Inspection of "Merge pull request #13969 from nextcloud/enh/addit..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 6dc21f...0e9903 )

by Morris

created 2019-02-07 14:57 UTC

Status

Indentation +312 added lines, -312 removed lines patch added patch discarded remove patch

@@ -48,316 +48,316 @@
 block discarded – undo
 use OCP\Session\Exceptions\SessionNotAvailableException;
 
 class ClientFlowLoginController extends Controller {
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IL10N */
-	private $l10n;
-	/** @var Defaults */
-	private $defaults;
-	/** @var ISession */
-	private $session;
-	/** @var IProvider */
-	private $tokenProvider;
-	/** @var ISecureRandom */
-	private $random;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ClientMapper */
-	private $clientMapper;
-	/** @var AccessTokenMapper */
-	private $accessTokenMapper;
-	/** @var ICrypto */
-	private $crypto;
-
-	const stateName = 'client.flow.state.token';
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserSession $userSession
-	 * @param IL10N $l10n
-	 * @param Defaults $defaults
-	 * @param ISession $session
-	 * @param IProvider $tokenProvider
-	 * @param ISecureRandom $random
-	 * @param IURLGenerator $urlGenerator
-	 * @param ClientMapper $clientMapper
-	 * @param AccessTokenMapper $accessTokenMapper
-	 * @param ICrypto $crypto
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IUserSession $userSession,
-								IL10N $l10n,
-								Defaults $defaults,
-								ISession $session,
-								IProvider $tokenProvider,
-								ISecureRandom $random,
-								IURLGenerator $urlGenerator,
-								ClientMapper $clientMapper,
-								AccessTokenMapper $accessTokenMapper,
-								ICrypto $crypto) {
-		parent::__construct($appName, $request);
-		$this->userSession = $userSession;
-		$this->l10n = $l10n;
-		$this->defaults = $defaults;
-		$this->session = $session;
-		$this->tokenProvider = $tokenProvider;
-		$this->random = $random;
-		$this->urlGenerator = $urlGenerator;
-		$this->clientMapper = $clientMapper;
-		$this->accessTokenMapper = $accessTokenMapper;
-		$this->crypto = $crypto;
-	}
-
-	/**
-	 * @return string
-	 */
-	private function getClientName() {
-		$userAgent = $this->request->getHeader('USER_AGENT');
-		return $userAgent !== '' ? $userAgent : 'unknown';
-	}
-
-	/**
-	 * @param string $stateToken
-	 * @return bool
-	 */
-	private function isValidToken($stateToken) {
-		$currentToken = $this->session->get(self::stateName);
-		if(!is_string($stateToken) || !is_string($currentToken)) {
-			return false;
-		}
-		return hash_equals($currentToken, $stateToken);
-	}
-
-	/**
-	 * @return StandaloneTemplateResponse
-	 */
-	private function stateTokenForbiddenResponse() {
-		$response = new StandaloneTemplateResponse(
-			$this->appName,
-			'403',
-			[
-				'message' => $this->l10n->t('State token does not match'),
-			],
-			'guest'
-		);
-		$response->setStatus(Http::STATUS_FORBIDDEN);
-		return $response;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $clientIdentifier
-	 *
-	 * @return StandaloneTemplateResponse
-	 */
-	public function showAuthPickerPage($clientIdentifier = '') {
-		$clientName = $this->getClientName();
-		$client = null;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
-
-		// No valid clientIdentifier given and no valid API Request (APIRequest header not set)
-		$clientRequest = $this->request->getHeader('OCS-APIREQUEST');
-		if ($clientRequest !== 'true' && $client === null) {
-			return new StandaloneTemplateResponse(
-				$this->appName,
-				'error',
-				[
-					'errors' =>
-					[
-						[
-							'error' => 'Access Forbidden',
-							'hint' => 'Invalid request',
-						],
-					],
-				],
-				'guest'
-			);
-		}
-
-		$stateToken = $this->random->generate(
-			64,
-			ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
-		);
-		$this->session->set(self::stateName, $stateToken);
-
-		return new StandaloneTemplateResponse(
-			$this->appName,
-			'loginflow/authpicker',
-			[
-				'client' => $clientName,
-				'clientIdentifier' => $clientIdentifier,
-				'instanceName' => $this->defaults->getName(),
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'serverHost' => $this->getServerPath(),
-				'oauthState' => $this->session->get('oauth.state'),
-			],
-			'guest'
-		);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @NoSameSiteCookieRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return StandaloneTemplateResponse
-	 */
-	public function grantPage($stateToken = '',
-								 $clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		$clientName = $this->getClientName();
-		$client = null;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
-
-		return new StandaloneTemplateResponse(
-			$this->appName,
-			'loginflow/grant',
-			[
-				'client' => $clientName,
-				'clientIdentifier' => $clientIdentifier,
-				'instanceName' => $this->defaults->getName(),
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'serverHost' => $this->getServerPath(),
-				'oauthState' => $this->session->get('oauth.state'),
-			],
-			'guest'
-		);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return Http\RedirectResponse|Response
-	 */
-	public function generateAppPassword($stateToken,
-										$clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			$this->session->remove(self::stateName);
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		$this->session->remove(self::stateName);
-
-		try {
-			$sessionId = $this->session->getId();
-		} catch (SessionNotAvailableException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
-
-		try {
-			$sessionToken = $this->tokenProvider->getToken($sessionId);
-			$loginName = $sessionToken->getLoginName();
-			try {
-				$password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
-			} catch (PasswordlessTokenException $ex) {
-				$password = null;
-			}
-		} catch (InvalidTokenException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
-
-		$clientName = $this->getClientName();
-		$client = false;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
-
-		$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
-		$uid = $this->userSession->getUser()->getUID();
-		$generatedToken = $this->tokenProvider->generateToken(
-			$token,
-			$uid,
-			$loginName,
-			$password,
-			$clientName,
-			IToken::PERMANENT_TOKEN,
-			IToken::DO_NOT_REMEMBER
-		);
-
-		if($client) {
-			$code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
-			$accessToken = new AccessToken();
-			$accessToken->setClientId($client->getId());
-			$accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
-			$accessToken->setHashedCode(hash('sha512', $code));
-			$accessToken->setTokenId($generatedToken->getId());
-			$this->accessTokenMapper->insert($accessToken);
-
-			$redirectUri = sprintf(
-				'%s?state=%s&code=%s',
-				$client->getRedirectUri(),
-				urlencode($this->session->get('oauth.state')),
-				urlencode($code)
-			);
-			$this->session->remove('oauth.state');
-		} else {
-			$redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
-
-			// Clear the token from the login here
-			$this->tokenProvider->invalidateToken($sessionId);
-		}
-
-		return new Http\RedirectResponse($redirectUri);
-	}
-
-	/**
-	 * @PublicPage
-	 */
-	public function apptokenRedirect(string $stateToken, string $user, string $password) {
-		if (!$this->isValidToken($stateToken)) {
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		$redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
-		return new Http\RedirectResponse($redirectUri);
-	}
-
-	private function getServerPath(): string {
-		$serverPostfix = '';
-
-		if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
-			$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
-		} else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
-			$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
-		}
-
-		$protocol = $this->request->getServerProtocol();
-
-		if ($protocol !== "https") {
-			$xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
-			$xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
-			if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
-				$protocol = 'https';
-			}
-		}
-
-		return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
-	}
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IL10N */
+    private $l10n;
+    /** @var Defaults */
+    private $defaults;
+    /** @var ISession */
+    private $session;
+    /** @var IProvider */
+    private $tokenProvider;
+    /** @var ISecureRandom */
+    private $random;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ClientMapper */
+    private $clientMapper;
+    /** @var AccessTokenMapper */
+    private $accessTokenMapper;
+    /** @var ICrypto */
+    private $crypto;
+
+    const stateName = 'client.flow.state.token';
