From e071bfc14476877b9731bfe84904858444eb1dbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Mon, 7 Oct 2013 00:33:54 +0200 Subject: [PATCH] fixing SecurityMiddleware to use OC6 API --- .../dependencyinjection/dicontainer.php | 52 +++++++++++++++++-- lib/private/appframework/http/dispatcher.php | 2 +- .../middleware/middlewaredispatcher.php | 2 +- .../security/securitymiddleware.php | 34 ++++++------ .../appframework/http/templateresponse.php | 18 ++----- lib/public/appframework/iappcontainer.php | 22 +++++++- lib/public/appframework/middleware.php | 1 + 7 files changed, 94 insertions(+), 37 deletions(-) diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php index 3755d45fa0..7276a11e4d 100644 --- a/lib/private/appframework/dependencyinjection/dicontainer.php +++ b/lib/private/appframework/dependencyinjection/dicontainer.php @@ -35,6 +35,7 @@ use OC\AppFramework\Utility\TimeFactory; use OCP\AppFramework\IApi; use OCP\AppFramework\IAppContainer; use OCP\AppFramework\IMiddleWare; +use OCP\AppFramework\Middleware; use OCP\IServerContainer; @@ -86,7 +87,7 @@ class DIContainer extends SimpleContainer implements IAppContainer{ * Middleware */ $this['SecurityMiddleware'] = $this->share(function($c){ - return new SecurityMiddleware($c['API'], $c['Request']); + return new SecurityMiddleware($this, $c['Request']); }); $this['MiddlewareDispatcher'] = $this->share(function($c){ @@ -129,10 +130,10 @@ class DIContainer extends SimpleContainer implements IAppContainer{ } /** - * @param IMiddleWare $middleWare + * @param Middleware $middleWare * @return boolean */ - function registerMiddleWare(IMiddleWare $middleWare) { + function registerMiddleWare(Middleware $middleWare) { array_push($this->middleWares, $middleWare); } @@ -143,4 +144,49 @@ class DIContainer extends SimpleContainer implements IAppContainer{ function getAppName() { return $this->query('AppName'); } + + /** + * @return boolean + */ + function isLoggedIn() { + return \OC_User::isLoggedIn(); + } + + /** + * @return boolean + */ + function isAdminUser() { + $uid = $this->getUserId(); + return \OC_User::isAdminUser($uid); + } + + private function getUserId() { + return \OC::$session->get('user_id'); + } + + /** + * @param $message + * @param $level + * @return mixed + */ + function log($message, $level) { + switch($level){ + case 'debug': + $level = \OCP\Util::DEBUG; + break; + case 'info': + $level = \OCP\Util::INFO; + break; + case 'warn': + $level = \OCP\Util::WARN; + break; + case 'fatal': + $level = \OCP\Util::FATAL; + break; + default: + $level = \OCP\Util::ERROR; + break; + } + \OCP\Util::writeLog($this->getAppName(), $message, $level); + } } diff --git a/lib/private/appframework/http/dispatcher.php b/lib/private/appframework/http/dispatcher.php index ea57a6860c..2a9ed12148 100644 --- a/lib/private/appframework/http/dispatcher.php +++ b/lib/private/appframework/http/dispatcher.php @@ -24,8 +24,8 @@ namespace OC\AppFramework\Http; -use \OC\AppFramework\Controller\Controller; use \OC\AppFramework\Middleware\MiddlewareDispatcher; +use OCP\AppFramework\Controller\Controller; /** diff --git a/lib/private/appframework/middleware/middlewaredispatcher.php b/lib/private/appframework/middleware/middlewaredispatcher.php index c2377b8844..c46ddc7cb0 100644 --- a/lib/private/appframework/middleware/middlewaredispatcher.php +++ b/lib/private/appframework/middleware/middlewaredispatcher.php @@ -24,7 +24,7 @@ namespace OC\AppFramework\Middleware; -use OC\AppFramework\Controller\Controller; +use OCP\AppFramework\Controller\Controller; use OCP\AppFramework\Http\Response; use OCP\AppFramework\MiddleWare; diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php index d6daf737bb..80f3f6d966 100644 --- a/lib/private/appframework/middleware/security/securitymiddleware.php +++ b/lib/private/appframework/middleware/security/securitymiddleware.php @@ -24,15 +24,14 @@ namespace OC\AppFramework\Middleware\Security; -use OC\AppFramework\Controller\Controller; use OC\AppFramework\Http\Http; -use OC\AppFramework\Http\Request; use OC\AppFramework\Http\RedirectResponse; use OC\AppFramework\Utility\MethodAnnotationReader; -use OC\AppFramework\Core\API; use OCP\AppFramework\Middleware; use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\IAppContainer; +use OCP\IRequest; /** @@ -43,18 +42,22 @@ use OCP\AppFramework\Http\JSONResponse; */ class SecurityMiddleware extends Middleware { - private $api; + /** + * @var \OCP\AppFramework\IAppContainer + */ + private $app; /** - * @var \OC\AppFramework\Http\Request + * @var \OCP\IRequest */ private $request; /** - * @param API $api