nextcloud /
server
@@ -32,52 +32,52 @@ |
||
| 32 | 32 | |
| 33 | 33 | class SessionMiddleware extends Middleware { |
| 34 | 34 | |
| 35 | - /** |
|
| 36 | - * @var IRequest |
|
| 37 | - */ |
|
| 38 | - private $request; |
|
| 35 | + /** |
|
| 36 | + * @var IRequest |
|
| 37 | + */ |
|
| 38 | + private $request; |
|
| 39 | 39 | |
| 40 | - /** |
|
| 41 | - * @var ControllerMethodReflector |
|
| 42 | - */ |
|
| 43 | - private $reflector; |
|
| 40 | + /** |
|
| 41 | + * @var ControllerMethodReflector |
|
| 42 | + */ |
|
| 43 | + private $reflector; |
|
| 44 | 44 | |
| 45 | - /** |
|
| 46 | - * @param IRequest $request |
|
| 47 | - * @param ControllerMethodReflector $reflector |
|
| 48 | - */ |
|
| 49 | - public function __construct(IRequest $request, |
|
| 50 | - ControllerMethodReflector $reflector, |
|
| 51 | - ISession $session |
|
| 45 | + /** |
|
| 46 | + * @param IRequest $request |
|
| 47 | + * @param ControllerMethodReflector $reflector |
|
| 48 | + */ |
|
| 49 | + public function __construct(IRequest $request, |
|
| 50 | + ControllerMethodReflector $reflector, |
|
| 51 | + ISession $session |
|
| 52 | 52 | ) { |
| 53 | - $this->request = $request; |
|
| 54 | - $this->reflector = $reflector; |
|
| 55 | - $this->session = $session; |
|
| 56 | - } |
|
| 53 | + $this->request = $request; |
|
| 54 | + $this->reflector = $reflector; |
|
| 55 | + $this->session = $session; |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - /** |
|
| 59 | - * @param Controller $controller |
|
| 60 | - * @param string $methodName |
|
| 61 | - */ |
|
| 62 | - public function beforeController($controller, $methodName) { |
|
| 63 | - $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 64 | - if (!$useSession) { |
|
| 65 | - $this->session->close(); |
|
| 66 | - } |
|
| 67 | - } |
|
| 58 | + /** |
|
| 59 | + * @param Controller $controller |
|
| 60 | + * @param string $methodName |
|
| 61 | + */ |
|
| 62 | + public function beforeController($controller, $methodName) { |
|
| 63 | + $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 64 | + if (!$useSession) { |
|
| 65 | + $this->session->close(); |
|
| 66 | + } |
|
| 67 | + } |
|
| 68 | 68 | |
| 69 | - /** |
|
| 70 | - * @param Controller $controller |
|
| 71 | - * @param string $methodName |
|
| 72 | - * @param Response $response |
|
| 73 | - * @return Response |
|
| 74 | - */ |
|
| 75 | - public function afterController($controller, $methodName, Response $response){ |
|
| 76 | - $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 77 | - if ($useSession) { |
|
| 78 | - $this->session->close(); |
|
| 79 | - } |
|
| 80 | - return $response; |
|
| 81 | - } |
|
| 69 | + /** |
|
| 70 | + * @param Controller $controller |
|
| 71 | + * @param string $methodName |
|
| 72 | + * @param Response $response |
|
| 73 | + * @return Response |
|
| 74 | + */ |
|
| 75 | + public function afterController($controller, $methodName, Response $response){ |
|
| 76 | + $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 77 | + if ($useSession) { |
|
| 78 | + $this->session->close(); |
|
| 79 | + } |
|
| 80 | + return $response; |
|
| 81 | + } |
|
| 82 | 82 | |
| 83 | 83 | } |
@@ -38,51 +38,51 @@ |
||
| 38 | 38 | * @package OC\Settings\Middleware |
| 39 | 39 | */ |
| 40 | 40 | class SubadminMiddleware extends Middleware { |
| 41 | - /** @var bool */ |
|
| 42 | - protected $isSubAdmin; |
|
| 43 | - /** @var ControllerMethodReflector */ |
|
| 44 | - protected $reflector; |
|
| 41 | + /** @var bool */ |
|
| 42 | + protected $isSubAdmin; |
|
| 43 | + /** @var ControllerMethodReflector */ |
|
| 44 | + protected $reflector; |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * @param ControllerMethodReflector $reflector |
|
| 48 | - * @param bool $isSubAdmin |
|
| 49 | - */ |
|
| 50 | - public function __construct(ControllerMethodReflector $reflector, |