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserSession $userSession
+     * @param IL10N $l10n
+     * @param Defaults $defaults
+     * @param ISession $session
+     * @param IProvider $tokenProvider
+     * @param ISecureRandom $random
+     * @param IURLGenerator $urlGenerator
+     * @param ClientMapper $clientMapper
+     * @param AccessTokenMapper $accessTokenMapper
+     * @param ICrypto $crypto
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IUserSession $userSession,
+                                IL10N $l10n,
+                                Defaults $defaults,
+                                ISession $session,
+                                IProvider $tokenProvider,
+                                ISecureRandom $random,
+                                IURLGenerator $urlGenerator,
+                                ClientMapper $clientMapper,
+                                AccessTokenMapper $accessTokenMapper,
+                                ICrypto $crypto) {
+        parent::__construct($appName, $request);
+        $this->userSession = $userSession;
+        $this->l10n = $l10n;
+        $this->defaults = $defaults;
+        $this->session = $session;
+        $this->tokenProvider = $tokenProvider;
+        $this->random = $random;
+        $this->urlGenerator = $urlGenerator;
+        $this->clientMapper = $clientMapper;
+        $this->accessTokenMapper = $accessTokenMapper;
+        $this->crypto = $crypto;
+    }
+
+    /**
+     * @return string
+     */
+    private function getClientName() {
+        $userAgent = $this->request->getHeader('USER_AGENT');
+        return $userAgent !== '' ? $userAgent : 'unknown';
+    }
+
+    /**
+     * @param string $stateToken
+     * @return bool
+     */
+    private function isValidToken($stateToken) {
+        $currentToken = $this->session->get(self::stateName);
+        if(!is_string($stateToken) || !is_string($currentToken)) {
+            return false;
+        }
+        return hash_equals($currentToken, $stateToken);
+    }
+
+    /**
+     * @return StandaloneTemplateResponse
+     */
+    private function stateTokenForbiddenResponse() {
+        $response = new StandaloneTemplateResponse(
+            $this->appName,
+            '403',
+            [
+                'message' => $this->l10n->t('State token does not match'),
+            ],
+            'guest'
+        );
+        $response->setStatus(Http::STATUS_FORBIDDEN);
+        return $response;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $clientIdentifier
+     *
+     * @return StandaloneTemplateResponse
+     */
+    public function showAuthPickerPage($clientIdentifier = '') {
+        $clientName = $this->getClientName();
+        $client = null;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
+
+        // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
+        $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
+        if ($clientRequest !== 'true' && $client === null) {
+            return new StandaloneTemplateResponse(
+                $this->appName,
+                'error',
+                [
+                    'errors' =>
+                    [
+                        [
+                            'error' => 'Access Forbidden',
+                            'hint' => 'Invalid request',
+                        ],
+                    ],
+                ],
+                'guest'
+            );
+        }
+
+        $stateToken = $this->random->generate(
+            64,
+            ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
+        );
+        $this->session->set(self::stateName, $stateToken);
+
+        return new StandaloneTemplateResponse(
+            $this->appName,
+            'loginflow/authpicker',
+            [
+                'client' => $clientName,
+                'clientIdentifier' => $clientIdentifier,
+                'instanceName' => $this->defaults->getName(),
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'serverHost' => $this->getServerPath(),
+                'oauthState' => $this->session->get('oauth.state'),
+            ],
+            'guest'
+        );
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @NoSameSiteCookieRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return StandaloneTemplateResponse
+     */
+    public function grantPage($stateToken = '',
+                                    $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        $clientName = $this->getClientName();
+        $client = null;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
+
+        return new StandaloneTemplateResponse(
+            $this->appName,
+            'loginflow/grant',
+            [
+                'client' => $clientName,
+                'clientIdentifier' => $clientIdentifier,
+                'instanceName' => $this->defaults->getName(),
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'serverHost' => $this->getServerPath(),
+                'oauthState' => $this->session->get('oauth.state'),
+            ],
+            'guest'
+        );
+    }
+
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return Http\RedirectResponse|Response
+     */
+    public function generateAppPassword($stateToken,
+                                        $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            $this->session->remove(self::stateName);
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        $this->session->remove(self::stateName);
+
+        try {
+            $sessionId = $this->session->getId();
+        } catch (SessionNotAvailableException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
+
+        try {
+            $sessionToken = $this->tokenProvider->getToken($sessionId);
+            $loginName = $sessionToken->getLoginName();
+            try {
+                $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
+            } catch (PasswordlessTokenException $ex) {
+                $password = null;
+            }
+        } catch (InvalidTokenException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
+
+        $clientName = $this->getClientName();
+        $client = false;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
+
+        $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+        $uid = $this->userSession->getUser()->getUID();
+        $generatedToken = $this->tokenProvider->generateToken(
+            $token,
+            $uid,
+            $loginName,
+            $password,
+            $clientName,
+            IToken::PERMANENT_TOKEN,
+            IToken::DO_NOT_REMEMBER
+        );
+
+        if($client) {
+            $code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+            $accessToken = new AccessToken();
+            $accessToken->setClientId($client->getId());
+            $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
+            $accessToken->setHashedCode(hash('sha512', $code));
+            $accessToken->setTokenId($generatedToken->getId());
+            $this->accessTokenMapper->insert($accessToken);
+
+            $redirectUri = sprintf(
+                '%s?state=%s&code=%s',
+                $client->getRedirectUri(),
+                urlencode($this->session->get('oauth.state')),
+                urlencode($code)
+            );
+            $this->session->remove('oauth.state');
+        } else {
+            $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
+
+            // Clear the token from the login here
+            $this->tokenProvider->invalidateToken($sessionId);
+        }
+
+        return new Http\RedirectResponse($redirectUri);
+    }
+
+    /**
+     * @PublicPage
+     */
+    public function apptokenRedirect(string $stateToken, string $user, string $password) {
+        if (!$this->isValidToken($stateToken)) {
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
+        return new Http\RedirectResponse($redirectUri);
+    }
+
+    private function getServerPath(): string {
+        $serverPostfix = '';
+
+        if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
+            $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
+        } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
+            $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
+        }
+
+        $protocol = $this->request->getServerProtocol();
+
+        if ($protocol !== "https") {
+            $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
+            $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
+            if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
+                $protocol = 'https';
+            }
+        }
+
+        return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
+    }
 }

