nextcloud / server

lib/public/AppFramework/Middleware.php

Indentation +57 added lines, -57 removed lines

@@ -44,69 +44,69 @@
 abstract class Middleware {
 
 
-	/**
-	 * This is being run in normal order before the controller is being
-	 * called which allows several modifications and checks
-	 *
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @since 6.0.0
-	 */
-	public function beforeController($controller, $methodName){
+    /**
+     * This is being run in normal order before the controller is being
+     * called which allows several modifications and checks
+     *
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @since 6.0.0
+     */
+    public function beforeController($controller, $methodName){
 
-	}
+    }
 
 
-	/**
-	 * This is being run when either the beforeController method or the
-	 * controller method itself is throwing an exception. The middleware is
-	 * asked in reverse order to handle the exception and to return a response.
-	 * If the response is null, it is assumed that the exception could not be
-	 * handled and the error will be thrown again
-	 *
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param \Exception $exception the thrown exception
-	 * @throws \Exception the passed in exception if it can't handle it
-	 * @return Response a Response object in case that the exception was handled
-	 * @since 6.0.0
-	 */
-	public function afterException($controller, $methodName, \Exception $exception){
-		throw $exception;
-	}
+    /**
+     * This is being run when either the beforeController method or the
+     * controller method itself is throwing an exception. The middleware is
+     * asked in reverse order to handle the exception and to return a response.
+     * If the response is null, it is assumed that the exception could not be
+     * handled and the error will be thrown again
+     *
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param \Exception $exception the thrown exception
+     * @throws \Exception the passed in exception if it can't handle it
+     * @return Response a Response object in case that the exception was handled
+     * @since 6.0.0
+     */
+    public function afterException($controller, $methodName, \Exception $exception){
+        throw $exception;
+    }
 
 
-	/**
-	 * This is being run after a successful controllermethod call and allows
-	 * the manipulation of a Response object. The middleware is run in reverse order
-	 *
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param Response $response the generated response from the controller
-	 * @return Response a Response object
-	 * @since 6.0.0
-	 */
-	public function afterController($controller, $methodName, Response $response){
-		return $response;
-	}
+    /**
+     * This is being run after a successful controllermethod call and allows
+     * the manipulation of a Response object. The middleware is run in reverse order
+     *
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param Response $response the generated response from the controller
+     * @return Response a Response object
+     * @since 6.0.0
+     */
+    public function afterController($controller, $methodName, Response $response){
+        return $response;
+    }
 
 
-	/**
-	 * This is being run after the response object has been rendered and
-	 * allows the manipulation of the output. The middleware is run in reverse order
-	 *
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param string $output the generated output from a response
-	 * @return string the output that should be printed
-	 * @since 6.0.0
-	 */
-	public function beforeOutput($controller, $methodName, $output){
-		return $output;
-	}
+    /**
+     * This is being run after the response object has been rendered and
+     * allows the manipulation of the output. The middleware is run in reverse order
+     *
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param string $output the generated output from a response
+     * @return string the output that should be printed
+     * @since 6.0.0
+     */
+    public function beforeOutput($controller, $methodName, $output){
+        return $output;
+    }
 
 }

Spacing +4 added lines, -4 removed lines

@@ -53,7 +53,7 @@ 
 	 *                           the controller
 	 * @since 6.0.0
 	 */
-	public function beforeController($controller, $methodName){
+	public function beforeController($controller, $methodName) {
 
 	}
 
@@ -73,7 +73,7 @@ 
 	 * @return Response a Response object in case that the exception was handled
 	 * @since 6.0.0
 	 */
-	public function afterException($controller, $methodName, \Exception $exception){
+	public function afterException($controller, $methodName, \Exception $exception) {
 		throw $exception;
 	}
 
@@ -89,7 +89,7 @@ 
 	 * @return Response a Response object
 	 * @since 6.0.0
 	 */
-	public function afterController($controller, $methodName, Response $response){
+	public function afterController($controller, $methodName, Response $response) {
 		return $response;
 	}
 
@@ -105,7 +105,7 @@ 
 	 * @return string the output that should be printed
 	 * @since 6.0.0
 	 */
-	public function beforeOutput($controller, $methodName, $output){
+	public function beforeOutput($controller, $methodName, $output) {
 		return $output;
 	}
 

lib/private/AppFramework/Middleware/Security/CORSMiddleware.php

Indentation +102 added lines, -102 removed lines

@@ -45,116 +45,116 @@
  * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
  */
 class CORSMiddleware extends Middleware {
-	/** @var IRequest  */
-	private $request;
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var Session */
-	private $session;
-	/** @var Throttler */
-	private $throttler;
+    /** @var IRequest  */
+    private $request;
+    /** @var ControllerMethodReflector */
+    private $reflector;
+    /** @var Session */
+    private $session;
+    /** @var Throttler */
+    private $throttler;
 
-	/**
-	 * @param IRequest $request
-	 * @param ControllerMethodReflector $reflector
-	 * @param Session $session
-	 * @param Throttler $throttler
-	 */
-	public function __construct(IRequest $request,
-								ControllerMethodReflector $reflector,
-								Session $session,
-								Throttler $throttler) {
-		$this->request = $request;
-		$this->reflector = $reflector;
-		$this->session = $session;
-		$this->throttler = $throttler;
-	}
+    /**
+     * @param IRequest $request
+     * @param ControllerMethodReflector $reflector
+     * @param Session $session
+     * @param Throttler $throttler
+     */
+    public function __construct(IRequest $request,
+                                ControllerMethodReflector $reflector,
+                                Session $session,
+                                Throttler $throttler) {
+        $this->request = $request;
+        $this->reflector = $reflector;
+        $this->session = $session;
+        $this->throttler = $throttler;
+    }
 
-	/**
-	 * This is being run in normal order before the controller is being
-	 * called which allows several modifications and checks
-	 *
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @throws SecurityException
-	 * @since 6.0.0
-	 */
-	public function beforeController($controller, $methodName){
-		// ensure that @CORS annotated API routes are not used in conjunction
-		// with session authentication since this enables CSRF attack vectors
-		if ($this->reflector->hasAnnotation('CORS') &&
-			!$this->reflector->hasAnnotation('PublicPage'))  {
-			$user = $this->request->server['PHP_AUTH_USER'];
-			$pass = $this->request->server['PHP_AUTH_PW'];
+    /**
+     * This is being run in normal order before the controller is being
+     * called which allows several modifications and checks
+     *
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @throws SecurityException
+     * @since 6.0.0
+     */
+    public function beforeController($controller, $methodName){
+        // ensure that @CORS annotated API routes are not used in conjunction
+        // with session authentication since this enables CSRF attack vectors
+        if ($this->reflector->hasAnnotation('CORS') &&
+            !$this->reflector->hasAnnotation('PublicPage'))  {
+            $user = $this->request->server['PHP_AUTH_USER'];
+            $pass = $this->request->server['PHP_AUTH_PW'];
 
