nextcloud /
server
@@ -25,28 +25,28 @@ |
||
| 25 | 25 | use OCP\IDBConnection; |
| 26 | 26 | |
| 27 | 27 | class HomePropagator extends Propagator { |
| 28 | - private $ignoredBaseFolders; |
|
| 28 | + private $ignoredBaseFolders; |
|
| 29 | 29 | |
| 30 | - /** |
|
| 31 | - * @param \OC\Files\Storage\Storage $storage |
|
| 32 | - */ |
|
| 33 | - public function __construct(\OC\Files\Storage\Storage $storage, IDBConnection $connection) { |
|
| 34 | - parent::__construct($storage, $connection); |
|
| 35 | - $this->ignoredBaseFolders = ['files_encryption']; |
|
| 36 | - } |
|
| 30 | + /** |
|
| 31 | + * @param \OC\Files\Storage\Storage $storage |
|
| 32 | + */ |
|
| 33 | + public function __construct(\OC\Files\Storage\Storage $storage, IDBConnection $connection) { |
|
| 34 | + parent::__construct($storage, $connection); |
|
| 35 | + $this->ignoredBaseFolders = ['files_encryption']; |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | 38 | |
| 39 | - /** |
|
| 40 | - * @param string $internalPath |
|
| 41 | - * @param int $time |
|
| 42 | - * @param int $sizeDifference number of bytes the file has grown |
|
| 43 | - */ |
|
| 44 | - public function propagateChange($internalPath, $time, $sizeDifference = 0) { |
|
| 45 | - list($baseFolder) = explode('/', $internalPath, 2); |
|
| 46 | - if (in_array($baseFolder, $this->ignoredBaseFolders)) { |
|
| 47 | - return []; |
|
| 48 | - } else { |
|
| 49 | - parent::propagateChange($internalPath, $time, $sizeDifference); |
|
| 50 | - } |
|
| 51 | - } |
|
| 39 | + /** |
|
| 40 | + * @param string $internalPath |
|
| 41 | + * @param int $time |
|
| 42 | + * @param int $sizeDifference number of bytes the file has grown |
|
| 43 | + */ |
|
| 44 | + public function propagateChange($internalPath, $time, $sizeDifference = 0) { |
|
| 45 | + list($baseFolder) = explode('/', $internalPath, 2); |
|
| 46 | + if (in_array($baseFolder, $this->ignoredBaseFolders)) { |
|
| 47 | + return []; |
|
| 48 | + } else { |
|
| 49 | + parent::propagateChange($internalPath, $time, $sizeDifference); |
|
| 50 | + } |
|
| 51 | + } |
|
| 52 | 52 | } |
@@ -30,58 +30,58 @@ |
||
| 30 | 30 | use OCP\Files\Cache\ICacheEntry; |
| 31 | 31 | |
| 32 | 32 | class HomeCache extends Cache { |
| 33 | - /** |
|
| 34 | - * get the size of a folder and set it in the cache |
|
| 35 | - * |
|
| 36 | - * @param string $path |
|
| 37 | - * @param array $entry (optional) meta data of the folder |
|
| 38 | - * @return int |
|
| 39 | - */ |
|
| 40 | - public function calculateFolderSize($path, $entry = null) { |
|
| 41 | - if ($path !== '/' and $path !== '' and $path !== 'files' and $path !== 'files_trashbin' and $path !== 'files_versions') { |
|
| 42 | - return parent::calculateFolderSize($path, $entry); |
|
| 43 | - } elseif ($path === '' or $path === '/') { |
|
| 44 | - // since the size of / isn't used (the size of /files is used instead) there is no use in calculating it |
|
| 45 | - return 0; |
|
| 46 | - } |
|
| 33 | + /** |
|
| 34 | + * get the size of a folder and set it in the cache |
|
| 35 | + * |
|
| 36 | + * @param string $path |
|
| 37 | + * @param array $entry (optional) meta data of the folder |
|
| 38 | + * @return int |
|
| 39 | + */ |
|
| 40 | + public function calculateFolderSize($path, $entry = null) { |
|
| 41 | + if ($path !== '/' and $path !== '' and $path !== 'files' and $path !== 'files_trashbin' and $path !== 'files_versions') { |
|
| 42 | + return parent::calculateFolderSize($path, $entry); |
|
| 43 | + } elseif ($path === '' or $path === '/') { |
|
| 44 | + // since the size of / isn't used (the size of /files is used instead) there is no use in calculating it |
|
| 45 | + return 0; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - $totalSize = 0; |
|
| 49 | - if (is_null($entry)) { |
|
| 50 | - $entry = $this->get($path); |
|
| 51 | - } |
|
| 52 | - if ($entry && $entry['mimetype'] === 'httpd/unix-directory') { |