Please login to merge, or discard this patch.

core/Controller/TwoFactorChallengeController.php 1 patch

Indentation +161 added lines, -161 removed lines patch added patch discarded remove patch

@@ -42,171 +42,171 @@
 block discarded – undo
 
 class TwoFactorChallengeController extends Controller {
 
-	/** @var Manager */
-	private $twoFactorManager;
-
-	/** @var IUserSession */
-	private $userSession;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param Manager $twoFactorManager
-	 * @param IUserSession $userSession
-	 * @param ISession $session
-	 * @param IURLGenerator $urlGenerator
-	 */
-	public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
-		ISession $session, IURLGenerator $urlGenerator) {
-		parent::__construct($appName, $request);
-		$this->twoFactorManager = $twoFactorManager;
-		$this->userSession = $userSession;
-		$this->session = $session;
-		$this->urlGenerator = $urlGenerator;
-	}
-
-	/**
-	 * @return string
-	 */
-	protected function getLogoutUrl() {
-		return OC_User::getLogoutUrl($this->urlGenerator);
-	}
+    /** @var Manager */
+    private $twoFactorManager;
+
+    /** @var IUserSession */
+    private $userSession;
+
+    /** @var ISession */
+    private $session;
+
+    /** @var IURLGenerator */
+    private $urlGenerator;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param Manager $twoFactorManager
+     * @param IUserSession $userSession
+     * @param ISession $session
+     * @param IURLGenerator $urlGenerator
+     */
+    public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
+        ISession $session, IURLGenerator $urlGenerator) {
+        parent::__construct($appName, $request);
+        $this->twoFactorManager = $twoFactorManager;
+        $this->userSession = $userSession;
+        $this->session = $session;
+        $this->urlGenerator = $urlGenerator;
+    }
+
+    /**
+     * @return string
+     */
+    protected function getLogoutUrl() {
+        return OC_User::getLogoutUrl($this->urlGenerator);
+    }
 	
-	/**
-	 * @param IProvider[] $providers
-	 */
-	private function splitProvidersAndBackupCodes(array $providers): array {
-		$regular = [];
-		$backup = null;
-		foreach ($providers as $provider) {
-			if ($provider->getId() === 'backup_codes') {
-				$backup = $provider;
-			} else {
-				$regular[] = $provider;
-			}
-		}
-
-		return [$regular, $backup];
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 *
-	 * @param string $redirect_url
-	 * @return StandaloneTemplateResponse
-	 */
-	public function selectChallenge($redirect_url) {
-		$user = $this->userSession->getUser();
-		$providerSet = $this->twoFactorManager->getProviderSet($user);
-		$allProviders = $providerSet->getProviders();
-		list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
-
-		$data = [
-			'providers' => $providers,
-			'backupProvider' => $backupProvider,
-			'providerMissing' => $providerSet->isProviderMissing(),
-			'redirect_url' => $redirect_url,
-			'logout_url' => $this->getLogoutUrl(),
-		];
-		return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $challengeProviderId
-	 * @param string $redirect_url
-	 * @return StandaloneTemplateResponse|RedirectResponse
-	 */
-	public function showChallenge($challengeProviderId, $redirect_url) {
-		$user = $this->userSession->getUser();
-		$providerSet = $this->twoFactorManager->getProviderSet($user);
-		$provider = $providerSet->getProvider($challengeProviderId);
-		if (is_null($provider)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
-		}
-
-		$backupProvider = $providerSet->getProvider('backup_codes');
-		if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
-			// Don't show the backup provider link if we're already showing that provider's challenge
-			$backupProvider = null;
-		}
-
-		$errorMessage = '';
-		$error = false;
-		if ($this->session->exists('two_factor_auth_error')) {
-			$this->session->remove('two_factor_auth_error');
-			$error = true;
-			$errorMessage = $this->session->get("two_factor_auth_error_message");
-			$this->session->remove('two_factor_auth_error_message');
-		}
-		$tmpl = $provider->getTemplate($user);
-		$tmpl->assign('redirect_url', $redirect_url);
-		$data = [
-			'error' => $error,
-			'error_message' => $errorMessage,
-			'provider' => $provider,
-			'backupProvider' => $backupProvider,
-			'logout_url' => $this->getLogoutUrl(),
-			'redirect_url' => $redirect_url,
-			'template' => $tmpl->fetchPage(),
-		];
-		$response = new StandaloneTemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
-		if ($provider instanceof IProvidesCustomCSP) {
-			$response->setContentSecurityPolicy($provider->getCSP());
-		}
-		return $response;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @UserRateThrottle(limit=5, period=100)
-	 *
-	 * @param string $challengeProviderId
-	 * @param string $challenge
-	 * @param string $redirect_url
-	 * @return RedirectResponse
-	 */
-	public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
-		$user = $this->userSession->getUser();
-		$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
-		if (is_null($provider)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
-		}
-
-		try {
-			if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
-				if (!is_null($redirect_url)) {
-					return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
-				}
-				return new RedirectResponse(OC_Util::getDefaultPageUrl());
-			}
-		} catch (TwoFactorException $e) {
-			/*
+    /**
+     * @param IProvider[] $providers
+     */
+    private function splitProvidersAndBackupCodes(array $providers): array {
+        $regular = [];
+        $backup = null;
+        foreach ($providers as $provider) {
+            if ($provider->getId() === 'backup_codes') {
+                $backup = $provider;
+            } else {
+                $regular[] = $provider;
+            }
+        }
+
+        return [$regular, $backup];
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     *
+     * @param string $redirect_url
+     * @return StandaloneTemplateResponse
+     */
+    public function selectChallenge($redirect_url) {
+        $user = $this->userSession->getUser();
+        $providerSet = $this->twoFactorManager->getProviderSet($user);
+        $allProviders = $providerSet->getProviders();
+        list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
+
+        $data = [
+            'providers' => $providers,
+            'backupProvider' => $backupProvider,
+            'providerMissing' => $providerSet->isProviderMissing(),
+            'redirect_url' => $redirect_url,
+            'logout_url' => $this->getLogoutUrl(),
+        ];
+        return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $challengeProviderId
+     * @param string $redirect_url
+     * @return StandaloneTemplateResponse|RedirectResponse
+     */
+    public function showChallenge($challengeProviderId, $redirect_url) {
+        $user = $this->userSession->getUser();
+        $providerSet = $this->twoFactorManager->getProviderSet($user);
+        $provider = $providerSet->getProvider($challengeProviderId);
+        if (is_null($provider)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
+        }
+
+        $backupProvider = $providerSet->getProvider('backup_codes');
+        if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
+            // Don't show the backup provider link if we're already showing that provider's challenge
+            $backupProvider = null;
+        }
+
+        $errorMessage = '';
+        $error = false;
+        if ($this->session->exists('two_factor_auth_error')) {
+            $this->session->remove('two_factor_auth_error');
+            $error = true;
+            $errorMessage = $this->session->get("two_factor_auth_error_message");
+            $this->session->remove('two_factor_auth_error_message');
+        }
+        $tmpl = $provider->getTemplate($user);
+        $tmpl->assign('redirect_url', $redirect_url);
+        $data = [
+            'error' => $error,
+            'error_message' => $errorMessage,
+            'provider' => $provider,
+            'backupProvider' => $backupProvider,
+            'logout_url' => $this->getLogoutUrl(),
+            'redirect_url' => $redirect_url,
+            'template' => $tmpl->fetchPage(),
+        ];
+        $response = new StandaloneTemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
+        if ($provider instanceof IProvidesCustomCSP) {
+            $response->setContentSecurityPolicy($provider->getCSP());
+        }
+        return $response;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @UserRateThrottle(limit=5, period=100)
+     *
+     * @param string $challengeProviderId
+     * @param string $challenge
+     * @param string $redirect_url
+     * @return RedirectResponse
+     */
+    public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
+        $user = $this->userSession->getUser();
+        $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
+        if (is_null($provider)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
+        }
+
+        try {
+            if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
+                if (!is_null($redirect_url)) {
+                    return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
+                }
+                return new RedirectResponse(OC_Util::getDefaultPageUrl());
+            }
+        } catch (TwoFactorException $e) {
+            /*
 			 * The 2FA App threw an TwoFactorException. Now we display more
 			 * information to the user. The exception text is stored in the
 			 * session to be used in showChallenge()
 			 */
-			$this->session->set('two_factor_auth_error_message', $e->getMessage());
-		}
-
-		$this->session->set('two_factor_auth_error', true);
-		return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
-			'challengeProviderId' => $provider->getId(),
-			'redirect_url' => $redirect_url,
-		]));
-	}
+            $this->session->set('two_factor_auth_error_message', $e->getMessage());
+        }
+
+        $this->session->set('two_factor_auth_error', true);
+        return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
+            'challengeProviderId' => $provider->getId(),
+            'redirect_url' => $redirect_url,
+        ]));
+    }
 
