()->emptyString('user'));
|
||||
} else {
|
||||
$qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)));
|
||||
$qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter($userId)));
|
||||
}
|
||||
|
||||
return $qb->execute();
|
||||
|
@ -128,7 +131,7 @@ class CredentialsManager implements ICredentialsManager {
|
|||
* @param string $userId
|
||||
* @return int rows removed
|
||||
*/
|
||||
public function erase($userId) {
|
||||
public function erase(string $userId): int {
|
||||
$qb = $this->dbConnection->getQueryBuilder();
|
||||
$qb->delete(self::DB_TABLE)
|
||||
->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -51,7 +54,7 @@ class TrustedDomainHelper {
|
|||
* @param string $host
|
||||
* @return string $host without appended port
|
||||
*/
|
||||
private function getDomainWithoutPort($host) {
|
||||
private function getDomainWithoutPort(string $host): string {
|
||||
$pos = strrpos($host, ':');
|
||||
if ($pos !== false) {
|
||||
$port = substr($host, $pos + 1);
|
||||
|
@ -71,7 +74,7 @@ class TrustedDomainHelper {
|
|||
* @return bool true if the given domain is trusted or if no trusted domains
|
||||
* have been configured
|
||||
*/
|
||||
public function isTrustedDomain($domainWithPort) {
|
||||
public function isTrustedDomain(string $domainWithPort): bool {
|
||||
// overwritehost is always trusted
|
||||
if ($this->config->getSystemValue('overwritehost') !== '') {
|
||||
return true;
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -33,47 +36,47 @@ interface ICertificate {
|
|||
* @return string
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getName();
|
||||
public function getName(): string;
|
||||
|
||||
/**
|
||||
* @return string
|
||||
* @return string|null
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getCommonName();
|
||||
public function getCommonName(): ?string;
|
||||
|
||||
/**
|
||||
* @return string
|
||||
* @return string|null
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getOrganization();
|
||||
public function getOrganization(): ?string;
|
||||
|
||||
/**
|
||||
* @return \DateTime
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getIssueDate();
|
||||
public function getIssueDate(): \DateTime;
|
||||
|
||||
/**
|
||||
* @return \DateTime
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getExpireDate();
|
||||
public function getExpireDate(): \DateTime;
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function isExpired();
|
||||
public function isExpired(): bool;
|
||||
|
||||
/**
|
||||
* @return string
|
||||
* @return string|null
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getIssuerName();
|
||||
public function getIssuerName(): ?string;
|
||||
|
||||
/**
|
||||
* @return string
|
||||
* @return string|null
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getIssuerOrganization();
|
||||
public function getIssuerOrganization(): ?string;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -35,7 +38,7 @@ interface ICertificateManager {
|
|||
* @return \OCP\ICertificate[]
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function listCertificates();
|
||||
public function listCertificates(): array;
|
||||
|
||||
/**
|
||||
* @param string $certificate the certificate data
|
||||
|
@ -44,13 +47,14 @@ interface ICertificateManager {
|
|||
* @throws \Exception If the certificate could not get added
|
||||
* @since 8.0.0 - since 8.1.0 throws exception instead of returning false
|
||||
*/
|
||||
public function addCertificate($certificate, $name);
|
||||
public function addCertificate(string $certificate, string $name): \OCP\ICertificate;
|
||||
|
||||
/**
|
||||
* @param string $name
|
||||
* @return bool
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function removeCertificate($name);
|
||||
public function removeCertificate(string $name): bool;
|
||||
|
||||
/**
|
||||
* Get the path to the certificate bundle
|
||||
|
@ -58,7 +62,7 @@ interface ICertificateManager {
|
|||
* @return string
|
||||
* @since 8.0.0
|
||||
*/
|
||||
public function getCertificateBundle();
|
||||
public function getCertificateBundle(): string;
|
||||
|
||||
/**
|
||||
* Get the full local path to the certificate bundle
|
||||
|
@ -66,5 +70,5 @@ interface ICertificateManager {
|
|||
* @return string
|
||||
* @since 9.0.0
|
||||
*/
|
||||
public function getAbsoluteBundlePath();
|
||||
public function getAbsoluteBundlePath(): string;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -38,7 +41,7 @@ interface ICredentialsManager {
|
|||
* @param mixed $credentials
|
||||
* @since 8.2.0
|
||||
*/
|
||||
public function store($userId, $identifier, $credentials);
|
||||
public function store(string $userId, string $identifier, $credentials): void;
|
||||
|
||||
/**
|
||||
* Retrieve a set of credentials
|
||||
|
@ -48,7 +51,7 @@ interface ICredentialsManager {
|
|||
* @return mixed
|
||||
* @since 8.2.0
|
||||
*/
|
||||
public function retrieve($userId, $identifier);
|
||||
public function retrieve(string $userId, string $identifier);
|
||||
|
||||
/**
|
||||
* Delete a set of credentials
|
||||
|
@ -58,7 +61,7 @@ interface ICredentialsManager {
|
|||
* @return int rows removed
|
||||
* @since 8.2.0
|
||||
*/
|
||||
public function delete($userId, $identifier);
|
||||
public function delete(string $userId, string $identifier): int;
|
||||
|
||||
/**
|
||||
* Erase all credentials stored for a user
|
||||
|
@ -67,5 +70,5 @@ interface ICredentialsManager {
|
|||
* @return int rows removed
|
||||
* @since 8.2.0
|
||||
*/
|
||||
public function erase($userId);
|
||||
public function erase(string $userId): int;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @author Robin McCorkell <rmccorkell@owncloud.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright 2016, Roeland Jago Douma <roeland@famdouma.nl>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright 2016, Roeland Jago Douma <roeland@famdouma.nl>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* Copyright (c) 2015 Lukas Reschke <lukas@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
|
|
Loading…
Reference in New Issue