|
| 51 | - $isSubAdmin) { |
|
| 52 | - $this->reflector = $reflector; |
|
| 53 | - $this->isSubAdmin = $isSubAdmin; |
|
| 54 | - } |
|
| 46 | + /** |
|
| 47 | + * @param ControllerMethodReflector $reflector |
|
| 48 | + * @param bool $isSubAdmin |
|
| 49 | + */ |
|
| 50 | + public function __construct(ControllerMethodReflector $reflector, |
|
| 51 | + $isSubAdmin) { |
|
| 52 | + $this->reflector = $reflector; |
|
| 53 | + $this->isSubAdmin = $isSubAdmin; |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | - /** |
|
| 57 | - * Check if sharing is enabled before the controllers is executed |
|
| 58 | - * @param Controller $controller |
|
| 59 | - * @param string $methodName |
|
| 60 | - * @throws \Exception |
|
| 61 | - */ |
|
| 62 | - public function beforeController($controller, $methodName) { |
|
| 63 | - if(!$this->reflector->hasAnnotation('NoSubadminRequired')) { |
|
| 64 | - if(!$this->isSubAdmin) { |
|
| 65 | - throw new NotAdminException('Logged in user must be a subadmin'); |
|
| 66 | - } |
|
| 67 | - } |
|
| 68 | - } |
|
| 56 | + /** |
|
| 57 | + * Check if sharing is enabled before the controllers is executed |
|
| 58 | + * @param Controller $controller |
|
| 59 | + * @param string $methodName |
|
| 60 | + * @throws \Exception |
|
| 61 | + */ |
|
| 62 | + public function beforeController($controller, $methodName) { |
|
| 63 | + if(!$this->reflector->hasAnnotation('NoSubadminRequired')) { |
|
| 64 | + if(!$this->isSubAdmin) { |
|
| 65 | + throw new NotAdminException('Logged in user must be a subadmin'); |
|
| 66 | + } |
|
| 67 | + } |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - /** |
|
| 71 | - * Return 403 page in case of an exception |
|
| 72 | - * @param Controller $controller |
|
| 73 | - * @param string $methodName |
|
| 74 | - * @param \Exception $exception |
|
| 75 | - * @return TemplateResponse |
|
| 76 | - * @throws \Exception |
|
| 77 | - */ |
|
| 78 | - public function afterException($controller, $methodName, \Exception $exception) { |
|
| 79 | - if($exception instanceof NotAdminException) { |
|
| 80 | - $response = new TemplateResponse('core', '403', array(), 'guest'); |
|
| 81 | - $response->setStatus(Http::STATUS_FORBIDDEN); |
|
| 82 | - return $response; |
|
| 83 | - } |
|
| 70 | + /** |
|
| 71 | + * Return 403 page in case of an exception |
|
| 72 | + * @param Controller $controller |
|
| 73 | + * @param string $methodName |
|
| 74 | + * @param \Exception $exception |
|
| 75 | + * @return TemplateResponse |
|
| 76 | + * @throws \Exception |
|
| 77 | + */ |
|
| 78 | + public function afterException($controller, $methodName, \Exception $exception) { |
|
| 79 | + if($exception instanceof NotAdminException) { |
|
| 80 | + $response = new TemplateResponse('core', '403', array(), 'guest'); |
|
| 81 | + $response->setStatus(Http::STATUS_FORBIDDEN); |
|
| 82 | + return $response; |
|
| 83 | + } |
|
| 84 | 84 | |
| 85 | - throw $exception; |
|
| 86 | - } |
|
| 85 | + throw $exception; |
|
| 86 | + } |
|
| 87 | 87 | |
| 88 | 88 | } |
@@ -41,100 +41,100 @@ |
||
| 41 | 41 | |
| 42 | 42 | class TwoFactorMiddleware extends Middleware { |
| 43 | 43 | |
| 44 | - /** @var Manager */ |
|
| 45 | - private $twoFactorManager; |
|
| 46 | - |
|
| 47 | - /** @var Session */ |
|
| 48 | - private $userSession; |
|
| 49 | - |
|
| 50 | - /** @var ISession */ |
|
| 51 | - private $session; |
|
| 52 | - |
|
| 53 | - /** @var IURLGenerator */ |
|
| 54 | - private $urlGenerator; |
|
| 55 | - |
|
| 56 | - /** @var IControllerMethodReflector */ |
|
| 57 | - private $reflector; |
|
| 58 | - |
|
| 59 | - /** @var IRequest */ |
|
| 60 | - private $request; |
|
| 61 | - |
|
| 62 | - /** |
|
| 63 | - * @param Manager $twoFactorManager |
|
| 64 | - * @param Session $userSession |
|
| 65 | - * @param ISession $session |