 }

Please login to merge, or discard this patch.

lib/private/AppFramework/Middleware/AdditionalScriptsMiddleware.php 1 patch

Indentation +21 added lines, -21 removed lines patch added patch discarded remove patch

@@ -33,34 +33,34 @@
 block discarded – undo
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 class AdditionalScriptsMiddleware extends Middleware {
-	/** @var EventDispatcherInterface */
-	private $dispatcher;
-	/** @var IUserSession */
-	private $userSession;
+    /** @var EventDispatcherInterface */
+    private $dispatcher;
+    /** @var IUserSession */
+    private $userSession;
 
-	public function __construct(EventDispatcherInterface $dispatcher, IUserSession $userSession) {
-		$this->dispatcher = $dispatcher;
-		$this->userSession = $userSession;
-	}
+    public function __construct(EventDispatcherInterface $dispatcher, IUserSession $userSession) {
+        $this->dispatcher = $dispatcher;
+        $this->userSession = $userSession;
+    }
 
-	public function afterController($controller, $methodName, Response $response): Response {
-		/*
+    public function afterController($controller, $methodName, Response $response): Response {
+        /*
 		 * There is no need to emit these signals on a public share page
 		 * There is a separate event for that already
 		 */
-		if ($controller instanceof PublicShareController) {
-			return $response;
-		}
+        if ($controller instanceof PublicShareController) {
+            return $response;
+        }
 
-		if ($response instanceof TemplateResponse) {
-			$this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS);
+        if ($response instanceof TemplateResponse) {
+            $this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS);
 
-			if (!($response instanceof StandaloneTemplateResponse) && $this->userSession->isLoggedIn()) {
-				$this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN);
-			}
-		}
+            if (!($response instanceof StandaloneTemplateResponse) && $this->userSession->isLoggedIn()) {
+                $this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN);
+            }
+        }
 
-		return $response;
-	}
+        return $response;
+    }
 
 }

Please login to merge, or discard this patch.