-			$this->session->logout();
-			try {
-				if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {
-					throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED);
-				}
-			} catch (PasswordLoginForbiddenException $ex) {
-				throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED);
-			}
-		}
-	}
+            $this->session->logout();
+            try {
+                if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {
+                    throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED);
+                }
+            } catch (PasswordLoginForbiddenException $ex) {
+                throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED);
+            }
+        }
+    }
 
-	/**
-	 * This is being run after a successful controllermethod call and allows
-	 * the manipulation of a Response object. The middleware is run in reverse order
-	 *
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param Response $response the generated response from the controller
-	 * @return Response a Response object
-	 * @throws SecurityException
-	 */
-	public function afterController($controller, $methodName, Response $response){
-		// only react if its a CORS request and if the request sends origin and
+    /**
+     * This is being run after a successful controllermethod call and allows
+     * the manipulation of a Response object. The middleware is run in reverse order
+     *
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param Response $response the generated response from the controller
+     * @return Response a Response object
+     * @throws SecurityException
+     */
+    public function afterController($controller, $methodName, Response $response){
+        // only react if its a CORS request and if the request sends origin and
 
-		if(isset($this->request->server['HTTP_ORIGIN']) &&
-			$this->reflector->hasAnnotation('CORS')) {
+        if(isset($this->request->server['HTTP_ORIGIN']) &&
+            $this->reflector->hasAnnotation('CORS')) {
 
-			// allow credentials headers must not be true or CSRF is possible
-			// otherwise
-			foreach($response->getHeaders() as $header => $value) {
-				if(strtolower($header) === 'access-control-allow-credentials' &&
-				   strtolower(trim($value)) === 'true') {
-					$msg = 'Access-Control-Allow-Credentials must not be '.
-						   'set to true in order to prevent CSRF';
-					throw new SecurityException($msg);
-				}
-			}
+            // allow credentials headers must not be true or CSRF is possible
+            // otherwise
+            foreach($response->getHeaders() as $header => $value) {
+                if(strtolower($header) === 'access-control-allow-credentials' &&
+                   strtolower(trim($value)) === 'true') {
+                    $msg = 'Access-Control-Allow-Credentials must not be '.
+                            'set to true in order to prevent CSRF';
+                    throw new SecurityException($msg);
+                }
+            }
 
-			$origin = $this->request->server['HTTP_ORIGIN'];
-			$response->addHeader('Access-Control-Allow-Origin', $origin);
-		}
-		return $response;
-	}
+            $origin = $this->request->server['HTTP_ORIGIN'];
+            $response->addHeader('Access-Control-Allow-Origin', $origin);
+        }
+        return $response;
+    }
 
-	/**
-	 * If an SecurityException is being caught return a JSON error response
-	 *
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param \Exception $exception the thrown exception
-	 * @throws \Exception the passed in exception if it can't handle it
-	 * @return Response a Response object or null in case that the exception could not be handled
-	 */
-	public function afterException($controller, $methodName, \Exception $exception){
-		if($exception instanceof SecurityException){
-			$response =  new JSONResponse(['message' => $exception->getMessage()]);
-			if($exception->getCode() !== 0) {
-				$response->setStatus($exception->getCode());
-			} else {
-				$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
-			}
-			return $response;
-		}
+    /**
+     * If an SecurityException is being caught return a JSON error response
+     *
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param \Exception $exception the thrown exception
+     * @throws \Exception the passed in exception if it can't handle it
+     * @return Response a Response object or null in case that the exception could not be handled
+     */
+    public function afterException($controller, $methodName, \Exception $exception){
+        if($exception instanceof SecurityException){
+            $response =  new JSONResponse(['message' => $exception->getMessage()]);
+            if($exception->getCode() !== 0) {
+                $response->setStatus($exception->getCode());
+            } else {
+                $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
+            }
+            return $response;
+        }
 
-		throw $exception;
-	}
+        throw $exception;
+    }
 
 }

Spacing +10 added lines, -10 removed lines

@@ -80,11 +80,11 @@ 
 	 * @throws SecurityException
 	 * @since 6.0.0
 	 */
-	public function beforeController($controller, $methodName){
+	public function beforeController($controller, $methodName) {
 		// ensure that @CORS annotated API routes are not used in conjunction
 		// with session authentication since this enables CSRF attack vectors
 		if ($this->reflector->hasAnnotation('CORS') &&
-			!$this->reflector->hasAnnotation('PublicPage'))  {
+			!$this->reflector->hasAnnotation('PublicPage')) {
 			$user = $this->request->server['PHP_AUTH_USER'];
 			$pass = $this->request->server['PHP_AUTH_PW'];
 
@@ -110,16 +110,16 @@ 
 	 * @return Response a Response object
 	 * @throws SecurityException
 	 */
-	public function afterController($controller, $methodName, Response $response){
+	public function afterController($controller, $methodName, Response $response) {
 		// only react if its a CORS request and if the request sends origin and
 
-		if(isset($this->request->server['HTTP_ORIGIN']) &&
+		if (isset($this->request->server['HTTP_ORIGIN']) &&
 			$this->reflector->hasAnnotation('CORS')) {
 
 			// allow credentials headers must not be true or CSRF is possible
 			// otherwise
-			foreach($response->getHeaders() as $header => $value) {
-				if(strtolower($header) === 'access-control-allow-credentials' &&
+			foreach ($response->getHeaders() as $header => $value) {
+				if (strtolower($header) === 'access-control-allow-credentials' &&
 				   strtolower(trim($value)) === 'true') {
 					$msg = 'Access-Control-Allow-Credentials must not be '.
 						   'set to true in order to prevent CSRF';
@@ -143,10 +143,10 @@ 
 	 * @throws \Exception the passed in exception if it can't handle it
 	 * @return Response a Response object or null in case that the exception could not be handled
 	 */
-	public function afterException($controller, $methodName, \Exception $exception){
-		if($exception instanceof SecurityException){
-			$response =  new JSONResponse(['message' => $exception->getMessage()]);
-			if($exception->getCode() !== 0) {
+	public function afterException($controller, $methodName, \Exception $exception) {
+		if ($exception instanceof SecurityException) {
+			$response = new JSONResponse(['message' => $exception->getMessage()]);
+			if ($exception->getCode() !== 0) {
 				$response->setStatus($exception->getCode());
 			} else {
 				$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);

lib/private/AppFramework/Middleware/SessionMiddleware.php

Spacing +1 added lines, -1 removed lines

@@ -71,7 +71,7 @@
 	 * @param Response $response
 	 * @return Response
 	 */
-	public function afterController($controller, $methodName, Response $response){
+	public function afterController($controller, $methodName, Response $response) {
 		$useSession = $this->reflector->hasAnnotation('UseSession');
 		if ($useSession) {
 			$this->session->close();