|
| 66 | - * @param IURLGenerator $urlGenerator |
|
| 67 | - */ |
|
| 68 | - public function __construct(Manager $twoFactorManager, Session $userSession, ISession $session, |
|
| 69 | - IURLGenerator $urlGenerator, IControllerMethodReflector $reflector, IRequest $request) { |
|
| 70 | - $this->twoFactorManager = $twoFactorManager; |
|
| 71 | - $this->userSession = $userSession; |
|
| 72 | - $this->session = $session; |
|
| 73 | - $this->urlGenerator = $urlGenerator; |
|
| 74 | - $this->reflector = $reflector; |
|
| 75 | - $this->request = $request; |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - /** |
|
| 79 | - * @param Controller $controller |
|
| 80 | - * @param string $methodName |
|
| 81 | - */ |
|
| 82 | - public function beforeController($controller, $methodName) { |
|
| 83 | - if ($this->reflector->hasAnnotation('PublicPage')) { |
|
| 84 | - // Don't block public pages |
|
| 85 | - return; |
|
| 86 | - } |
|
| 87 | - |
|
| 88 | - if ($controller instanceof LoginController && $methodName === 'logout') { |
|
| 89 | - // Don't block the logout page, to allow canceling the 2FA |
|
| 90 | - return; |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - if ($this->userSession->isLoggedIn()) { |
|
| 94 | - $user = $this->userSession->getUser(); |
|
| 95 | - |
|
| 96 | - if ($this->twoFactorManager->isTwoFactorAuthenticated($user)) { |
|
| 97 | - $this->checkTwoFactor($controller, $methodName, $user); |
|
| 98 | - } else if ($controller instanceof TwoFactorChallengeController) { |
|
| 99 | - // Allow access to the two-factor controllers only if two-factor authentication |
|
| 100 | - // is in progress. |
|
| 101 | - throw new UserAlreadyLoggedInException(); |
|
| 102 | - } |
|
| 103 | - } |
|
| 104 | - // TODO: dont check/enforce 2FA if a auth token is used |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - private function checkTwoFactor(Controller $controller, $methodName, IUser $user) { |
|
| 108 | - // If two-factor auth is in progress disallow access to any controllers |
|
| 109 | - // defined within "LoginController". |
|
| 110 | - $needsSecondFactor = $this->twoFactorManager->needsSecondFactor($user); |
|
| 111 | - $twoFactor = $controller instanceof TwoFactorChallengeController; |
|
| 112 | - |
|
| 113 | - // Disallow access to any controller if 2FA needs to be checked |
|
| 114 | - if ($needsSecondFactor && !$twoFactor) { |
|
| 115 | - throw new TwoFactorAuthRequiredException(); |
|
| 116 | - } |
|
| 117 | - |
|
| 118 | - // Allow access to the two-factor controllers only if two-factor authentication |
|
| 119 | - // is in progress. |
|
| 120 | - if (!$needsSecondFactor && $twoFactor) { |
|
| 121 | - throw new UserAlreadyLoggedInException(); |
|
| 122 | - } |
|
| 123 | - } |
|
| 124 | - |
|
| 125 | - public function afterException($controller, $methodName, Exception $exception) { |
|
| 126 | - if ($exception instanceof TwoFactorAuthRequiredException) { |
|
| 127 | - $params = []; |
|
| 128 | - if (isset($this->request->server['REQUEST_URI'])) { |
|
| 129 | - $params['redirect_url'] = $this->request->server['REQUEST_URI']; |
|
| 130 | - } |
|
| 131 | - return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params)); |
|
| 132 | - } |
|
| 133 | - if ($exception instanceof UserAlreadyLoggedInException) { |
|
| 134 | - return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index')); |
|
| 135 | - } |
|
| 136 | - |
|
| 137 | - throw $exception; |
|
| 138 | - } |
|
| 44 | + /** @var Manager */ |
|
| 45 | + private $twoFactorManager; |
|
| 46 | + |
|
| 47 | + /** @var Session */ |
|
| 48 | + private $userSession; |
|
| 49 | + |
|
| 50 | + /** @var ISession */ |
|
| 51 | + private $session; |
|
| 52 | + |
|
| 53 | + /** @var IURLGenerator */ |
|
| 54 | + private $urlGenerator; |
|
| 55 | + |
|