		@@ -48,316 +48,316 @@
		block discarded – undo
48	48	use OCP\Session\Exceptions\SessionNotAvailableException;
49	49
50	50	class ClientFlowLoginController extends Controller {
51		- /** @var IUserSession */
52		- private $userSession;
53		- /** @var IL10N */
54		- private $l10n;
55		- /** @var Defaults */
56		- private $defaults;
57		- /** @var ISession */
58		- private $session;
59		- /** @var IProvider */
60		- private $tokenProvider;
61		- /** @var ISecureRandom */
62		- private $random;
63		- /** @var IURLGenerator */
64		- private $urlGenerator;
65		- /** @var ClientMapper */
66		- private $clientMapper;
67		- /** @var AccessTokenMapper */
68		- private $accessTokenMapper;
69		- /** @var ICrypto */
70		- private $crypto;
71		-
72		- const stateName = 'client.flow.state.token';
73		-
74		- /**
75		- * @param string $appName
76		- * @param IRequest $request
77		- * @param IUserSession $userSession
78		- * @param IL10N $l10n
79		- * @param Defaults $defaults
80		- * @param ISession $session
81		- * @param IProvider $tokenProvider
82		- * @param ISecureRandom $random
83		- * @param IURLGenerator $urlGenerator
84		- * @param ClientMapper $clientMapper
85		- * @param AccessTokenMapper $accessTokenMapper
86		- * @param ICrypto $crypto
87		- */
88		- public function __construct($appName,
89		- IRequest $request,
90		- IUserSession $userSession,
91		- IL10N $l10n,
92		- Defaults $defaults,
93		- ISession $session,
94		- IProvider $tokenProvider,
95		- ISecureRandom $random,
96		- IURLGenerator $urlGenerator,
97		- ClientMapper $clientMapper,
98		- AccessTokenMapper $accessTokenMapper,
99		- ICrypto $crypto) {
100		- parent::__construct($appName, $request);
101		- $this->userSession = $userSession;
102		- $this->l10n = $l10n;
103		- $this->defaults = $defaults;
104		- $this->session = $session;
105		- $this->tokenProvider = $tokenProvider;
106		- $this->random = $random;
107		- $this->urlGenerator = $urlGenerator;
108		- $this->clientMapper = $clientMapper;
109		- $this->accessTokenMapper = $accessTokenMapper;
110		- $this->crypto = $crypto;
111		- }
112		-
113		- /**
114		- * @return string
115		- */
116		- private function getClientName() {
117		- $userAgent = $this->request->getHeader('USER_AGENT');
118		- return $userAgent !== '' ? $userAgent : 'unknown';
119		- }
120		-
121		- /**
122		- * @param string $stateToken
123		- * @return bool
124		- */
125		- private function isValidToken($stateToken) {
126		- $currentToken = $this->session->get(self::stateName);
127		- if(!is_string($stateToken) \|\| !is_string($currentToken)) {
128		- return false;
129		- }
130		- return hash_equals($currentToken, $stateToken);
131		- }
132		-
133		- /**
134		- * @return StandaloneTemplateResponse
135		- */
136		- private function stateTokenForbiddenResponse() {
137		- $response = new StandaloneTemplateResponse(
138		- $this->appName,
139		- '403',
140		- [
141		- 'message' => $this->l10n->t('State token does not match'),
142		- ],
143		- 'guest'
144		- );
145		- $response->setStatus(Http::STATUS_FORBIDDEN);
146		- return $response;
147		- }
148		-
149		- /**
150		- * @PublicPage
151		- * @NoCSRFRequired
152		- * @UseSession
153		- *
154		- * @param string $clientIdentifier
155		- *
156		- * @return StandaloneTemplateResponse
157		- */
158		- public function showAuthPickerPage($clientIdentifier = '') {
159		- $clientName = $this->getClientName();
160		- $client = null;
161		- if($clientIdentifier !== '') {
162		- $client = $this->clientMapper->getByIdentifier($clientIdentifier);
163		- $clientName = $client->getName();
164		- }
165		-
166		- // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
167		- $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
168		- if ($clientRequest !== 'true' && $client === null) {
169		- return new StandaloneTemplateResponse(
170		- $this->appName,
171		- 'error',
172		- [
173		- 'errors' =>
174		- [
175		- [
176		- 'error' => 'Access Forbidden',
177		- 'hint' => 'Invalid request',
178		- ],
179		- ],
180		- ],
181		- 'guest'
182		- );
183		- }
184		-
185		- $stateToken = $this->random->generate(
186		- 64,
187		- ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
188		- );
189		- $this->session->set(self::stateName, $stateToken);
190		-
191		- return new StandaloneTemplateResponse(
192		- $this->appName,
193		- 'loginflow/authpicker',
194		- [
195		- 'client' => $clientName,
196		- 'clientIdentifier' => $clientIdentifier,
197		- 'instanceName' => $this->defaults->getName(),
198		- 'urlGenerator' => $this->urlGenerator,
199		- 'stateToken' => $stateToken,
200		- 'serverHost' => $this->getServerPath(),
201		- 'oauthState' => $this->session->get('oauth.state'),
202		- ],
203		- 'guest'
204		- );
205		- }
206		-
207		- /**
208		- * @NoAdminRequired
209		- * @NoCSRFRequired
210		- * @NoSameSiteCookieRequired
211		- * @UseSession
212		- *
213		- * @param string $stateToken
214		- * @param string $clientIdentifier
215		- * @return StandaloneTemplateResponse
216		- */
217		- public function grantPage($stateToken = '',
218		- $clientIdentifier = '') {
219		- if(!$this->isValidToken($stateToken)) {
220		- return $this->stateTokenForbiddenResponse();
221		- }
222		-
223		- $clientName = $this->getClientName();
224		- $client = null;
225		- if($clientIdentifier !== '') {
226		- $client = $this->clientMapper->getByIdentifier($clientIdentifier);
227		- $clientName = $client->getName();
228		- }
229		-
230		- return new StandaloneTemplateResponse(
231		- $this->appName,
232		- 'loginflow/grant',
233		- [
234		- 'client' => $clientName,
235		- 'clientIdentifier' => $clientIdentifier,
236		- 'instanceName' => $this->defaults->getName(),
237		- 'urlGenerator' => $this->urlGenerator,
238		- 'stateToken' => $stateToken,
239		- 'serverHost' => $this->getServerPath(),
240		- 'oauthState' => $this->session->get('oauth.state'),
241		- ],
242		- 'guest'
243		- );
244		- }
245		-
246		- /**
247		- * @NoAdminRequired
248		- * @UseSession
249		- *
250		- * @param string $stateToken
251		- * @param string $clientIdentifier
252		- * @return Http\RedirectResponse\|Response
253		- */
254		- public function generateAppPassword($stateToken,
255		- $clientIdentifier = '') {
256		- if(!$this->isValidToken($stateToken)) {
257		- $this->session->remove(self::stateName);
258		- return $this->stateTokenForbiddenResponse();
259		- }
260		-
261		- $this->session->remove(self::stateName);
262		-
263		- try {
264		- $sessionId = $this->session->getId();
265		- } catch (SessionNotAvailableException $ex) {
266		- $response = new Response();
267		- $response->setStatus(Http::STATUS_FORBIDDEN);
268		- return $response;
269		- }
270		-
271		- try {
272		- $sessionToken = $this->tokenProvider->getToken($sessionId);
273		- $loginName = $sessionToken->getLoginName();
274		- try {
275		- $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
276		- } catch (PasswordlessTokenException $ex) {
277		- $password = null;
278		- }
279		- } catch (InvalidTokenException $ex) {
280		- $response = new Response();
281		- $response->setStatus(Http::STATUS_FORBIDDEN);
282		- return $response;
283		- }
284		-
285		- $clientName = $this->getClientName();
286		- $client = false;
287		- if($clientIdentifier !== '') {
288		- $client = $this->clientMapper->getByIdentifier($clientIdentifier);
289		- $clientName = $client->getName();
290		- }
291		-
292		- $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
293		- $uid = $this->userSession->getUser()->getUID();
294		- $generatedToken = $this->tokenProvider->generateToken(
295		- $token,
296		- $uid,
297		- $loginName,
298		- $password,
299		- $clientName,
300		- IToken::PERMANENT_TOKEN,
301		- IToken::DO_NOT_REMEMBER
302		- );
303		-
304		- if($client) {
305		- $code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
306		- $accessToken = new AccessToken();
307		- $accessToken->setClientId($client->getId());
308		- $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
309		- $accessToken->setHashedCode(hash('sha512', $code));
310		- $accessToken->setTokenId($generatedToken->getId());
311		- $this->accessTokenMapper->insert($accessToken);
312		-
313		- $redirectUri = sprintf(
314		- '%s?state=%s&code=%s',
315		- $client->getRedirectUri(),
316		- urlencode($this->session->get('oauth.state')),
317		- urlencode($code)
318		- );
319		- $this->session->remove('oauth.state');
320		- } else {
321		- $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
322		-
323		- // Clear the token from the login here
324		- $this->tokenProvider->invalidateToken($sessionId);
325		- }
326		-
327		- return new Http\RedirectResponse($redirectUri);
328		- }
329		-
330		- /**
331		- * @PublicPage
332		- */
333		- public function apptokenRedirect(string $stateToken, string $user, string $password) {
334		- if (!$this->isValidToken($stateToken)) {
335		- return $this->stateTokenForbiddenResponse();
336		- }
337		-
338		- $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
339		- return new Http\RedirectResponse($redirectUri);
340		- }
341		-
342		- private function getServerPath(): string {
343		- $serverPostfix = '';
344		-
345		- if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
346		- $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
347		- } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
348		- $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
349		- }
350		-
351		- $protocol = $this->request->getServerProtocol();
352		-
353		- if ($protocol !== "https") {
354		- $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
355		- $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
356		- if ($xForwardedProto === 'https' \|\| $xForwardedSSL === 'on') {
357		- $protocol = 'https';
358		- }
359		- }
360		-
