nextcloud / server

lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php

Doc Comments +1 added lines, -1 removed lines

@@ -99,7 +99,7 @@
 	 * @param bool $isLoggedIn
 	 * @param bool $isAdminUser
 	 * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
-	 * @param CSRFTokenManager $csrfTokenManager
+	 * @param CsrfTokenManager $csrfTokenManager
 	 * @param ContentSecurityPolicyNonceManager $cspNonceManager
 	 */
 	public function __construct(IRequest $request,

Indentation +180 added lines, -180 removed lines

@@ -63,207 +63,207 @@
  * check fails
  */
 class SecurityMiddleware extends Middleware {
-	/** @var INavigationManager */
-	private $navigationManager;
-	/** @var IRequest */
-	private $request;
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var string */
-	private $appName;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ILogger */
-	private $logger;
-	/** @var ISession */
-	private $session;
-	/** @var bool */
-	private $isLoggedIn;
-	/** @var bool */
-	private $isAdminUser;
-	/** @var ContentSecurityPolicyManager */
-	private $contentSecurityPolicyManager;
-	/** @var CsrfTokenManager */
-	private $csrfTokenManager;
-	/** @var ContentSecurityPolicyNonceManager */
-	private $cspNonceManager;
+    /** @var INavigationManager */
+    private $navigationManager;
+    /** @var IRequest */
+    private $request;
+    /** @var ControllerMethodReflector */
+    private $reflector;
+    /** @var string */
+    private $appName;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ILogger */
+    private $logger;
+    /** @var ISession */
+    private $session;
+    /** @var bool */
+    private $isLoggedIn;
+    /** @var bool */
+    private $isAdminUser;
+    /** @var ContentSecurityPolicyManager */
+    private $contentSecurityPolicyManager;
+    /** @var CsrfTokenManager */
+    private $csrfTokenManager;
+    /** @var ContentSecurityPolicyNonceManager */
+    private $cspNonceManager;
 
-	/**
-	 * @param IRequest $request
-	 * @param ControllerMethodReflector $reflector
-	 * @param INavigationManager $navigationManager
-	 * @param IURLGenerator $urlGenerator
-	 * @param ILogger $logger
-	 * @param ISession $session
-	 * @param string $appName
-	 * @param bool $isLoggedIn
-	 * @param bool $isAdminUser
-	 * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
-	 * @param CSRFTokenManager $csrfTokenManager
-	 * @param ContentSecurityPolicyNonceManager $cspNonceManager
-	 */
-	public function __construct(IRequest $request,
-								ControllerMethodReflector $reflector,
-								INavigationManager $navigationManager,
-								IURLGenerator $urlGenerator,
-								ILogger $logger,
-								ISession $session,
-								$appName,
-								$isLoggedIn,
-								$isAdminUser,
-								ContentSecurityPolicyManager $contentSecurityPolicyManager,
-								CsrfTokenManager $csrfTokenManager,
-								ContentSecurityPolicyNonceManager $cspNonceManager) {
-		$this->navigationManager = $navigationManager;
-		$this->request = $request;
-		$this->reflector = $reflector;
-		$this->appName = $appName;
-		$this->urlGenerator = $urlGenerator;
-		$this->logger = $logger;
-		$this->session = $session;
-		$this->isLoggedIn = $isLoggedIn;
-		$this->isAdminUser = $isAdminUser;
-		$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
-		$this->csrfTokenManager = $csrfTokenManager;
-		$this->cspNonceManager = $cspNonceManager;
-	}
+    /**
+     * @param IRequest $request
+     * @param ControllerMethodReflector $reflector
+     * @param INavigationManager $navigationManager
+     * @param IURLGenerator $urlGenerator
+     * @param ILogger $logger
+     * @param ISession $session
+     * @param string $appName
+     * @param bool $isLoggedIn
+     * @param bool $isAdminUser
+     * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
+     * @param CSRFTokenManager $csrfTokenManager
+     * @param ContentSecurityPolicyNonceManager $cspNonceManager
+     */
+    public function __construct(IRequest $request,
+                                ControllerMethodReflector $reflector,
+                                INavigationManager $navigationManager,
+                                IURLGenerator $urlGenerator,
+                                ILogger $logger,
+                                ISession $session,
+                                $appName,
+                                $isLoggedIn,
+                                $isAdminUser,
+                                ContentSecurityPolicyManager $contentSecurityPolicyManager,
+                                CsrfTokenManager $csrfTokenManager,
+                                ContentSecurityPolicyNonceManager $cspNonceManager) {
+        $this->navigationManager = $navigationManager;
+        $this->request = $request;
+        $this->reflector = $reflector;
+        $this->appName = $appName;
+        $this->urlGenerator = $urlGenerator;
+        $this->logger = $logger;
+        $this->session = $session;
+        $this->isLoggedIn = $isLoggedIn;
+        $this->isAdminUser = $isAdminUser;
+        $this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
+        $this->csrfTokenManager = $csrfTokenManager;
+        $this->cspNonceManager = $cspNonceManager;
+    }
 