Indentation +42 added lines, -42 removed lines

@@ -32,52 +32,52 @@
 
 class SessionMiddleware extends Middleware {
 
-	/**
-	 * @var IRequest
-	 */
-	private $request;
+    /**
+     * @var IRequest
+     */
+    private $request;
 
-	/**
-	 * @var ControllerMethodReflector
-	 */
-	private $reflector;
+    /**
+     * @var ControllerMethodReflector
+     */
+    private $reflector;
 
-	/**
-	 * @param IRequest $request
-	 * @param ControllerMethodReflector $reflector
-	 */
-	public function __construct(IRequest $request,
-								ControllerMethodReflector $reflector,
-								ISession $session
+    /**
+     * @param IRequest $request
+     * @param ControllerMethodReflector $reflector
+     */
+    public function __construct(IRequest $request,
+                                ControllerMethodReflector $reflector,
+                                ISession $session
 ) {
-		$this->request = $request;
-		$this->reflector = $reflector;
-		$this->session = $session;
-	}
+        $this->request = $request;
+        $this->reflector = $reflector;
+        $this->session = $session;
+    }
 
-	/**
-	 * @param Controller $controller
-	 * @param string $methodName
-	 */
-	public function beforeController($controller, $methodName) {
-		$useSession = $this->reflector->hasAnnotation('UseSession');
-		if (!$useSession) {
-			$this->session->close();
-		}
-	}
+    /**
+     * @param Controller $controller
+     * @param string $methodName
+     */
+    public function beforeController($controller, $methodName) {
+        $useSession = $this->reflector->hasAnnotation('UseSession');
+        if (!$useSession) {
+            $this->session->close();
+        }
+    }
 
-	/**
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param Response $response
-	 * @return Response
-	 */
-	public function afterController($controller, $methodName, Response $response){
-		$useSession = $this->reflector->hasAnnotation('UseSession');
-		if ($useSession) {
-			$this->session->close();
-		}
-		return $response;
-	}
+    /**
+     * @param Controller $controller
+     * @param string $methodName
+     * @param Response $response
+     * @return Response
+     */
+    public function afterController($controller, $methodName, Response $response){
+        $useSession = $this->reflector->hasAnnotation('UseSession');
+        if ($useSession) {
+            $this->session->close();
+        }
+        return $response;
+    }
 
 }

settings/Middleware/SubadminMiddleware.php

Spacing +3 added lines, -3 removed lines

@@ -59,8 +59,8 @@ 
 	 * @throws \Exception
 	 */
 	public function beforeController($controller, $methodName) {
-		if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {
-			if(!$this->isSubAdmin) {
+		if (!$this->reflector->hasAnnotation('NoSubadminRequired')) {
+			if (!$this->isSubAdmin) {
 				throw new NotAdminException('Logged in user must be a subadmin');
 			}
 		}
@@ -75,7 +75,7 @@ 
 	 * @throws \Exception
 	 */
 	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof NotAdminException) {
+		if ($exception instanceof NotAdminException) {
 			$response = new TemplateResponse('core', '403', array(), 'guest');
 			$response->setStatus(Http::STATUS_FORBIDDEN);
 			return $response;

Indentation +42 added lines, -42 removed lines

@@ -38,51 +38,51 @@
  * @package OC\Settings\Middleware
  */
 class SubadminMiddleware extends Middleware {
-	/** @var bool */
-	protected $isSubAdmin;
-	/** @var ControllerMethodReflector */
-	protected $reflector;
+    /** @var bool */
+    protected $isSubAdmin;
+    /** @var ControllerMethodReflector */
+    protected $reflector;
 
-	/**
-	 * @param ControllerMethodReflector $reflector
-	 * @param bool $isSubAdmin
-	 */
-	public function __construct(ControllerMethodReflector $reflector,
-								$isSubAdmin) {
-		$this->reflector = $reflector;
-		$this->isSubAdmin = $isSubAdmin;
-	}
+    /**
+     * @param ControllerMethodReflector $reflector
+     * @param bool $isSubAdmin
+     */
+    public function __construct(ControllerMethodReflector $reflector,
+                                $isSubAdmin) {
+        $this->reflector = $reflector;
+        $this->isSubAdmin = $isSubAdmin;
+    }
 
-	/**
-	 * Check if sharing is enabled before the controllers is executed
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @throws \Exception
-	 */
-	public function beforeController($controller, $methodName) {
-		if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {
-			if(!$this->isSubAdmin) {
-				throw new NotAdminException('Logged in user must be a subadmin');
-			}
-		}
-	}
+    /**
+     * Check if sharing is enabled before the controllers is executed
+     * @param Controller $controller
+     * @param string $methodName
+     * @throws \Exception
+     */
+    public function beforeController($controller, $methodName) {
+        if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {
+            if(!$this->isSubAdmin) {
+                throw new NotAdminException('Logged in user must be a subadmin');
+            }
+        }
+    }
 
-	/**
-	 * Return 403 page in case of an exception
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param \Exception $exception
-	 * @return TemplateResponse
-	 * @throws \Exception
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof NotAdminException) {
-			$response = new TemplateResponse('core', '403', array(), 'guest');
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
+    /**
+     * Return 403 page in case of an exception
+     * @param Controller $controller
+     * @param string $methodName
+     * @param \Exception $exception
+     * @return TemplateResponse
+     * @throws \Exception
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if($exception instanceof NotAdminException) {
+            $response = new TemplateResponse('core', '403', array(), 'guest');
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
 
-		throw $exception;
-	}
+        throw $exception;
+    }
 
 }

lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php

Indentation +77 added lines, -77 removed lines

@@ -48,87 +48,87 @@
  * @package OC\AppFramework\Middleware\Security
  */
 class RateLimitingMiddleware extends Middleware {
-	/** @var IRequest $request */
-	private $request;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var Limiter */
-	private $limiter;
+    /** @var IRequest $request */
+    private $request;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var ControllerMethodReflector */
+    private $reflector;
+    /** @var Limiter */
+    private $limiter;
 