|
| 53 | - $id = $entry['fileid']; |
|
| 54 | - $sql = 'SELECT SUM(`size`) AS f1 ' . |
|
| 55 | - 'FROM `*PREFIX*filecache` ' . |
|
| 56 | - 'WHERE `parent` = ? AND `storage` = ? AND `size` >= 0'; |
|
| 57 | - $result = \OC_DB::executeAudited($sql, array($id, $this->getNumericStorageId())); |
|
| 58 | - if ($row = $result->fetchRow()) { |
|
| 59 | - $result->closeCursor(); |
|
| 60 | - list($sum) = array_values($row); |
|
| 61 | - $totalSize = 0 + $sum; |
|
| 62 | - $entry['size'] += 0; |
|
| 63 | - if ($entry['size'] !== $totalSize) { |
|
| 64 | - $this->update($id, array('size' => $totalSize)); |
|
| 65 | - } |
|
| 66 | - } |
|
| 67 | - } |
|
| 68 | - return $totalSize; |
|
| 69 | - } |
|
| 48 | + $totalSize = 0; |
|
| 49 | + if (is_null($entry)) { |
|
| 50 | + $entry = $this->get($path); |
|
| 51 | + } |
|
| 52 | + if ($entry && $entry['mimetype'] === 'httpd/unix-directory') { |
|
| 53 | + $id = $entry['fileid']; |
|
| 54 | + $sql = 'SELECT SUM(`size`) AS f1 ' . |
|
| 55 | + 'FROM `*PREFIX*filecache` ' . |
|
| 56 | + 'WHERE `parent` = ? AND `storage` = ? AND `size` >= 0'; |
|
| 57 | + $result = \OC_DB::executeAudited($sql, array($id, $this->getNumericStorageId())); |
|
| 58 | + if ($row = $result->fetchRow()) { |
|
| 59 | + $result->closeCursor(); |
|
| 60 | + list($sum) = array_values($row); |
|
| 61 | + $totalSize = 0 + $sum; |
|
| 62 | + $entry['size'] += 0; |
|
| 63 | + if ($entry['size'] !== $totalSize) { |
|
| 64 | + $this->update($id, array('size' => $totalSize)); |
|
| 65 | + } |
|
| 66 | + } |
|
| 67 | + } |
|
| 68 | + return $totalSize; |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - /** |
|
| 72 | - * @param string $path |
|
| 73 | - * @return ICacheEntry |
|
| 74 | - */ |
|
| 75 | - public function get($path) { |
|
| 76 | - $data = parent::get($path); |
|
| 77 | - if ($path === '' or $path === '/') { |
|
| 78 | - // only the size of the "files" dir counts |
|
| 79 | - $filesData = parent::get('files'); |
|
| 71 | + /** |
|
| 72 | + * @param string $path |
|
| 73 | + * @return ICacheEntry |
|
| 74 | + */ |
|
| 75 | + public function get($path) { |
|
| 76 | + $data = parent::get($path); |
|
| 77 | + if ($path === '' or $path === '/') { |
|
| 78 | + // only the size of the "files" dir counts |
|
| 79 | + $filesData = parent::get('files'); |
|
| 80 | 80 | |
| 81 | - if (isset($filesData['size'])) { |
|
| 82 | - $data['size'] = $filesData['size']; |
|
| 83 | - } |
|
| 84 | - } |
|
| 85 | - return $data; |
|
| 86 | - } |
|
| 81 | + if (isset($filesData['size'])) { |
|
| 82 | + $data['size'] = $filesData['size']; |
|
| 83 | + } |
|
| 84 | + } |
|
| 85 | + return $data; |
|
| 86 | + } |
|
| 87 | 87 | } |
@@ -29,13 +29,13 @@ |
||
| 29 | 29 | */ |
| 30 | 30 | class Image extends File { |
| 31 | 31 | |
| 32 | - /** |
|
| 33 | - * Type name; translated in templates |
|
| 34 | - * @var string |
|
| 35 | - */ |
|
| 36 | - public $type = 'image'; |
|
| 32 | + /** |
|
| 33 | + * Type name; translated in templates |
|
| 34 | + * @var string |
|
| 35 | + */ |
|
| 36 | + public $type = 'image'; |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * @TODO add EXIF information |
|
| 40 | - */ |
|
| 38 | + /** |
|
| 39 | + * @TODO add EXIF information |
|
| 40 | + */ |
|
| 41 | 41 | } |
@@ -29,13 +29,13 @@ |
||
| 29 | 29 | */ |
| 30 | 30 | class Audio extends File { |
| 31 | 31 | |
| 32 | - /** |
|
| 33 | - * Type name; translated in templates |
|
| 34 | - * @var string |
|
| 35 | - */ |
|
| 36 | - public $type = 'audio'; |
|
| 32 | + /** |
|
| 33 | + * Type name; translated in templates |
|
| 34 | + * @var string |
|
| 35 | + */ |
|
| 36 | + public $type = 'audio'; |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * @TODO add ID3 information |
|
| 40 | - */ |
|
| 38 | + /** |
|
| 39 | + * @TODO add ID3 information |
|
| 40 | + */ |
|
| 41 | 41 | } |
@@ -29,10 +29,10 @@ |
||
| 29 | 29 | */ |
| 30 | 30 | class Folder extends File { |