| 56 | + /** @var IControllerMethodReflector */ |
|
| 57 | + private $reflector; |
|
| 58 | + |
|
| 59 | + /** @var IRequest */ |
|
| 60 | + private $request; |
|
| 61 | + |
|
| 62 | + /** |
|
| 63 | + * @param Manager $twoFactorManager |
|
| 64 | + * @param Session $userSession |
|
| 65 | + * @param ISession $session |
|
| 66 | + * @param IURLGenerator $urlGenerator |
|
| 67 | + */ |
|
| 68 | + public function __construct(Manager $twoFactorManager, Session $userSession, ISession $session, |
|
| 69 | + IURLGenerator $urlGenerator, IControllerMethodReflector $reflector, IRequest $request) { |
|
| 70 | + $this->twoFactorManager = $twoFactorManager; |
|
| 71 | + $this->userSession = $userSession; |
|
| 72 | + $this->session = $session; |
|
| 73 | + $this->urlGenerator = $urlGenerator; |
|
| 74 | + $this->reflector = $reflector; |
|
| 75 | + $this->request = $request; |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + /** |
|
| 79 | + * @param Controller $controller |
|
| 80 | + * @param string $methodName |
|
| 81 | + */ |
|
| 82 | + public function beforeController($controller, $methodName) { |
|
| 83 | + if ($this->reflector->hasAnnotation('PublicPage')) { |
|
| 84 | + // Don't block public pages |
|
| 85 | + return; |
|
| 86 | + } |
|
| 87 | + |
|
| 88 | + if ($controller instanceof LoginController && $methodName === 'logout') { |
|
| 89 | + // Don't block the logout page, to allow canceling the 2FA |
|
| 90 | + return; |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + if ($this->userSession->isLoggedIn()) { |
|
| 94 | + $user = $this->userSession->getUser(); |
|
| 95 | + |
|
| 96 | + if ($this->twoFactorManager->isTwoFactorAuthenticated($user)) { |
|
| 97 | + $this->checkTwoFactor($controller, $methodName, $user); |
|
| 98 | + } else if ($controller instanceof TwoFactorChallengeController) { |
|
| 99 | + // Allow access to the two-factor controllers only if two-factor authentication |
|
| 100 | + // is in progress. |
|
| 101 | + throw new UserAlreadyLoggedInException(); |
|
| 102 | + } |
|
| 103 | + } |
|
| 104 | + // TODO: dont check/enforce 2FA if a auth token is used |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + private function checkTwoFactor(Controller $controller, $methodName, IUser $user) { |
|
| 108 | + // If two-factor auth is in progress disallow access to any controllers |
|
| 109 | + // defined within "LoginController". |
|
| 110 | + $needsSecondFactor = $this->twoFactorManager->needsSecondFactor($user); |
|
| 111 | + $twoFactor = $controller instanceof TwoFactorChallengeController; |
|
| 112 | + |
|
| 113 | + // Disallow access to any controller if 2FA needs to be checked |
|
| 114 | + if ($needsSecondFactor && !$twoFactor) { |
|
| 115 | + throw new TwoFactorAuthRequiredException(); |
|
| 116 | + } |
|
| 117 | + |
|
| 118 | + // Allow access to the two-factor controllers only if two-factor authentication |
|
| 119 | + // is in progress. |
|
| 120 | + if (!$needsSecondFactor && $twoFactor) { |
|
| 121 | + throw new UserAlreadyLoggedInException(); |
|
| 122 | + } |
|
| 123 | + } |
|
| 124 | + |
|
| 125 | + public function afterException($controller, $methodName, Exception $exception) { |
|
| 126 | + if ($exception instanceof TwoFactorAuthRequiredException) { |
|
| 127 | + $params = []; |
|
| 128 | + if (isset($this->request->server['REQUEST_URI'])) { |
|
| 129 | + $params['redirect_url'] = $this->request->server['REQUEST_URI']; |
|
| 130 | + } |
|
| 131 | + return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params)); |
|
| 132 | + } |
|
| 133 | + if ($exception instanceof UserAlreadyLoggedInException) { |
|
| 134 | + return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index')); |
|
| 135 | + } |
|
| 136 | + |
|
| 137 | + throw $exception; |
|
| 138 | + } |
|
| 139 | 139 | |
| 140 | 140 | } |