-	/**
-	 * @param IRequest $request
-	 * @param IUserSession $userSession
-	 * @param ControllerMethodReflector $reflector
-	 * @param Limiter $limiter
-	 */
-	public function __construct(IRequest $request,
-								IUserSession $userSession,
-								ControllerMethodReflector $reflector,
-								Limiter $limiter) {
-		$this->request = $request;
-		$this->userSession = $userSession;
-		$this->reflector = $reflector;
-		$this->limiter = $limiter;
-	}
+    /**
+     * @param IRequest $request
+     * @param IUserSession $userSession
+     * @param ControllerMethodReflector $reflector
+     * @param Limiter $limiter
+     */
+    public function __construct(IRequest $request,
+                                IUserSession $userSession,
+                                ControllerMethodReflector $reflector,
+                                Limiter $limiter) {
+        $this->request = $request;
+        $this->userSession = $userSession;
+        $this->reflector = $reflector;
+        $this->limiter = $limiter;
+    }
 
-	/**
-	 * {@inheritDoc}
-	 * @throws RateLimitExceededException
-	 */
-	public function beforeController($controller, $methodName) {
-		parent::beforeController($controller, $methodName);
+    /**
+     * {@inheritDoc}
+     * @throws RateLimitExceededException
+     */
+    public function beforeController($controller, $methodName) {
+        parent::beforeController($controller, $methodName);
 
-		$anonLimit = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'limit');
-		$anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
-		$userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
-		$userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
-		$rateLimitIdentifier = get_class($controller) . '::' . $methodName;
-		if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
-			$this->limiter->registerUserRequest(
-				$rateLimitIdentifier,
-				$userLimit,
-				$userPeriod,
-				$this->userSession->getUser()
-			);
-		} elseif ($anonLimit !== '' && $anonPeriod !== '') {
-			$this->limiter->registerAnonRequest(
-				$rateLimitIdentifier,
-				$anonLimit,
-				$anonPeriod,
-				$this->request->getRemoteAddress()
-			);
-		}
-	}
+        $anonLimit = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'limit');
+        $anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
+        $userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
+        $userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
+        $rateLimitIdentifier = get_class($controller) . '::' . $methodName;
+        if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
+            $this->limiter->registerUserRequest(
+                $rateLimitIdentifier,
+                $userLimit,
+                $userPeriod,
+                $this->userSession->getUser()
+            );
+        } elseif ($anonLimit !== '' && $anonPeriod !== '') {
+            $this->limiter->registerAnonRequest(
+                $rateLimitIdentifier,
+                $anonLimit,
+                $anonPeriod,
+                $this->request->getRemoteAddress()
+            );
+        }
+    }
 
-	/**
-	 * {@inheritDoc}
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof RateLimitExceededException) {
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
-				$response = new JSONResponse(
-					[
-						'message' => $exception->getMessage(),
-					],
-					$exception->getCode()
-				);
-			} else {
-					$response = new TemplateResponse(
-						'core',
-						'403',
-							[
-								'file' => $exception->getMessage()
-							],
-						'guest'
-					);
-					$response->setStatus($exception->getCode());
-			}
+    /**
+     * {@inheritDoc}
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if($exception instanceof RateLimitExceededException) {
+            if (stripos($this->request->getHeader('Accept'),'html') === false) {
+                $response = new JSONResponse(
+                    [
+                        'message' => $exception->getMessage(),
+                    ],
+                    $exception->getCode()
+                );
+            } else {
+                    $response = new TemplateResponse(
+                        'core',
+                        '403',
+                            [
+                                'file' => $exception->getMessage()
+                            ],
+                        'guest'
+                    );
+                    $response->setStatus($exception->getCode());
+            }
 
-			return $response;
-		}
+            return $response;
+        }
 
-		throw $exception;
-	}
+        throw $exception;
+    }
 }

Spacing +4 added lines, -4 removed lines

@@ -84,8 +84,8 @@ 
 		$anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
 		$userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
 		$userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
-		$rateLimitIdentifier = get_class($controller) . '::' . $methodName;
-		if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
+		$rateLimitIdentifier = get_class($controller).'::'.$methodName;
+		if ($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
 			$this->limiter->registerUserRequest(
 				$rateLimitIdentifier,
 				$userLimit,
@@ -106,8 +106,8 @@ 
 	 * {@inheritDoc}
 	 */
 	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof RateLimitExceededException) {
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
+		if ($exception instanceof RateLimitExceededException) {
+			if (stripos($this->request->getHeader('Accept'), 'html') === false) {
 				$response = new JSONResponse(
 					[
 						'message' => $exception->getMessage(),

Unused Use Statements -1 removed lines

@@ -24,7 +24,6 @@
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Security\RateLimiting\Exception\RateLimitExceededException;
 use OC\Security\RateLimiting\Limiter;
-use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Middleware;

lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php

Spacing +2 added lines, -2 removed lines

@@ -61,7 +61,7 @@ 
 	public function beforeController($controller, $methodName) {
 		parent::beforeController($controller, $methodName);
 
-		if($this->reflector->hasAnnotation('BruteForceProtection')) {
+		if ($this->reflector->hasAnnotation('BruteForceProtection')) {
 			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
 			$this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
 		}
@@ -71,7 +71,7 @@ 
 	 * {@inheritDoc}
 	 */
 	public function afterController($controller, $methodName, Response $response) {
-		if($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
+		if ($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
 			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
 			$ip = $this->request->getRemoteAddress();
 			$this->throttler->sleepDelay($ip, $action);

Indentation +40 added lines, -40 removed lines

@@ -35,49 +35,49 @@
  * @package OC\AppFramework\Middleware\Security
  */
 class BruteForceMiddleware extends Middleware {
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var Throttler */
-	private $throttler;
-	/** @var IRequest */
-	private $request;
+    /** @var ControllerMethodReflector */
+    private $reflector;
+    /** @var Throttler */
+    private $throttler;
+    /** @var IRequest */
+    private $request;
 
-	/**
-	 * @param ControllerMethodReflector $controllerMethodReflector
-	 * @param Throttler $throttler
-	 * @param IRequest $request
-	 */
-	public function __construct(ControllerMethodReflector $controllerMethodReflector,
-								Throttler $throttler,
-								IRequest $request) {
-		$this->reflector = $controllerMethodReflector;
-		$this->throttler = $throttler;
-		$this->request = $request;
-	}
+    /**
+     * @param ControllerMethodReflector $controllerMethodReflector
+     * @param Throttler $throttler
+     * @param IRequest $request
+     */
+    public function __construct(ControllerMethodReflector $controllerMethodReflector,
+                                Throttler $throttler,
+                                IRequest $request) {
+        $this->reflector = $controllerMethodReflector;
+        $this->throttler = $throttler;
+        $this->request = $request;
+    }
 