an instance of the api + * @param IAppContainer $app + * @param IRequest $request */ - public function __construct(API $api, Request $request){ - $this->api = $api; + public function __construct(IAppContainer $app, IRequest $request){ + $this->app = $app; $this->request = $request; } @@ -74,24 +77,24 @@ class SecurityMiddleware extends Middleware { // this will set the current navigation entry of the app, use this only // for normal HTML requests and not for AJAX requests - $this->api->activateNavigationEntry(); + $this->app->getServer()->getNavigationManager()->setActiveEntry($this->api->getAppName()); // security checks $isPublicPage = $annotationReader->hasAnnotation('PublicPage'); if(!$isPublicPage) { - if(!$this->api->isLoggedIn()) { + if(!$this->app->isLoggedIn()) { throw new SecurityException('Current user is not logged in', Http::STATUS_UNAUTHORIZED); } if(!$annotationReader->hasAnnotation('NoAdminRequired')) { - if(!$this->api->isAdminUser($this->api->getUserId())) { + if(!$this->app->isAdminUser()) { throw new SecurityException('Logged in user must be an admin', Http::STATUS_FORBIDDEN); } } } if(!$annotationReader->hasAnnotation('NoCSRFRequired')) { - if(!$this->api->passesCSRFCheck()) { + if(!$this->request->passesCSRFCheck()) { throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); } } @@ -118,12 +121,13 @@ class SecurityMiddleware extends Middleware { array('message' => $exception->getMessage()), $exception->getCode() ); - $this->api->log($exception->getMessage(), 'debug'); + $this->app->log($exception->getMessage(), 'debug'); } else { - $url = $this->api->linkToAbsolute('index.php', ''); // TODO: replace with link to route + // TODO: replace with link to route + $url = $this->app->getServer()->getURLGenerator()->getAbsoluteURL('index.php'); $response = new RedirectResponse($url); - $this->api->log($exception->getMessage(), 'debug'); + $this->app->log($exception->getMessage(), 'debug'); } return $response; diff --git a/lib/public/appframework/http/templateresponse.php b/lib/public/appframework/http/templateresponse.php index 97678c96cb..594530651a 100644 --- a/lib/public/appframework/http/templateresponse.php +++ b/lib/public/appframework/http/templateresponse.php @@ -24,8 +24,6 @@ namespace OCP\AppFramework\Http; -use OC\AppFramework\Core\API; - /** * Response for a normal template @@ -34,20 +32,16 @@ class TemplateResponse extends Response { protected $templateName; protected $params; - protected $api; protected $renderAs; protected $appName; /** - * @param API $api an API instance * @param string $templateName the name of the template - * @param string $appName optional if you want to include a template from - * a different app + * @param string $appName the name of the app to load the template from */ - public function __construct(API $api, $templateName, $appName=null) { + public function __construct($appName, $templateName) { $this->templateName = $templateName; $this->appName = $appName; - $this->api = $api; $this->params = array(); $this->renderAs = 'user'; } @@ -108,13 +102,7 @@ class TemplateResponse extends Response { */ public function render(){ - if($this->appName !== null){ - $appName = $this->appName; - } else { - $appName = $this->api->getAppName(); - } - - $template = $this->api->getTemplate($this->templateName, $this->renderAs, $appName); + $template = new \OCP\Template($this->appName, $this->templateName, $this->renderAs); foreach($this->params as $key => $value){ $template->assign($key, $value); diff --git a/lib/public/appframework/iappcontainer.php b/lib/public/appframework/iappcontainer.php index 7d3b4b3bac..7e6ec6016b 100644 --- a/lib/public/appframework/iappcontainer.php +++ b/lib/public/appframework/iappcontainer.php @@ -50,8 +50,26 @@ interface IAppContainer extends IContainer{ function getServer(); /** - * @param IMiddleWare $middleWare + * @param Middleware $middleWare * @return boolean */ - function registerMiddleWare(IMiddleWare $middleWare); + function registerMiddleWare(Middleware $middleWare); + + /** + * @return boolean + */ + function isLoggedIn(); + + /** + * @return boolean + */ + function isAdminUser(); + + /** + * @param $message + * @param $level + * @return mixed + */ + function log($message, $level); + } diff --git a/lib/public/appframework/middleware.php b/lib/public/appframework/middleware.php index 12776c119c..13b4b8cab9 100644 --- a/lib/public/appframework/middleware.php +++ b/lib/public/appframework/middleware.php @@ -24,6 +24,7 @@ namespace OCP\AppFramework; +use OCP\AppFramework\Controller\Controller; use OCP\AppFramework\Http\Response;