-	/**
-	 * This runs all the security checks before a method call. The
-	 * security checks are determined by inspecting the controller method
-	 * annotations
-	 * @param Controller $controller the controller
-	 * @param string $methodName the name of the method
-	 * @throws SecurityException when a security check fails
-	 */
-	public function beforeController($controller, $methodName) {
+    /**
+     * This runs all the security checks before a method call. The
+     * security checks are determined by inspecting the controller method
+     * annotations
+     * @param Controller $controller the controller
+     * @param string $methodName the name of the method
+     * @throws SecurityException when a security check fails
+     */
+    public function beforeController($controller, $methodName) {
 
-		// this will set the current navigation entry of the app, use this only
-		// for normal HTML requests and not for AJAX requests
-		$this->navigationManager->setActiveEntry($this->appName);
+        // this will set the current navigation entry of the app, use this only
+        // for normal HTML requests and not for AJAX requests
+        $this->navigationManager->setActiveEntry($this->appName);
 
-		// security checks
-		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
-		if(!$isPublicPage) {
-			if(!$this->isLoggedIn) {
-				throw new NotLoggedInException();
-			}
+        // security checks
+        $isPublicPage = $this->reflector->hasAnnotation('PublicPage');
+        if(!$isPublicPage) {
+            if(!$this->isLoggedIn) {
+                throw new NotLoggedInException();
+            }
 
-			if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
-				if(!$this->isAdminUser) {
-					throw new NotAdminException();
-				}
-			}
-		}
+            if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
+                if(!$this->isAdminUser) {
+                    throw new NotAdminException();
+                }
+            }
+        }
 
-		if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
-			$lastConfirm = (int) $this->session->get('last-password-confirm');
-			if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
-				throw new NotConfirmedException();
-			}
-		}
+        if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
+            $lastConfirm = (int) $this->session->get('last-password-confirm');
+            if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
+                throw new NotConfirmedException();
+            }
+        }
 
-		// Check for strict cookie requirement
-		if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			if(!$this->request->passesStrictCookieCheck()) {
-				throw new StrictCookieMissingException();
-			}
-		}
-		// CSRF check - also registers the CSRF token since the session may be closed later
-		Util::callRegister();
-		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			/*
+        // Check for strict cookie requirement
+        if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
+            if(!$this->request->passesStrictCookieCheck()) {
+                throw new StrictCookieMissingException();
+            }
+        }
+        // CSRF check - also registers the CSRF token since the session may be closed later
+        Util::callRegister();
+        if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
+            /*
 			 * Only allow the CSRF check to fail on OCS Requests. This kind of
 			 * hacks around that we have no full token auth in place yet and we
 			 * do want to offer CSRF checks for web requests.
 			 */
-			if(!$this->request->passesCSRFCheck() && !(
-					$controller instanceof OCSController &&
-					$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
-				throw new CrossSiteRequestForgeryException();
-			}
-		}
+            if(!$this->request->passesCSRFCheck() && !(
+                    $controller instanceof OCSController &&
+                    $this->request->getHeader('OCS-APIREQUEST') === 'true')) {
+                throw new CrossSiteRequestForgeryException();
+            }
+        }
 