-	/**
-	 * {@inheritDoc}
-	 */
-	public function beforeController($controller, $methodName) {
-		parent::beforeController($controller, $methodName);
+    /**
+     * {@inheritDoc}
+     */
+    public function beforeController($controller, $methodName) {
+        parent::beforeController($controller, $methodName);
 
-		if($this->reflector->hasAnnotation('BruteForceProtection')) {
-			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
-			$this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
-		}
-	}
+        if($this->reflector->hasAnnotation('BruteForceProtection')) {
+            $action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
+            $this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
+        }
+    }
 
-	/**
-	 * {@inheritDoc}
-	 */
-	public function afterController($controller, $methodName, Response $response) {
-		if($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
-			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
-			$ip = $this->request->getRemoteAddress();
-			$this->throttler->sleepDelay($ip, $action);
-			$this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata());
-		}
+    /**
+     * {@inheritDoc}
+     */
+    public function afterController($controller, $methodName, Response $response) {
+        if($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
+            $action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
+            $ip = $this->request->getRemoteAddress();
+            $this->throttler->sleepDelay($ip, $action);
+            $this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata());
+        }
 
-		return parent::afterController($controller, $methodName, $response);
-	}
+        return parent::afterController($controller, $methodName, $response);
+    }
 }

lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php

Indentation +179 added lines, -179 removed lines

@@ -63,206 +63,206 @@
  * check fails
  */
 class SecurityMiddleware extends Middleware {
-	/** @var INavigationManager */
-	private $navigationManager;
-	/** @var IRequest */
-	private $request;
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var string */
-	private $appName;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ILogger */
-	private $logger;
-	/** @var ISession */
-	private $session;
-	/** @var bool */
-	private $isLoggedIn;
-	/** @var bool */
-	private $isAdminUser;
-	/** @var ContentSecurityPolicyManager */
-	private $contentSecurityPolicyManager;
-	/** @var CsrfTokenManager */
-	private $csrfTokenManager;
-	/** @var ContentSecurityPolicyNonceManager */
-	private $cspNonceManager;
+    /** @var INavigationManager */
+    private $navigationManager;
+    /** @var IRequest */
+    private $request;
+    /** @var ControllerMethodReflector */
+    private $reflector;
+    /** @var string */
+    private $appName;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ILogger */
+    private $logger;
+    /** @var ISession */
+    private $session;
+    /** @var bool */
+    private $isLoggedIn;
+    /** @var bool */
+    private $isAdminUser;
+    /** @var ContentSecurityPolicyManager */
+    private $contentSecurityPolicyManager;
+    /** @var CsrfTokenManager */
+    private $csrfTokenManager;
+    /** @var ContentSecurityPolicyNonceManager */
+    private $cspNonceManager;
 
-	/**
-	 * @param IRequest $request
-	 * @param ControllerMethodReflector $reflector
-	 * @param INavigationManager $navigationManager
-	 * @param IURLGenerator $urlGenerator
-	 * @param ILogger $logger
-	 * @param ISession $session
-	 * @param string $appName
-	 * @param bool $isLoggedIn
-	 * @param bool $isAdminUser
-	 * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
-	 * @param CSRFTokenManager $csrfTokenManager
-	 * @param ContentSecurityPolicyNonceManager $cspNonceManager
-	 */
-	public function __construct(IRequest $request,
-								ControllerMethodReflector $reflector,
-								INavigationManager $navigationManager,
-								IURLGenerator $urlGenerator,
-								ILogger $logger,
-								ISession $session,
-								$appName,
-								$isLoggedIn,
-								$isAdminUser,
-								ContentSecurityPolicyManager $contentSecurityPolicyManager,
-								CsrfTokenManager $csrfTokenManager,
-								ContentSecurityPolicyNonceManager $cspNonceManager) {
-		$this->navigationManager = $navigationManager;
-		$this->request = $request;
-		$this->reflector = $reflector;
-		$this->appName = $appName;
-		$this->urlGenerator = $urlGenerator;
-		$this->logger = $logger;
-		$this->session = $session;
-		$this->isLoggedIn = $isLoggedIn;
-		$this->isAdminUser = $isAdminUser;
-		$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
-		$this->csrfTokenManager = $csrfTokenManager;
-		$this->cspNonceManager = $cspNonceManager;
-	}
+    /**
+     * @param IRequest $request
+     * @param ControllerMethodReflector $reflector
+     * @param INavigationManager $navigationManager
+     * @param IURLGenerator $urlGenerator
+     * @param ILogger $logger
+     * @param ISession $session
+     * @param string $appName
+     * @param bool $isLoggedIn
+     * @param bool $isAdminUser
+     * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
+     * @param CSRFTokenManager $csrfTokenManager
+     * @param ContentSecurityPolicyNonceManager $cspNonceManager
+     */
+    public function __construct(IRequest $request,
+                                ControllerMethodReflector $reflector,
+                                INavigationManager $navigationManager,
+                                IURLGenerator $urlGenerator,
+                                ILogger $logger,
+                                ISession $session,
+                                $appName,
+                                $isLoggedIn,
+                                $isAdminUser,
+                                ContentSecurityPolicyManager $contentSecurityPolicyManager,
+                                CsrfTokenManager $csrfTokenManager,
+                                ContentSecurityPolicyNonceManager $cspNonceManager) {
+        $this->navigationManager = $navigationManager;
+        $this->request = $request;
+        $this->reflector = $reflector;
+        $this->appName = $appName;
+        $this->urlGenerator = $urlGenerator;
+        $this->logger = $logger;
+        $this->session = $session;
+        $this->isLoggedIn = $isLoggedIn;
+        $this->isAdminUser = $isAdminUser;
+        $this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
+        $this->csrfTokenManager = $csrfTokenManager;
+        $this->cspNonceManager = $cspNonceManager;
+    }
 
-	/**
-	 * This runs all the security checks before a method call. The
-	 * security checks are determined by inspecting the controller method
-	 * annotations
-	 * @param Controller $controller the controller
-	 * @param string $methodName the name of the method
-	 * @throws SecurityException when a security check fails
-	 */
-	public function beforeController($controller, $methodName) {
+    /**
+     * This runs all the security checks before a method call. The
+     * security checks are determined by inspecting the controller method
+     * annotations
+     * @param Controller $controller the controller
+     * @param string $methodName the name of the method
+     * @throws SecurityException when a security check fails
+     */
+    public function beforeController($controller, $methodName) {
 