361		- return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
362		- }
	51	+ /** @var IUserSession */
	52	+ private $userSession;
	53	+ /** @var IL10N */
	54	+ private $l10n;
	55	+ /** @var Defaults */
	56	+ private $defaults;
	57	+ /** @var ISession */
	58	+ private $session;
	59	+ /** @var IProvider */
	60	+ private $tokenProvider;
	61	+ /** @var ISecureRandom */
	62	+ private $random;
	63	+ /** @var IURLGenerator */
	64	+ private $urlGenerator;
	65	+ /** @var ClientMapper */
	66	+ private $clientMapper;
	67	+ /** @var AccessTokenMapper */
	68	+ private $accessTokenMapper;
	69	+ /** @var ICrypto */
	70	+ private $crypto;
	71	+
	72	+ const stateName = 'client.flow.state.token';
	73	+
	74	+ /**
	75	+ * @param string $appName
	76	+ * @param IRequest $request
	77	+ * @param IUserSession $userSession
	78	+ * @param IL10N $l10n
	79	+ * @param Defaults $defaults
	80	+ * @param ISession $session
	81	+ * @param IProvider $tokenProvider
	82	+ * @param ISecureRandom $random
	83	+ * @param IURLGenerator $urlGenerator
	84	+ * @param ClientMapper $clientMapper
	85	+ * @param AccessTokenMapper $accessTokenMapper
	86	+ * @param ICrypto $crypto
	87	+ */
	88	+ public function __construct($appName,
	89	+ IRequest $request,
	90	+ IUserSession $userSession,
	91	+ IL10N $l10n,
	92	+ Defaults $defaults,
	93	+ ISession $session,
	94	+ IProvider $tokenProvider,
	95	+ ISecureRandom $random,
	96	+ IURLGenerator $urlGenerator,
	97	+ ClientMapper $clientMapper,
	98	+ AccessTokenMapper $accessTokenMapper,
	99	+ ICrypto $crypto) {
	100	+ parent::__construct($appName, $request);
	101	+ $this->userSession = $userSession;
	102	+ $this->l10n = $l10n;
	103	+ $this->defaults = $defaults;
	104	+ $this->session = $session;
	105	+ $this->tokenProvider = $tokenProvider;
	106	+ $this->random = $random;
	107	+ $this->urlGenerator = $urlGenerator;
	108	+ $this->clientMapper = $clientMapper;
	109	+ $this->accessTokenMapper = $accessTokenMapper;
	110	+ $this->crypto = $crypto;
	111	+ }
	112	+
	113	+ /**
	114	+ * @return string
	115	+ */
	116	+ private function getClientName() {
	117	+ $userAgent = $this->request->getHeader('USER_AGENT');
	118	+ return $userAgent !== '' ? $userAgent : 'unknown';
	119	+ }
	120	+
	121	+ /**
	122	+ * @param string $stateToken
	123	+ * @return bool
	124	+ */
	125	+ private function isValidToken($stateToken) {
	126	+ $currentToken = $this->session->get(self::stateName);
	127	+ if(!is_string($stateToken) \|\| !is_string($currentToken)) {
	128	+ return false;
	129	+ }
	130	+ return hash_equals($currentToken, $stateToken);
	131	+ }
	132	+
	133	+ /**
	134	+ * @return StandaloneTemplateResponse
	135	+ */
	136	+ private function stateTokenForbiddenResponse() {
	137	+ $response = new StandaloneTemplateResponse(
	138	+ $this->appName,
	139	+ '403',
	140	+ [
	141	+ 'message' => $this->l10n->t('State token does not match'),
	142	+ ],
	143	+ 'guest'
	144	+ );
	145	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	146	+ return $response;
	147	+ }
	148	+
	149	+ /**
	150	+ * @PublicPage
	151	+ * @NoCSRFRequired
	152	+ * @UseSession
	153	+ *
	154	+ * @param string $clientIdentifier
	155	+ *
	156	+ * @return StandaloneTemplateResponse
	157	+ */
	158	+ public function showAuthPickerPage($clientIdentifier = '') {
	159	+ $clientName = $this->getClientName();
	160	+ $client = null;
	161	+ if($clientIdentifier !== '') {
	162	+ $client = $this->clientMapper->getByIdentifier($clientIdentifier);
	163	+ $clientName = $client->getName();
	164	+ }
	165	+
	166	+ // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
	167	+ $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
	168	+ if ($clientRequest !== 'true' && $client === null) {
	169	+ return new StandaloneTemplateResponse(
	170	+ $this->appName,
	171	+ 'error',
	172	+ [
	173	+ 'errors' =>
	174	+ [
	175	+ [
	176	+ 'error' => 'Access Forbidden',
	177	+ 'hint' => 'Invalid request',
	178	+ ],
	179	+ ],
	180	+ ],
	181	+ 'guest'
	182	+ );
	183	+ }
	184	+
	185	+ $stateToken = $this->random->generate(
	186	+ 64,
	187	+ ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
	188	+ );
	189	+ $this->session->set(self::stateName, $stateToken);
	190	+
	191	+ return new StandaloneTemplateResponse(
	192	+ $this->appName,
	193	+ 'loginflow/authpicker',
	194	+ [
	195	+ 'client' => $clientName,
	196	+ 'clientIdentifier' => $clientIdentifier,
	197	+ 'instanceName' => $this->defaults->getName(),
	198	+ 'urlGenerator' => $this->urlGenerator,
	199	+ 'stateToken' => $stateToken,
	200	+ 'serverHost' => $this->getServerPath(),
	201	+ 'oauthState' => $this->session->get('oauth.state'),
	202	+ ],
	203	+ 'guest'
	204	+ );
	205	+ }
	206	+
	207	+ /**
	208	+ * @NoAdminRequired
	209	+ * @NoCSRFRequired
	210	+ * @NoSameSiteCookieRequired
	211	+ * @UseSession
	212	+ *
	213	+ * @param string $stateToken
	214	+ * @param string $clientIdentifier
	215	+ * @return StandaloneTemplateResponse
	216	+ */
	217	+ public function grantPage($stateToken = '',
	218	+ $clientIdentifier = '') {
	219	+ if(!$this->isValidToken($stateToken)) {
	220	+ return $this->stateTokenForbiddenResponse();
	221	+ }
	222	+
	223	+ $clientName = $this->getClientName();
	224	+ $client = null;
	225	+ if($clientIdentifier !== '') {
	226	+ $client = $this->clientMapper->getByIdentifier($clientIdentifier);
	227	+ $clientName = $client->getName();
	228	+ }
	229	+
	230	+ return new StandaloneTemplateResponse(
	231	+ $this->appName,
	232	+ 'loginflow/grant',
	233	+ [
	234	+ 'client' => $clientName,
	235	+ 'clientIdentifier' => $clientIdentifier,
	236	+ 'instanceName' => $this->defaults->getName(),
	237	+ 'urlGenerator' => $this->urlGenerator,
	238	+ 'stateToken' => $stateToken,
	239	+ 'serverHost' => $this->getServerPath(),
	240	+ 'oauthState' => $this->session->get('oauth.state'),
	241	+ ],
	242	+ 'guest'
	243	+ );
	244	+ }
	245	+
	246	+ /**
	247	+ * @NoAdminRequired
	248	+ * @UseSession
	249	+ *
	250	+ * @param string $stateToken
	251	+ * @param string $clientIdentifier
	252	+ * @return Http\RedirectResponse\|Response
	253	+ */
	254	+ public function generateAppPassword($stateToken,
	255	+ $clientIdentifier = '') {
	256	+ if(!$this->isValidToken($stateToken)) {
	257	+ $this->session->remove(self::stateName);
	258	+ return $this->stateTokenForbiddenResponse();
	259	+ }
	260	+
	261	+ $this->session->remove(self::stateName);
	262	+
	263	+ try {
	264	+ $sessionId = $this->session->getId();
	265	+ } catch (SessionNotAvailableException $ex) {
	266	+ $response = new Response();
	267	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	268	+ return $response;
	269	+ }
	270	+
	271	+ try {
	272	+ $sessionToken = $this->tokenProvider->getToken($sessionId);
	273	+ $loginName = $sessionToken->getLoginName();
	274	+ try {
	275	+ $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
	276	+ } catch (PasswordlessTokenException $ex) {
	277	+ $password = null;
	278	+ }
	279	+ } catch (InvalidTokenException $ex) {
	280	+ $response = new Response();
	281	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	282	+ return $response;
	283	+ }
	284	+
	285	+ $clientName = $this->getClientName();
	286	+ $client = false;
	287	+ if($clientIdentifier !== '') {
	288	+ $client = $this->clientMapper->getByIdentifier($clientIdentifier);
	289	+ $clientName = $client->getName();
	290	+ }
	291	+
	292	+ $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
	293	+ $uid = $this->userSession->getUser()->getUID();
	294	+ $generatedToken = $this->tokenProvider->generateToken(
	295	+ $token,
	296	+ $uid,
	297	+ $loginName,
	298	+ $password,
	299	+ $clientName,
	300	+ IToken::PERMANENT_TOKEN,
	301	+ IToken::DO_NOT_REMEMBER
	302	+ );
	303	+
	304	+ if($client) {
	305	+ $code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
	306	+ $accessToken = new AccessToken();
	307	+ $accessToken->setClientId($client->getId());
	308	+ $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
	309	+ $accessToken->setHashedCode(hash('sha512', $code));
	310	+ $accessToken->setTokenId($generatedToken->getId());
	311	+ $this->accessTokenMapper->insert($accessToken);
	312	+
	313	+ $redirectUri = sprintf(
	314	+ '%s?state=%s&code=%s',
	315	+ $client->getRedirectUri(),
	316	+ urlencode($this->session->get('oauth.state')),
	317	+ urlencode($code)
	318	+ );
	319	+ $this->session->remove('oauth.state');
	320	+ } else {
	321	+ $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
	322	+
	323	+ // Clear the token from the login here
	324	+ $this->tokenProvider->invalidateToken($sessionId);
	325	+ }
	326	+
	327	+ return new Http\RedirectResponse($redirectUri);
	328	+ }
	329	+
	330	+ /**
	331	+ * @PublicPage
	332	+ */
	333	+ public function apptokenRedirect(string $stateToken, string $user, string $password) {
	334	+ if (!$this->isValidToken($stateToken)) {
	335	+ return $this->stateTokenForbiddenResponse();
	336	+ }
	337	+
	338	+ $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
	339	+ return new Http\RedirectResponse($redirectUri);
	340	+ }
	341	+
	342	+ private function getServerPath(): string {
	343	+ $serverPostfix = '';
	344	+
	345	+ if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
	346	+ $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
	347	+ } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
	348	+ $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
	349	+ }
	350	+
	351	+ $protocol = $this->request->getServerProtocol();
	352	+
	353	+ if ($protocol !== "https") {
	354	+ $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
	355	+ $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
	356	+ if ($xForwardedProto === 'https' \|\| $xForwardedSSL === 'on') {
	357	+ $protocol = 'https';
	358	+ }
	359	+ }
	360	+
	361	+ return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
	362	+ }
363	363	}