-		/**
-		 * FIXME: Use DI once available
-		 * Checks if app is enabled (also includes a check whether user is allowed to access the resource)
-		 * The getAppPath() check is here since components such as settings also use the AppFramework and
-		 * therefore won't pass this check.
-		 */
-		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
-			throw new AppNotEnabledException();
-		}
+        /**
+         * FIXME: Use DI once available
+         * Checks if app is enabled (also includes a check whether user is allowed to access the resource)
+         * The getAppPath() check is here since components such as settings also use the AppFramework and
+         * therefore won't pass this check.
+         */
+        if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+            throw new AppNotEnabledException();
+        }
 
-	}
+    }
 
-	/**
-	 * Performs the default CSP modifications that may be injected by other
-	 * applications
-	 *
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param Response $response
-	 * @return Response
-	 */
-	public function afterController($controller, $methodName, Response $response) {
-		$policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy();
+    /**
+     * Performs the default CSP modifications that may be injected by other
+     * applications
+     *
+     * @param Controller $controller
+     * @param string $methodName
+     * @param Response $response
+     * @return Response
+     */
+    public function afterController($controller, $methodName, Response $response) {
+        $policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy();
 
-		if (get_class($policy) === EmptyContentSecurityPolicy::class) {
-			return $response;
-		}
+        if (get_class($policy) === EmptyContentSecurityPolicy::class) {
+            return $response;
+        }
 
-		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
-		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
+        $defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
+        $defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
 
-		if($this->cspNonceManager->browserSupportsCspV3()) {
-			$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
-		}
+        if($this->cspNonceManager->browserSupportsCspV3()) {
+            $defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
+        }
 
-		$response->setContentSecurityPolicy($defaultPolicy);
+        $response->setContentSecurityPolicy($defaultPolicy);
 
-		return $response;
-	}
+        return $response;
+    }
 
-	/**
-	 * If an SecurityException is being caught, ajax requests return a JSON error
-	 * response and non ajax requests redirect to the index
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param \Exception $exception the thrown exception
-	 * @throws \Exception the passed in exception if it can't handle it
-	 * @return Response a Response object or null in case that the exception could not be handled
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof SecurityException) {
-			if($exception instanceof StrictCookieMissingException) {
-				return new RedirectResponse(\OC::$WEBROOT);
- 			}
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
-				$response = new JSONResponse(
-					array('message' => $exception->getMessage()),
-					$exception->getCode()
-				);
-			} else {
-				if($exception instanceof NotLoggedInException) {
-					$url = $this->urlGenerator->linkToRoute(
-						'core.login.showLoginForm',
-						[
-							'redirect_url' => $this->request->server['REQUEST_URI'],
-						]
-					);
-					$response = new RedirectResponse($url);
-				} else {
-					$response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
-					$response->setStatus($exception->getCode());
-				}
-			}
+    /**
+     * If an SecurityException is being caught, ajax requests return a JSON error
+     * response and non ajax requests redirect to the index
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param \Exception $exception the thrown exception
+     * @throws \Exception the passed in exception if it can't handle it
+     * @return Response a Response object or null in case that the exception could not be handled
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if($exception instanceof SecurityException) {
+            if($exception instanceof StrictCookieMissingException) {
+                return new RedirectResponse(\OC::$WEBROOT);
+                }
+            if (stripos($this->request->getHeader('Accept'),'html') === false) {
+                $response = new JSONResponse(
+                    array('message' => $exception->getMessage()),
+                    $exception->getCode()
+                );
+            } else {
+                if($exception instanceof NotLoggedInException) {
+                    $url = $this->urlGenerator->linkToRoute(
+                        'core.login.showLoginForm',
+                        [
+                            'redirect_url' => $this->request->server['REQUEST_URI'],
+                        ]
+                    );
+                    $response = new RedirectResponse($url);
+                } else {
+                    $response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
+                    $response->setStatus($exception->getCode());
+                }
+            }
 