-		// this will set the current navigation entry of the app, use this only
-		// for normal HTML requests and not for AJAX requests
-		$this->navigationManager->setActiveEntry($this->appName);
+        // this will set the current navigation entry of the app, use this only
+        // for normal HTML requests and not for AJAX requests
+        $this->navigationManager->setActiveEntry($this->appName);
 
-		// security checks
-		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
-		if(!$isPublicPage) {
-			if(!$this->isLoggedIn) {
-				throw new NotLoggedInException();
-			}
+        // security checks
+        $isPublicPage = $this->reflector->hasAnnotation('PublicPage');
+        if(!$isPublicPage) {
+            if(!$this->isLoggedIn) {
+                throw new NotLoggedInException();
+            }
 
-			if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
-				if(!$this->isAdminUser) {
-					throw new NotAdminException();
-				}
-			}
-		}
+            if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
+                if(!$this->isAdminUser) {
+                    throw new NotAdminException();
+                }
+            }
+        }
 
-		if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
-			$lastConfirm = (int) $this->session->get('last-password-confirm');
-			if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
-				throw new NotConfirmedException();
-			}
-		}
+        if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
+            $lastConfirm = (int) $this->session->get('last-password-confirm');
+            if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
+                throw new NotConfirmedException();
+            }
+        }
 
-		// Check for strict cookie requirement
-		if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			if(!$this->request->passesStrictCookieCheck()) {
-				throw new StrictCookieMissingException();
-			}
-		}
-		// CSRF check - also registers the CSRF token since the session may be closed later
-		Util::callRegister();
-		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			/*
+        // Check for strict cookie requirement
+        if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
+            if(!$this->request->passesStrictCookieCheck()) {
+                throw new StrictCookieMissingException();
+            }
+        }
+        // CSRF check - also registers the CSRF token since the session may be closed later
+        Util::callRegister();
+        if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
+            /*
 			 * Only allow the CSRF check to fail on OCS Requests. This kind of
 			 * hacks around that we have no full token auth in place yet and we
 			 * do want to offer CSRF checks for web requests.
 			 */
-			if(!$this->request->passesCSRFCheck() && !(
-					$controller instanceof OCSController &&
-					$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
-				throw new CrossSiteRequestForgeryException();
-			}
-		}
+            if(!$this->request->passesCSRFCheck() && !(
+                    $controller instanceof OCSController &&
+                    $this->request->getHeader('OCS-APIREQUEST') === 'true')) {
+                throw new CrossSiteRequestForgeryException();
+            }
+        }
 
-		/**
-		 * FIXME: Use DI once available
-		 * Checks if app is enabled (also includes a check whether user is allowed to access the resource)
-		 * The getAppPath() check is here since components such as settings also use the AppFramework and
-		 * therefore won't pass this check.
-		 */
-		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
-			throw new AppNotEnabledException();
-		}
+        /**
+         * FIXME: Use DI once available
+         * Checks if app is enabled (also includes a check whether user is allowed to access the resource)
+         * The getAppPath() check is here since components such as settings also use the AppFramework and
+         * therefore won't pass this check.
+         */
+        if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+            throw new AppNotEnabledException();
+        }
 
-	}
+    }
 
-	/**
-	 * Performs the default CSP modifications that may be injected by other
-	 * applications
-	 *
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param Response $response
-	 * @return Response
-	 */
-	public function afterController($controller, $methodName, Response $response) {
-		$policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy();
+    /**
+     * Performs the default CSP modifications that may be injected by other
+     * applications
+     *
+     * @param Controller $controller
+     * @param string $methodName
+     * @param Response $response
+     * @return Response
+     */
+    public function afterController($controller, $methodName, Response $response) {
+        $policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy();
 
-		if (get_class($policy) === EmptyContentSecurityPolicy::class) {
-			return $response;
-		}
+        if (get_class($policy) === EmptyContentSecurityPolicy::class) {
+            return $response;
+        }
 
-		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
-		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
+        $defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
+        $defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
 
-		if($this->cspNonceManager->browserSupportsCspV3()) {
-			$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
-		}
+        if($this->cspNonceManager->browserSupportsCspV3()) {
+            $defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
+        }
 
-		$response->setContentSecurityPolicy($defaultPolicy);
+        $response->setContentSecurityPolicy($defaultPolicy);
 
-		return $response;
-	}
+        return $response;
+    }
 
-	/**
-	 * If an SecurityException is being caught, ajax requests return a JSON error
-	 * response and non ajax requests redirect to the index
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param \Exception $exception the thrown exception
-	 * @throws \Exception the passed in exception if it can't handle it
-	 * @return Response a Response object or null in case that the exception could not be handled
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof SecurityException) {
-			if($exception instanceof StrictCookieMissingException) {
-				return new RedirectResponse(\OC::$WEBROOT);
- 			}
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
-				$response = new JSONResponse(
-					array('message' => $exception->getMessage()),
-					$exception->getCode()
-				);
-			} else {
-				if($exception instanceof NotLoggedInException) {
-					$params = [];
-					if (isset($this->request->server['REQUEST_URI'])) {
-						$params['redirect_url'] = $this->request->server['REQUEST_URI'];
-					}
-					$url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params);
-					$response = new RedirectResponse($url);
-				} else {
-					$response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
-					$response->setStatus($exception->getCode());
-				}
-			}
+    /**
+     * If an SecurityException is being caught, ajax requests return a JSON error
+     * response and non ajax requests redirect to the index
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param \Exception $exception the thrown exception
+     * @throws \Exception the passed in exception if it can't handle it
+     * @return Response a Response object or null in case that the exception could not be handled
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if($exception instanceof SecurityException) {
+            if($exception instanceof StrictCookieMissingException) {
+                return new RedirectResponse(\OC::$WEBROOT);
+                }
+            if (stripos($this->request->getHeader('Accept'),'html') === false) {
+                $response = new JSONResponse(
+                    array('message' => $exception->getMessage()),
+                    $exception->getCode()
+                );
+            } else {
+                if($exception instanceof NotLoggedInException) {
+                    $params = [];
+                    if (isset($this->request->server['REQUEST_URI'])) {
+                        $params['redirect_url'] = $this->request->server['REQUEST_URI'];
+                    }
+                    $url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params);
+                    $response = new RedirectResponse($url);
+                } else {
+                    $response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
+                    $response->setStatus($exception->getCode());
+                }
+            }
 
-			$this->logger->debug($exception->getMessage());
-			return $response;
-		}
+            $this->logger->debug($exception->getMessage());
+            return $response;
+        }
 