		@@ -42,171 +42,171 @@
		block discarded – undo
42	42
43	43	class TwoFactorChallengeController extends Controller {
44	44
45		- /** @var Manager */
46		- private $twoFactorManager;
47		-
48		- /** @var IUserSession */
49		- private $userSession;
50		-
51		- /** @var ISession */
52		- private $session;
53		-
54		- /** @var IURLGenerator */
55		- private $urlGenerator;
56		-
57		- /**
58		- * @param string $appName
59		- * @param IRequest $request
60		- * @param Manager $twoFactorManager
61		- * @param IUserSession $userSession
62		- * @param ISession $session
63		- * @param IURLGenerator $urlGenerator
64		- */
65		- public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
66		- ISession $session, IURLGenerator $urlGenerator) {
67		- parent::__construct($appName, $request);
68		- $this->twoFactorManager = $twoFactorManager;
69		- $this->userSession = $userSession;
70		- $this->session = $session;
71		- $this->urlGenerator = $urlGenerator;
72		- }
73		-
74		- /**
75		- * @return string
76		- */
77		- protected function getLogoutUrl() {
78		- return OC_User::getLogoutUrl($this->urlGenerator);
79		- }
	45	+ /** @var Manager */
	46	+ private $twoFactorManager;
	47	+
	48	+ /** @var IUserSession */
	49	+ private $userSession;
	50	+
	51	+ /** @var ISession */
	52	+ private $session;
	53	+
	54	+ /** @var IURLGenerator */
	55	+ private $urlGenerator;
	56	+
	57	+ /**
	58	+ * @param string $appName
	59	+ * @param IRequest $request
	60	+ * @param Manager $twoFactorManager
	61	+ * @param IUserSession $userSession
	62	+ * @param ISession $session
	63	+ * @param IURLGenerator $urlGenerator
	64	+ */
	65	+ public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
	66	+ ISession $session, IURLGenerator $urlGenerator) {
	67	+ parent::__construct($appName, $request);
	68	+ $this->twoFactorManager = $twoFactorManager;
	69	+ $this->userSession = $userSession;
	70	+ $this->session = $session;
	71	+ $this->urlGenerator = $urlGenerator;
	72	+ }
	73	+
	74	+ /**
	75	+ * @return string
	76	+ */
	77	+ protected function getLogoutUrl() {
	78	+ return OC_User::getLogoutUrl($this->urlGenerator);
	79	+ }
80	80
81		- /**
82		- * @param IProvider[] $providers
83		- */
84		- private function splitProvidersAndBackupCodes(array $providers): array {
85		- $regular = [];
86		- $backup = null;
87		- foreach ($providers as $provider) {
88		- if ($provider->getId() === 'backup_codes') {
89		- $backup = $provider;
90		- } else {
91		- $regular[] = $provider;
92		- }
93		- }
94		-
95		- return [$regular, $backup];
96		- }
97		-
98		- /**
99		- * @NoAdminRequired
100		- * @NoCSRFRequired
101		- *
102		- * @param string $redirect_url
103		- * @return StandaloneTemplateResponse
104		- */
105		- public function selectChallenge($redirect_url) {
106		- $user = $this->userSession->getUser();
107		- $providerSet = $this->twoFactorManager->getProviderSet($user);
108		- $allProviders = $providerSet->getProviders();
109		- list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
110		-
111		- $data = [
112		- 'providers' => $providers,
113		- 'backupProvider' => $backupProvider,
114		- 'providerMissing' => $providerSet->isProviderMissing(),
115		- 'redirect_url' => $redirect_url,
116		- 'logout_url' => $this->getLogoutUrl(),
117		- ];
118		- return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
119		- }
120		-
121		- /**
122		- * @NoAdminRequired
123		- * @NoCSRFRequired
124		- * @UseSession
125		- *
126		- * @param string $challengeProviderId
127		- * @param string $redirect_url
128		- * @return StandaloneTemplateResponse\|RedirectResponse
129		- */
130		- public function showChallenge($challengeProviderId, $redirect_url) {
131		- $user = $this->userSession->getUser();
132		- $providerSet = $this->twoFactorManager->getProviderSet($user);
133		- $provider = $providerSet->getProvider($challengeProviderId);
134		- if (is_null($provider)) {
135		- return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
136		- }
137		-
138		- $backupProvider = $providerSet->getProvider('backup_codes');
139		- if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
140		- // Don't show the backup provider link if we're already showing that provider's challenge
141		- $backupProvider = null;
142		- }
143		-
144		- $errorMessage = '';
145		- $error = false;
146		- if ($this->session->exists('two_factor_auth_error')) {
147		- $this->session->remove('two_factor_auth_error');
148		- $error = true;
149		- $errorMessage = $this->session->get("two_factor_auth_error_message");
150		- $this->session->remove('two_factor_auth_error_message');
151		- }
152		- $tmpl = $provider->getTemplate($user);
153		- $tmpl->assign('redirect_url', $redirect_url);
154		- $data = [
155		- 'error' => $error,
156		- 'error_message' => $errorMessage,
157		- 'provider' => $provider,
158		- 'backupProvider' => $backupProvider,
159		- 'logout_url' => $this->getLogoutUrl(),
160		- 'redirect_url' => $redirect_url,
161		- 'template' => $tmpl->fetchPage(),
162		- ];
163		- $response = new StandaloneTemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
164		- if ($provider instanceof IProvidesCustomCSP) {
165		- $response->setContentSecurityPolicy($provider->getCSP());
166		- }
167		- return $response;
168		- }
169		-
170		- /**
171		- * @NoAdminRequired
172		- * @NoCSRFRequired
173		- * @UseSession
174		- *
175		- * @UserRateThrottle(limit=5, period=100)
176		- *
177		- * @param string $challengeProviderId
178		- * @param string $challenge
179		- * @param string $redirect_url
180		- * @return RedirectResponse
181		- */
182		- public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
183		- $user = $this->userSession->getUser();
184		- $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
185		- if (is_null($provider)) {
186		- return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
187		- }
188		-
189		- try {
190		- if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
191		- if (!is_null($redirect_url)) {
192		- return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
193		- }
194		- return new RedirectResponse(OC_Util::getDefaultPageUrl());
195		- }
196		- } catch (TwoFactorException $e) {
197		- /*
	81	+ /**
	82	+ * @param IProvider[] $providers
	83	+ */
	84	+ private function splitProvidersAndBackupCodes(array $providers): array {
	85	+ $regular = [];
	86	+ $backup = null;
	87	+ foreach ($providers as $provider) {
	88	+ if ($provider->getId() === 'backup_codes') {
	89	+ $backup = $provider;
	90	+ } else {
	91	+ $regular[] = $provider;
	92	+ }
	93	+ }
	94	+
	95	+ return [$regular, $backup];
	96	+ }
	97	+
	98	+ /**
	99	+ * @NoAdminRequired
	100	+ * @NoCSRFRequired
	101	+ *
	102	+ * @param string $redirect_url
	103	+ * @return StandaloneTemplateResponse
	104	+ */
	105	+ public function selectChallenge($redirect_url) {
	106	+ $user = $this->userSession->getUser();
	107	+ $providerSet = $this->twoFactorManager->getProviderSet($user);
	108	+ $allProviders = $providerSet->getProviders();
	109	+ list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
	110	+
	111	+ $data = [
	112	+ 'providers' => $providers,
	113	+ 'backupProvider' => $backupProvider,
	114	+ 'providerMissing' => $providerSet->isProviderMissing(),
	115	+ 'redirect_url' => $redirect_url,
	116	+ 'logout_url' => $this->getLogoutUrl(),
	117	+ ];
	118	+ return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
	119	+ }
	120	+
	121	+ /**
	122	+ * @NoAdminRequired
	123	+ * @NoCSRFRequired
	124	+ * @UseSession
	125	+ *
	126	+ * @param string $challengeProviderId
	127	+ * @param string $redirect_url
	128	+ * @return StandaloneTemplateResponse\|RedirectResponse
	129	+ */
	130	+ public function showChallenge($challengeProviderId, $redirect_url) {
	131	+ $user = $this->userSession->getUser();
	132	+ $providerSet = $this->twoFactorManager->getProviderSet($user);
	133	+ $provider = $providerSet->getProvider($challengeProviderId);
	134	+ if (is_null($provider)) {
	135	+ return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
	136	+ }
	137	+
	138	+ $backupProvider = $providerSet->getProvider('backup_codes');
	139	+ if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
	140	+ // Don't show the backup provider link if we're already showing that provider's challenge
	141	+ $backupProvider = null;
	142	+ }
	143	+
	144	+ $errorMessage = '';
	145	+ $error = false;
	146	+ if ($this->session->exists('two_factor_auth_error')) {
	147	+ $this->session->remove('two_factor_auth_error');
	148	+ $error = true;
	149	+ $errorMessage = $this->session->get("two_factor_auth_error_message");
	150	+ $this->session->remove('two_factor_auth_error_message');
	151	+ }
	152	+ $tmpl = $provider->getTemplate($user);
	153	+ $tmpl->assign('redirect_url', $redirect_url);
	154	+ $data = [
	155	+ 'error' => $error,
	156	+ 'error_message' => $errorMessage,
	157	+ 'provider' => $provider,
	158	+ 'backupProvider' => $backupProvider,
	159	+ 'logout_url' => $this->getLogoutUrl(),
	160	+ 'redirect_url' => $redirect_url,
	161	+ 'template' => $tmpl->fetchPage(),
	162	+ ];
	163	+ $response = new StandaloneTemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
	164	+ if ($provider instanceof IProvidesCustomCSP) {
	165	+ $response->setContentSecurityPolicy($provider->getCSP());
	166	+ }
	167	+ return $response;
	168	+ }
	169	+
	170	+ /**
	171	+ * @NoAdminRequired
	172	+ * @NoCSRFRequired
	173	+ * @UseSession
	174	+ *
	175	+ * @UserRateThrottle(limit=5, period=100)
	176	+ *
	177	+ * @param string $challengeProviderId
	178	+ * @param string $challenge
	179	+ * @param string $redirect_url
	180	+ * @return RedirectResponse
	181	+ */
	182	+ public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
	183	+ $user = $this->userSession->getUser();
	184	+ $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
	185	+ if (is_null($provider)) {
	186	+ return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
	187	+ }
	188	+
	189	+ try {
	190	+ if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
	191	+ if (!is_null($redirect_url)) {
	192	+ return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
	193	+ }
	194	+ return new RedirectResponse(OC_Util::getDefaultPageUrl());
	195	+ }
	196	+ } catch (TwoFactorException $e) {
	197	+ /*
198	198	* The 2FA App threw an TwoFactorException. Now we display more
199	199	* information to the user. The exception text is stored in the
200	200	* session to be used in showChallenge()
201	201	*/
202		- $this->session->set('two_factor_auth_error_message', $e->getMessage());
203		- }
204		-
205		- $this->session->set('two_factor_auth_error', true);
206		- return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
207		- 'challengeProviderId' => $provider->getId(),
208		- 'redirect_url' => $redirect_url,
209		- ]));
210		- }
	202	+ $this->session->set('two_factor_auth_error_message', $e->getMessage());
	203	+ }
	204	+
	205	+ $this->session->set('two_factor_auth_error', true);
	206	+ return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
	207	+ 'challengeProviderId' => $provider->getId(),
	208	+ 'redirect_url' => $redirect_url,
	209	+ ]));
	210	+ }
211	211
212	212	}