| 31 | 31 | |
| 32 | - /** |
|
| 33 | - * Type name; translated in templates |
|
| 34 | - * @var string |
|
| 35 | - */ |
|
| 36 | - public $type = 'folder'; |
|
| 32 | + /** |
|
| 33 | + * Type name; translated in templates |
|
| 34 | + * @var string |
|
| 35 | + */ |
|
| 36 | + public $type = 'folder'; |
|
| 37 | 37 | |
| 38 | 38 | } |
@@ -30,70 +30,70 @@ |
||
| 30 | 30 | * Very thin wrapper class to make output testable |
| 31 | 31 | */ |
| 32 | 32 | class Output implements IOutput { |
| 33 | - /** @var string */ |
|
| 34 | - private $webRoot; |
|
| 33 | + /** @var string */ |
|
| 34 | + private $webRoot; |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * @param $webRoot |
|
| 38 | - */ |
|
| 39 | - public function __construct($webRoot) { |
|
| 40 | - $this->webRoot = $webRoot; |
|
| 41 | - } |
|
| 36 | + /** |
|
| 37 | + * @param $webRoot |
|
| 38 | + */ |
|
| 39 | + public function __construct($webRoot) { |
|
| 40 | + $this->webRoot = $webRoot; |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | - /** |
|
| 44 | - * @param string $out |
|
| 45 | - */ |
|
| 46 | - public function setOutput($out) { |
|
| 47 | - print($out); |
|
| 48 | - } |
|
| 43 | + /** |
|
| 44 | + * @param string $out |
|
| 45 | + */ |
|
| 46 | + public function setOutput($out) { |
|
| 47 | + print($out); |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - /** |
|
| 51 | - * @param string|resource $path or file handle |
|
| 52 | - * |
|
| 53 | - * @return bool false if an error occurred |
|
| 54 | - */ |
|
| 55 | - public function setReadfile($path) { |
|
| 56 | - if (is_resource($path)) { |
|
| 57 | - $output = fopen('php://output', 'w'); |
|
| 58 | - return stream_copy_to_stream($path, $output) > 0; |
|
| 59 | - } else { |
|
| 60 | - return @readfile($path); |
|
| 61 | - } |
|
| 62 | - } |
|
| 50 | + /** |
|
| 51 | + * @param string|resource $path or file handle |
|
| 52 | + * |
|
| 53 | + * @return bool false if an error occurred |
|
| 54 | + */ |
|
| 55 | + public function setReadfile($path) { |
|
| 56 | + if (is_resource($path)) { |
|
| 57 | + $output = fopen('php://output', 'w'); |
|
| 58 | + return stream_copy_to_stream($path, $output) > 0; |
|
| 59 | + } else { |
|
| 60 | + return @readfile($path); |
|
| 61 | + } |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - /** |
|
| 65 | - * @param string $header |
|
| 66 | - */ |
|
| 67 | - public function setHeader($header) { |
|
| 68 | - header($header); |
|
| 69 | - } |
|
| 64 | + /** |
|
| 65 | + * @param string $header |
|
| 66 | + */ |
|
| 67 | + public function setHeader($header) { |
|
| 68 | + header($header); |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - /** |
|
| 72 | - * @param int $code sets the http status code |
|
| 73 | - */ |
|
| 74 | - public function setHttpResponseCode($code) { |
|
| 75 | - http_response_code($code); |
|
| 76 | - } |
|
| 71 | + /** |
|
| 72 | + * @param int $code sets the http status code |
|
| 73 | + */ |
|
| 74 | + public function setHttpResponseCode($code) { |
|
| 75 | + http_response_code($code); |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - /** |
|
| 79 | - * @return int returns the current http response code |
|
| 80 | - */ |
|
| 81 | - public function getHttpResponseCode() { |
|
| 82 | - return http_response_code(); |
|
| 83 | - } |
|
| 78 | + /** |
|
| 79 | + * @return int returns the current http response code |
|
| 80 | + */ |
|
| 81 | + public function getHttpResponseCode() { |
|
| 82 | + return http_response_code(); |
|
| 83 | + } |
|
| 84 | 84 | |
| 85 | - /** |
|
| 86 | - * @param string $name |
|
| 87 | - * @param string $value |
|
| 88 | - * @param int $expire |
|
| 89 | - * @param string $path |
|
| 90 | - * @param string $domain |
|
| 91 | - * @param bool $secure |
|
| 92 | - * @param bool $httpOnly |
|
| 93 | - */ |
|
| 94 | - public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) { |
|