-		throw $exception;
-	}
+        throw $exception;
+    }
 
 }

Spacing +14 added lines, -14 removed lines

@@ -144,13 +144,13 @@ 
 
 		// security checks
 		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
-		if(!$isPublicPage) {
-			if(!$this->isLoggedIn) {
+		if (!$isPublicPage) {
+			if (!$this->isLoggedIn) {
 				throw new NotLoggedInException();
 			}
 
-			if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
-				if(!$this->isAdminUser) {
+			if (!$this->reflector->hasAnnotation('NoAdminRequired')) {
+				if (!$this->isAdminUser) {
 					throw new NotAdminException();
 				}
 			}
@@ -164,20 +164,20 @@ 
 		}
 
 		// Check for strict cookie requirement
-		if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			if(!$this->request->passesStrictCookieCheck()) {
+		if ($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
+			if (!$this->request->passesStrictCookieCheck()) {
 				throw new StrictCookieMissingException();
 			}
 		}
 		// CSRF check - also registers the CSRF token since the session may be closed later
 		Util::callRegister();
-		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
+		if (!$this->reflector->hasAnnotation('NoCSRFRequired')) {
 			/*
 			 * Only allow the CSRF check to fail on OCS Requests. This kind of
 			 * hacks around that we have no full token auth in place yet and we
 			 * do want to offer CSRF checks for web requests.
 			 */
-			if(!$this->request->passesCSRFCheck() && !(
+			if (!$this->request->passesCSRFCheck() && !(
 					$controller instanceof OCSController &&
 					$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
 				throw new CrossSiteRequestForgeryException();
@@ -190,7 +190,7 @@ 
 		 * The getAppPath() check is here since components such as settings also use the AppFramework and
 		 * therefore won't pass this check.
 		 */
-		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+		if (\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
 			throw new AppNotEnabledException();
 		}
 
@@ -215,7 +215,7 @@ 
 		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
 		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
 
-		if($this->cspNonceManager->browserSupportsCspV3()) {
+		if ($this->cspNonceManager->browserSupportsCspV3()) {
 			$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
 		}
 
@@ -235,17 +235,17 @@ 
 	 * @return Response a Response object or null in case that the exception could not be handled
 	 */
 	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof SecurityException) {
-			if($exception instanceof StrictCookieMissingException) {
+		if ($exception instanceof SecurityException) {
+			if ($exception instanceof StrictCookieMissingException) {
 				return new RedirectResponse(\OC::$WEBROOT);
  			}
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
+			if (stripos($this->request->getHeader('Accept'), 'html') === false) {
 				$response = new JSONResponse(
 					array('message' => $exception->getMessage()),
 					$exception->getCode()
 				);
 			} else {
-				if($exception instanceof NotLoggedInException) {
+				if ($exception instanceof NotLoggedInException) {
 					$params = [];
 					if (isset($this->request->server['REQUEST_URI'])) {
 						$params['redirect_url'] = $this->request->server['REQUEST_URI'];

apps/files_sharing/lib/Middleware/SharingCheckMiddleware.php

Spacing +4 added lines, -4 removed lines

@@ -92,7 +92,7 @@ 
 	 * @throws ShareNotFound
 	 */
 	public function beforeController($controller, $methodName) {
-		if(!$this->isSharingEnabled()) {
+		if (!$this->isSharingEnabled()) {
 			throw new NotFoundException('Sharing is disabled.');
 		}
 
@@ -119,7 +119,7 @@ 
 	 * @throws \Exception
 	 */
 	public function afterException($controller, $methodName, \Exception $exception) {
-		if(is_a($exception, '\OCP\Files\NotFoundException')) {
+		if (is_a($exception, '\OCP\Files\NotFoundException')) {
 			return new NotFoundResponse();
 		}
 
@@ -156,7 +156,7 @@ 
 	private function isSharingEnabled() {
 		// FIXME: This check is done here since the route is globally defined and not inside the files_sharing app
 		// Check whether the sharing application is enabled
-		if(!$this->appManager->isEnabledForUser($this->appName)) {
+		if (!$this->appManager->isEnabledForUser($this->appName)) {
 			return false;
 		}
 
@@ -174,7 +174,7 @@ 
 		}
 
 		// Check whether public sharing is enabled
-		if($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
+		if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
 			return false;
 		}
 