-			$this->logger->debug($exception->getMessage());
-			return $response;
-		}
+            $this->logger->debug($exception->getMessage());
+            return $response;
+        }
 
-		throw $exception;
-	}
+        throw $exception;
+    }
 
 }

Spacing +14 added lines, -14 removed lines

@@ -144,13 +144,13 @@ 
 
 		// security checks
 		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
-		if(!$isPublicPage) {
-			if(!$this->isLoggedIn) {
+		if (!$isPublicPage) {
+			if (!$this->isLoggedIn) {
 				throw new NotLoggedInException();
 			}
 
-			if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
-				if(!$this->isAdminUser) {
+			if (!$this->reflector->hasAnnotation('NoAdminRequired')) {
+				if (!$this->isAdminUser) {
 					throw new NotAdminException();
 				}
 			}
@@ -164,20 +164,20 @@ 
 		}
 
 		// Check for strict cookie requirement
-		if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			if(!$this->request->passesStrictCookieCheck()) {
+		if ($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
+			if (!$this->request->passesStrictCookieCheck()) {
 				throw new StrictCookieMissingException();
 			}
 		}
 		// CSRF check - also registers the CSRF token since the session may be closed later
 		Util::callRegister();
-		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
+		if (!$this->reflector->hasAnnotation('NoCSRFRequired')) {
 			/*
 			 * Only allow the CSRF check to fail on OCS Requests. This kind of
 			 * hacks around that we have no full token auth in place yet and we
 			 * do want to offer CSRF checks for web requests.
 			 */
-			if(!$this->request->passesCSRFCheck() && !(
+			if (!$this->request->passesCSRFCheck() && !(
 					$controller instanceof OCSController &&
 					$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
 				throw new CrossSiteRequestForgeryException();
@@ -190,7 +190,7 @@ 
 		 * The getAppPath() check is here since components such as settings also use the AppFramework and
 		 * therefore won't pass this check.
 		 */
-		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+		if (\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
 			throw new AppNotEnabledException();
 		}
 
@@ -215,7 +215,7 @@ 
 		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
 		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
 
-		if($this->cspNonceManager->browserSupportsCspV3()) {
+		if ($this->cspNonceManager->browserSupportsCspV3()) {
 			$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
 		}
 
@@ -235,17 +235,17 @@ 
 	 * @return Response a Response object or null in case that the exception could not be handled
 	 */
 	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof SecurityException) {
-			if($exception instanceof StrictCookieMissingException) {
+		if ($exception instanceof SecurityException) {
+			if ($exception instanceof StrictCookieMissingException) {
 				return new RedirectResponse(\OC::$WEBROOT);
  			}
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
+			if (stripos($this->request->getHeader('Accept'), 'html') === false) {
 				$response = new JSONResponse(
 					array('message' => $exception->getMessage()),
 					$exception->getCode()
 				);
 			} else {
-				if($exception instanceof NotLoggedInException) {
+				if ($exception instanceof NotLoggedInException) {
 					$url = $this->urlGenerator->linkToRoute(
 						'core.login.showLoginForm',
 						[

core/Controller/LoginController.php

Indentation +241 added lines, -241 removed lines

@@ -49,271 +49,271 @@
 use OC\Hooks\PublicEmitter;
 