| 95 | - $path = $this->webRoot ? : '/'; |
|
| 96 | - setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); |
|
| 97 | - } |
|
| 85 | + /** |
|
| 86 | + * @param string $name |
|
| 87 | + * @param string $value |
|
| 88 | + * @param int $expire |
|
| 89 | + * @param string $path |
|
| 90 | + * @param string $domain |
|
| 91 | + * @param bool $secure |
|
| 92 | + * @param bool $httpOnly |
|
| 93 | + */ |
|
| 94 | + public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) { |
|
| 95 | + $path = $this->webRoot ? : '/'; |
|
| 96 | + setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | 99 | } |
@@ -45,116 +45,116 @@ |
||
| 45 | 45 | * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS |
| 46 | 46 | */ |
| 47 | 47 | class CORSMiddleware extends Middleware { |
| 48 | - /** @var IRequest */ |
|
| 49 | - private $request; |
|
| 50 | - /** @var ControllerMethodReflector */ |
|
| 51 | - private $reflector; |
|
| 52 | - /** @var Session */ |
|
| 53 | - private $session; |
|
| 54 | - /** @var Throttler */ |
|
| 55 | - private $throttler; |
|
| 48 | + /** @var IRequest */ |
|
| 49 | + private $request; |
|
| 50 | + /** @var ControllerMethodReflector */ |
|
| 51 | + private $reflector; |
|
| 52 | + /** @var Session */ |
|
| 53 | + private $session; |
|
| 54 | + /** @var Throttler */ |
|
| 55 | + private $throttler; |
|
| 56 | 56 | |
| 57 | - /** |
|
| 58 | - * @param IRequest $request |
|
| 59 | - * @param ControllerMethodReflector $reflector |
|
| 60 | - * @param Session $session |
|
| 61 | - * @param Throttler $throttler |
|
| 62 | - */ |
|
| 63 | - public function __construct(IRequest $request, |
|
| 64 | - ControllerMethodReflector $reflector, |
|
| 65 | - Session $session, |
|
| 66 | - Throttler $throttler) { |
|
| 67 | - $this->request = $request; |
|
| 68 | - $this->reflector = $reflector; |
|
| 69 | - $this->session = $session; |
|
| 70 | - $this->throttler = $throttler; |
|
| 71 | - } |
|
| 57 | + /** |
|
| 58 | + * @param IRequest $request |
|
| 59 | + * @param ControllerMethodReflector $reflector |
|
| 60 | + * @param Session $session |
|
| 61 | + * @param Throttler $throttler |
|
| 62 | + */ |
|
| 63 | + public function __construct(IRequest $request, |
|
| 64 | + ControllerMethodReflector $reflector, |
|
| 65 | + Session $session, |
|
| 66 | + Throttler $throttler) { |
|
| 67 | + $this->request = $request; |
|
| 68 | + $this->reflector = $reflector; |
|
| 69 | + $this->session = $session; |
|
| 70 | + $this->throttler = $throttler; |
|
| 71 | + } |
|
| 72 | 72 | |
| 73 | - /** |
|
| 74 | - * This is being run in normal order before the controller is being |
|
| 75 | - * called which allows several modifications and checks |
|
| 76 | - * |
|
| 77 | - * @param Controller $controller the controller that is being called |
|
| 78 | - * @param string $methodName the name of the method that will be called on |
|
| 79 | - * the controller |
|
| 80 | - * @throws SecurityException |
|
| 81 | - * @since 6.0.0 |
|
| 82 | - */ |
|
| 83 | - public function beforeController($controller, $methodName){ |
|
| 84 | - // ensure that @CORS annotated API routes are not used in conjunction |
|
| 85 | - // with session authentication since this enables CSRF attack vectors |
|
| 86 | - if ($this->reflector->hasAnnotation('CORS') && |
|
| 87 | - !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | - $user = $this->request->server['PHP_AUTH_USER']; |
|
| 89 | - $pass = $this->request->server['PHP_AUTH_PW']; |
|
| 73 | + /** |
|
| 74 | + * This is being run in normal order before the controller is being |
|
| 75 | + * called which allows several modifications and checks |
|
| 76 | + * |
|
| 77 | + * @param Controller $controller the controller that is being called |
|
| 78 | + * @param string $methodName the name of the method that will be called on |
|
| 79 | + * the controller |
|
| 80 | + * @throws SecurityException |
|
| 81 | + * @since 6.0.0 |