		@@ -33,34 +33,34 @@
		block discarded – undo
33	33	use Symfony\Component\EventDispatcher\EventDispatcherInterface;
34	34
35	35	class AdditionalScriptsMiddleware extends Middleware {
36		- /** @var EventDispatcherInterface */
37		- private $dispatcher;
38		- /** @var IUserSession */
39		- private $userSession;
	36	+ /** @var EventDispatcherInterface */
	37	+ private $dispatcher;
	38	+ /** @var IUserSession */
	39	+ private $userSession;
40	40
41		- public function __construct(EventDispatcherInterface $dispatcher, IUserSession $userSession) {
42		- $this->dispatcher = $dispatcher;
43		- $this->userSession = $userSession;
44		- }
	41	+ public function __construct(EventDispatcherInterface $dispatcher, IUserSession $userSession) {
	42	+ $this->dispatcher = $dispatcher;
	43	+ $this->userSession = $userSession;
	44	+ }
45	45
46		- public function afterController($controller, $methodName, Response $response): Response {
47		- /*
	46	+ public function afterController($controller, $methodName, Response $response): Response {
	47	+ /*
48	48	* There is no need to emit these signals on a public share page
49	49	* There is a separate event for that already
50	50	*/
51		- if ($controller instanceof PublicShareController) {
52		- return $response;
53		- }
	51	+ if ($controller instanceof PublicShareController) {
	52	+ return $response;
	53	+ }
54	54
55		- if ($response instanceof TemplateResponse) {
56		- $this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS);
	55	+ if ($response instanceof TemplateResponse) {
	56	+ $this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS);
57	57
58		- if (!($response instanceof StandaloneTemplateResponse) && $this->userSession->isLoggedIn()) {
59		- $this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN);
60		- }
61		- }
	58	+ if (!($response instanceof StandaloneTemplateResponse) && $this->userSession->isLoggedIn()) {
	59	+ $this->dispatcher->dispatch(TemplateResponse::EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN);
	60	+ }
	61	+ }
62	62
63		- return $response;
64		- }
	63	+ return $response;
	64	+ }
65	65
66	66	}

nextcloud / server

Push — master ( 6dc21f...0e9903 )

Status

Category

Indentation +312 added lines, -312 removed lines patch added patch discarded remove patch

Indentation +161 added lines, -161 removed lines patch added patch discarded remove patch

Indentation +21 added lines, -21 removed lines patch added patch discarded remove patch