 class LoginController extends Controller {
-	/** @var IUserManager */
-	private $userManager;
-	/** @var IConfig */
-	private $config;
-	/** @var ISession */
-	private $session;
-	/** @var IUserSession|Session */
-	private $userSession;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ILogger */
-	private $logger;
-	/** @var Manager */
-	private $twoFactorManager;
+    /** @var IUserManager */
+    private $userManager;
+    /** @var IConfig */
+    private $config;
+    /** @var ISession */
+    private $session;
+    /** @var IUserSession|Session */
+    private $userSession;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ILogger */
+    private $logger;
+    /** @var Manager */
+    private $twoFactorManager;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserManager $userManager
-	 * @param IConfig $config
-	 * @param ISession $session
-	 * @param IUserSession $userSession
-	 * @param IURLGenerator $urlGenerator
-	 * @param ILogger $logger
-	 * @param Manager $twoFactorManager
-	 */
-	public function __construct($appName,
-						 IRequest $request,
-						 IUserManager $userManager,
-						 IConfig $config,
-						 ISession $session,
-						 IUserSession $userSession,
-						 IURLGenerator $urlGenerator,
-						 ILogger $logger,
-						 Manager $twoFactorManager) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->config = $config;
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->urlGenerator = $urlGenerator;
-		$this->logger = $logger;
-		$this->twoFactorManager = $twoFactorManager;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserManager $userManager
+     * @param IConfig $config
+     * @param ISession $session
+     * @param IUserSession $userSession
+     * @param IURLGenerator $urlGenerator
+     * @param ILogger $logger
+     * @param Manager $twoFactorManager
+     */
+    public function __construct($appName,
+                            IRequest $request,
+                            IUserManager $userManager,
+                            IConfig $config,
+                            ISession $session,
+                            IUserSession $userSession,
+                            IURLGenerator $urlGenerator,
+                            ILogger $logger,
+                            Manager $twoFactorManager) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->config = $config;
+        $this->session = $session;
+        $this->userSession = $userSession;
+        $this->urlGenerator = $urlGenerator;
+        $this->logger = $logger;
+        $this->twoFactorManager = $twoFactorManager;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @return RedirectResponse
-	 */
-	public function logout() {
-		$loginToken = $this->request->getCookie('nc_token');
-		if (!is_null($loginToken)) {
-			$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
-		}
-		$this->userSession->logout();
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @return RedirectResponse
+     */
+    public function logout() {
+        $loginToken = $this->request->getCookie('nc_token');
+        if (!is_null($loginToken)) {
+            $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
+        }
+        $this->userSession->logout();
 
-		return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
-	}
+        return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $user
-	 * @param string $redirect_url
-	 * @param string $remember_login
-	 *
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showLoginForm($user, $redirect_url, $remember_login) {
-		if ($this->userSession->isLoggedIn()) {
-			return new RedirectResponse(OC_Util::getDefaultPageUrl());
-		}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $user
+     * @param string $redirect_url
+     * @param string $remember_login
+     *
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showLoginForm($user, $redirect_url, $remember_login) {
+        if ($this->userSession->isLoggedIn()) {
+            return new RedirectResponse(OC_Util::getDefaultPageUrl());
+        }
 
-		$parameters = array();
-		$loginMessages = $this->session->get('loginMessages');
-		$errors = [];
-		$messages = [];
-		if (is_array($loginMessages)) {
-			list($errors, $messages) = $loginMessages;
-		}
-		$this->session->remove('loginMessages');
-		foreach ($errors as $value) {
-			$parameters[$value] = true;
-		}
+        $parameters = array();
+        $loginMessages = $this->session->get('loginMessages');
+        $errors = [];
+        $messages = [];
+        if (is_array($loginMessages)) {
+            list($errors, $messages) = $loginMessages;
+        }
+        $this->session->remove('loginMessages');
+        foreach ($errors as $value) {
+            $parameters[$value] = true;
+        }
 