|
| 82 | + */ |
|
| 83 | + public function beforeController($controller, $methodName){ |
|
| 84 | + // ensure that @CORS annotated API routes are not used in conjunction |
|
| 85 | + // with session authentication since this enables CSRF attack vectors |
|
| 86 | + if ($this->reflector->hasAnnotation('CORS') && |
|
| 87 | + !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | + $user = $this->request->server['PHP_AUTH_USER']; |
|
| 89 | + $pass = $this->request->server['PHP_AUTH_PW']; |
|
| 90 | 90 | |
| 91 | - $this->session->logout(); |
|
| 92 | - try { |
|
| 93 | - if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { |
|
| 94 | - throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); |
|
| 95 | - } |
|
| 96 | - } catch (PasswordLoginForbiddenException $ex) { |
|
| 97 | - throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED); |
|
| 98 | - } |
|
| 99 | - } |
|
| 100 | - } |
|
| 91 | + $this->session->logout(); |
|
| 92 | + try { |
|
| 93 | + if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { |
|
| 94 | + throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); |
|
| 95 | + } |
|
| 96 | + } catch (PasswordLoginForbiddenException $ex) { |
|
| 97 | + throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED); |
|
| 98 | + } |
|
| 99 | + } |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | - /** |
|
| 103 | - * This is being run after a successful controllermethod call and allows |
|
| 104 | - * the manipulation of a Response object. The middleware is run in reverse order |
|
| 105 | - * |
|
| 106 | - * @param Controller $controller the controller that is being called |
|
| 107 | - * @param string $methodName the name of the method that will be called on |
|
| 108 | - * the controller |
|
| 109 | - * @param Response $response the generated response from the controller |
|
| 110 | - * @return Response a Response object |
|
| 111 | - * @throws SecurityException |
|
| 112 | - */ |
|
| 113 | - public function afterController($controller, $methodName, Response $response){ |
|
| 114 | - // only react if its a CORS request and if the request sends origin and |
|
| 102 | + /** |
|
| 103 | + * This is being run after a successful controllermethod call and allows |
|
| 104 | + * the manipulation of a Response object. The middleware is run in reverse order |
|
| 105 | + * |
|
| 106 | + * @param Controller $controller the controller that is being called |
|
| 107 | + * @param string $methodName the name of the method that will be called on |
|
| 108 | + * the controller |
|
| 109 | + * @param Response $response the generated response from the controller |
|
| 110 | + * @return Response a Response object |
|
| 111 | + * @throws SecurityException |
|
| 112 | + */ |
|
| 113 | + public function afterController($controller, $methodName, Response $response){ |
|
| 114 | + // only react if its a CORS request and if the request sends origin and |
|
| 115 | 115 | |
| 116 | - if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | - $this->reflector->hasAnnotation('CORS')) { |
|
| 116 | + if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | + $this->reflector->hasAnnotation('CORS')) { |
|
| 118 | 118 | |
| 119 | - // allow credentials headers must not be true or CSRF is possible |
|
| 120 | - // otherwise |
|
| 121 | - foreach($response->getHeaders() as $header => $value) { |
|
| 122 | - if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | - strtolower(trim($value)) === 'true') { |
|
| 124 | - $msg = 'Access-Control-Allow-Credentials must not be '. |
|
| 125 | - 'set to true in order to prevent CSRF'; |
|
| 126 | - throw new SecurityException($msg); |
|
| 127 | - } |
|
| 128 | - } |
|
| 119 | + // allow credentials headers must not be true or CSRF is possible |
|
| 120 | + // otherwise |
|
| 121 | + foreach($response->getHeaders() as $header => $value) { |
|