Indentation +127 added lines, -127 removed lines

@@ -47,20 +47,20 @@ 
  */
 class SharingCheckMiddleware extends Middleware {
 
-	/** @var string */
-	protected $appName;
-	/** @var IConfig */
-	protected $config;
-	/** @var IAppManager */
-	protected $appManager;
-	/** @var IControllerMethodReflector */
-	protected $reflector;
-	/** @var IManager */
-	protected $shareManager;
-	/** @var IRequest */
-	protected $request;
-
-	/***
+    /** @var string */
+    protected $appName;
+    /** @var IConfig */
+    protected $config;
+    /** @var IAppManager */
+    protected $appManager;
+    /** @var IControllerMethodReflector */
+    protected $reflector;
+    /** @var IManager */
+    protected $shareManager;
+    /** @var IRequest */
+    protected $request;
+
+    /***
 	 * @param string $appName
 	 * @param IConfig $config
 	 * @param IAppManager $appManager
@@ -68,118 +68,118 @@ 
 	 * @param IManager $shareManager
 	 * @param IRequest $request
 	 */
-	public function __construct($appName,
-								IConfig $config,
-								IAppManager $appManager,
-								IControllerMethodReflector $reflector,
-								IManager $shareManager,
-								IRequest $request
-								) {
-		$this->appName = $appName;
-		$this->config = $config;
-		$this->appManager = $appManager;
-		$this->reflector = $reflector;
-		$this->shareManager = $shareManager;
-		$this->request = $request;
-	}
-
-	/**
-	 * Check if sharing is enabled before the controllers is executed
-	 *
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @throws NotFoundException
-	 * @throws S2SException
-	 * @throws ShareNotFound
-	 */
-	public function beforeController($controller, $methodName) {
-		if(!$this->isSharingEnabled()) {
-			throw new NotFoundException('Sharing is disabled.');
-		}
-
-		if ($controller instanceof ExternalSharesController &&
-			!$this->externalSharesChecks()) {
-			throw new S2SException('Federated sharing not allowed');
-		} else if ($controller instanceof ShareController) {
-			$token = $this->request->getParam('token');
-			$share = $this->shareManager->getShareByToken($token);
-			if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK
-				&& !$this->isLinkSharingEnabled()) {
-				throw new NotFoundException('Link sharing is disabled');
-			}
-		}
-	}
-
-	/**
-	 * Return 404 page in case of a not found exception
-	 *
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param \Exception $exception
-	 * @return NotFoundResponse
-	 * @throws \Exception
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if(is_a($exception, '\OCP\Files\NotFoundException')) {
-			return new NotFoundResponse();
-		}
-
-		if (is_a($exception, '\OCA\Files_Sharing\Exceptions\S2SException')) {
-			return new JSONResponse($exception->getMessage(), 405);
-		}
-
-		throw $exception;
-	}
-
-	/**
-	 * Checks for externalshares controller
-	 * @return bool
-	 */
-	private function externalSharesChecks() {
-
-		if (!$this->reflector->hasAnnotation('NoIncomingFederatedSharingRequired') &&
-			$this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') !== 'yes') {
-			return false;
-		}
-
-		if (!$this->reflector->hasAnnotation('NoOutgoingFederatedSharingRequired') &&
-		    $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') !== 'yes') {
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check whether sharing is enabled
-	 * @return bool
-	 */
-	private function isSharingEnabled() {
-		// FIXME: This check is done here since the route is globally defined and not inside the files_sharing app
-		// Check whether the sharing application is enabled
-		if(!$this->appManager->isEnabledForUser($this->appName)) {
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check if link sharing is allowed
-	 * @return bool
-	 */
-	private function isLinkSharingEnabled() {
-		// Check if the shareAPI is enabled
-		if ($this->config->getAppValue('core', 'shareapi_enabled', 'yes') !== 'yes') {
-			return false;
-		}
-
-		// Check whether public sharing is enabled
-		if($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
-			return false;
-		}
-
-		return true;
-	}
+    public function __construct($appName,
+                                IConfig $config,
+                                IAppManager $appManager,
+                                IControllerMethodReflector $reflector,
+                                IManager $shareManager,
+                                IRequest $request
+                                ) {
+        $this->appName = $appName;
+        $this->config = $config;
+        $this->appManager = $appManager;
+        $this->reflector = $reflector;
+        $this->shareManager = $shareManager;
+        $this->request = $request;
+    }
+
+    /**
+     * Check if sharing is enabled before the controllers is executed
+     *
+     * @param Controller $controller
+     * @param string $methodName
+     * @throws NotFoundException
+     * @throws S2SException
+     * @throws ShareNotFound
+     */
+    public function beforeController($controller, $methodName) {
+        if(!$this->isSharingEnabled()) {
+            throw new NotFoundException('Sharing is disabled.');
+        }
+
+        if ($controller instanceof ExternalSharesController &&
+            !$this->externalSharesChecks()) {
+            throw new S2SException('Federated sharing not allowed');
+        } else if ($controller instanceof ShareController) {
+            $token = $this->request->getParam('token');
+            $share = $this->shareManager->getShareByToken($token);
+            if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK
+                && !$this->isLinkSharingEnabled()) {
+                throw new NotFoundException('Link sharing is disabled');
+            }
+        }
+    }
+
+    /**
+     * Return 404 page in case of a not found exception
+     *
+     * @param Controller $controller
+     * @param string $methodName
+     * @param \Exception $exception
+     * @return NotFoundResponse
+     * @throws \Exception
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if(is_a($exception, '\OCP\Files\NotFoundException')) {
+            return new NotFoundResponse();
+        }
+
+        if (is_a($exception, '\OCA\Files_Sharing\Exceptions\S2SException')) {
+            return new JSONResponse($exception->getMessage(), 405);
+        }
+
+        throw $exception;
+    }
+
+    /**
+     * Checks for externalshares controller
+     * @return bool
+     */
+    private function externalSharesChecks() {
+
+        if (!$this->reflector->hasAnnotation('NoIncomingFederatedSharingRequired') &&
+            $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') !== 'yes') {
+            return false;
+        }
+
+        if (!$this->reflector->hasAnnotation('NoOutgoingFederatedSharingRequired') &&
+            $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') !== 'yes') {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Check whether sharing is enabled
+     * @return bool
+     */
+    private function isSharingEnabled() {
+        // FIXME: This check is done here since the route is globally defined and not inside the files_sharing app
+        // Check whether the sharing application is enabled
+        if(!$this->appManager->isEnabledForUser($this->appName)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if link sharing is allowed
+     * @return bool
+     */
+    private function isLinkSharingEnabled() {
+        // Check if the shareAPI is enabled
+        if ($this->config->getAppValue('core', 'shareapi_enabled', 'yes') !== 'yes') {
+            return false;
+        }
+
+        // Check whether public sharing is enabled
+        if($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
+            return false;
+        }
+
+        return true;
+    }
 
 }

apps/federation/lib/Middleware/AddServerMiddleware.php

Indentation +35 added lines, -35 removed lines

@@ -35,46 +35,46 @@
 
 class AddServerMiddleware extends Middleware {
 
-	/** @var  string */
-	protected $appName;
+    /** @var  string */
+    protected $appName;
 
-	/** @var  IL10N */
-	protected $l;
+    /** @var  IL10N */
+    protected $l;
 
-	/** @var  ILogger */
-	protected $logger;
+    /** @var  ILogger */
+    protected $logger;
 
-	public function __construct($appName, IL10N $l, ILogger $logger) {
-		$this->appName = $appName;
-		$this->l = $l;
-		$this->logger = $logger;
-	}
+    public function __construct($appName, IL10N $l, ILogger $logger) {
+        $this->appName = $appName;
+        $this->l = $l;
+        $this->logger = $logger;
+    }
 
-	/**
-	 * Log error message and return a response which can be displayed to the user
-	 *
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param \Exception $exception
-	 * @return JSONResponse
-	 * @throws \Exception
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if (($controller instanceof SettingsController) === false) {
-			throw $exception;
-		}
-		$this->logger->error($exception->getMessage(), ['app' => $this->appName]);
-		if ($exception instanceof HintException) {
-			$message = $exception->getHint();
-		} else {
-			$message = $exception->getMessage();
-		}
+    /**
+     * Log error message and return a response which can be displayed to the user
+     *
+     * @param Controller $controller
+     * @param string $methodName
+     * @param \Exception $exception
+     * @return JSONResponse
+     * @throws \Exception
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if (($controller instanceof SettingsController) === false) {
+            throw $exception;
+        }
+        $this->logger->error($exception->getMessage(), ['app' => $this->appName]);
+        if ($exception instanceof HintException) {
+            $message = $exception->getHint();
+        } else {
+            $message = $exception->getMessage();
+        }
 
-		return new JSONResponse(
-			['message' => $message],
-			Http::STATUS_BAD_REQUEST
-		);
+        return new JSONResponse(
+            ['message' => $message],
+            Http::STATUS_BAD_REQUEST
+        );
 
-	}
+    }
 
 }