| 122 | + if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | + strtolower(trim($value)) === 'true') { |
|
| 124 | + $msg = 'Access-Control-Allow-Credentials must not be '. |
|
| 125 | + 'set to true in order to prevent CSRF'; |
|
| 126 | + throw new SecurityException($msg); |
|
| 127 | + } |
|
| 128 | + } |
|
| 129 | 129 | |
| 130 | - $origin = $this->request->server['HTTP_ORIGIN']; |
|
| 131 | - $response->addHeader('Access-Control-Allow-Origin', $origin); |
|
| 132 | - } |
|
| 133 | - return $response; |
|
| 134 | - } |
|
| 130 | + $origin = $this->request->server['HTTP_ORIGIN']; |
|
| 131 | + $response->addHeader('Access-Control-Allow-Origin', $origin); |
|
| 132 | + } |
|
| 133 | + return $response; |
|
| 134 | + } |
|
| 135 | 135 | |
| 136 | - /** |
|
| 137 | - * If an SecurityException is being caught return a JSON error response |
|
| 138 | - * |
|
| 139 | - * @param Controller $controller the controller that is being called |
|
| 140 | - * @param string $methodName the name of the method that will be called on |
|
| 141 | - * the controller |
|
| 142 | - * @param \Exception $exception the thrown exception |
|
| 143 | - * @throws \Exception the passed in exception if it can't handle it |
|
| 144 | - * @return Response a Response object or null in case that the exception could not be handled |
|
| 145 | - */ |
|
| 146 | - public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | - if($exception instanceof SecurityException){ |
|
| 148 | - $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | - if($exception->getCode() !== 0) { |
|
| 150 | - $response->setStatus($exception->getCode()); |
|
| 151 | - } else { |
|
| 152 | - $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
|
| 153 | - } |
|
| 154 | - return $response; |
|
| 155 | - } |
|
| 136 | + /** |
|
| 137 | + * If an SecurityException is being caught return a JSON error response |
|
| 138 | + * |
|
| 139 | + * @param Controller $controller the controller that is being called |
|
| 140 | + * @param string $methodName the name of the method that will be called on |
|
| 141 | + * the controller |
|
| 142 | + * @param \Exception $exception the thrown exception |
|
| 143 | + * @throws \Exception the passed in exception if it can't handle it |
|
| 144 | + * @return Response a Response object or null in case that the exception could not be handled |
|
| 145 | + */ |
|
| 146 | + public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | + if($exception instanceof SecurityException){ |
|
| 148 | + $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | + if($exception->getCode() !== 0) { |
|
| 150 | + $response->setStatus($exception->getCode()); |
|
| 151 | + } else { |
|
| 152 | + $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
|
| 153 | + } |
|
| 154 | + return $response; |
|
| 155 | + } |
|
| 156 | 156 | |
| 157 | - throw $exception; |
|
| 158 | - } |
|
| 157 | + throw $exception; |
|
| 158 | + } |
|
| 159 | 159 | |
| 160 | 160 | } |
@@ -31,7 +31,7 @@ |
||
| 31 | 31 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 32 | 32 | */ |
| 33 | 33 | class NotConfirmedException extends SecurityException { |
| 34 | - public function __construct() { |
|
| 35 | - parent::__construct('Password confirmation is required', Http::STATUS_FORBIDDEN); |
|
| 36 | - } |
|
| 34 | + public function __construct() { |
|
| 35 | + parent::__construct('Password confirmation is required', Http::STATUS_FORBIDDEN); |
|
| 36 | + } |
|
| 37 | 37 | } |
@@ -34,7 +34,7 @@ |
||
| 34 | 34 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 35 | 35 | */ |
| 36 | 36 | class CrossSiteRequestForgeryException extends SecurityException { |
| 37 | - public function __construct() { |
|
| 38 | - parent::__construct('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | - } |
|
| 37 | + public function __construct() { |
|
| 38 | + parent::__construct('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | + } |
|
| 40 | 40 | } |