-		$parameters['messages'] = $messages;
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
-		if (!empty($redirect_url)) {
-			$parameters['redirect_url'] = $redirect_url;
-		}
+        $parameters['messages'] = $messages;
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
+        if (!empty($redirect_url)) {
+            $parameters['redirect_url'] = $redirect_url;
+        }
 
-		$parameters['canResetPassword'] = true;
-		$parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
-		if (!$parameters['resetPasswordLink']) {
-			if (!is_null($user) && $user !== '') {
-				$userObj = $this->userManager->get($user);
-				if ($userObj instanceof IUser) {
-					$parameters['canResetPassword'] = $userObj->canChangePassword();
-				}
-			}
-		}
+        $parameters['canResetPassword'] = true;
+        $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
+        if (!$parameters['resetPasswordLink']) {
+            if (!is_null($user) && $user !== '') {
+                $userObj = $this->userManager->get($user);
+                if ($userObj instanceof IUser) {
+                    $parameters['canResetPassword'] = $userObj->canChangePassword();
+                }
+            }
+        }
 
-		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
-		$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
+        $parameters['alt_login'] = OC_App::getAlternativeLogIns();
+        $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
 
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
 
-		return new TemplateResponse(
-			$this->appName, 'login', $parameters, 'guest'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName, 'login', $parameters, 'guest'
+        );
+    }
 
-	/**
-	 * @param string $redirectUrl
-	 * @return RedirectResponse
-	 */
-	private function generateRedirect($redirectUrl) {
-		if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
-			$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
-			// Deny the redirect if the URL contains a @
-			// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
-			if (strpos($location, '@') === false) {
-				return new RedirectResponse($location);
-			}
-		}
-		return new RedirectResponse(OC_Util::getDefaultPageUrl());
-	}
+    /**
+     * @param string $redirectUrl
+     * @return RedirectResponse
+     */
+    private function generateRedirect($redirectUrl) {
+        if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
+            $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
+            // Deny the redirect if the URL contains a @
+            // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
+            if (strpos($location, '@') === false) {
+                return new RedirectResponse($location);
+            }
+        }
+        return new RedirectResponse(OC_Util::getDefaultPageUrl());
+    }
 
-	/**
-	 * @PublicPage
-	 * @UseSession
-	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=login)
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @param string $redirect_url
-	 * @param boolean $remember_login
-	 * @param string $timezone
-	 * @param string $timezone_offset
-	 * @return RedirectResponse
-	 */
-	public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
-		if(!is_string($user)) {
-			throw new \InvalidArgumentException('Username must be string');
-		}
+    /**
+     * @PublicPage
+     * @UseSession
+     * @NoCSRFRequired
+     * @BruteForceProtection(action=login)
+     *
+     * @param string $user
+     * @param string $password
+     * @param string $redirect_url
+     * @param boolean $remember_login
+     * @param string $timezone
+     * @param string $timezone_offset
+     * @return RedirectResponse
+     */
+    public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
+        if(!is_string($user)) {
+            throw new \InvalidArgumentException('Username must be string');
+        }
 
-		// If the user is already logged in and the CSRF check does not pass then
-		// simply redirect the user to the correct page as required. This is the
-		// case when an user has already logged-in, in another tab.
-		if(!$this->request->passesCSRFCheck()) {
-			return $this->generateRedirect($redirect_url);
-		}
+        // If the user is already logged in and the CSRF check does not pass then
+        // simply redirect the user to the correct page as required. This is the
+        // case when an user has already logged-in, in another tab.
+        if(!$this->request->passesCSRFCheck()) {
+            return $this->generateRedirect($redirect_url);
+        }
 
-		if ($this->userManager instanceof PublicEmitter) {
-			$this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
-		}
+        if ($this->userManager instanceof PublicEmitter) {
+            $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
+        }
 
-		$originalUser = $user;
-		// TODO: Add all the insane error handling
-		/* @var $loginResult IUser */
-		$loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
-		if ($loginResult === false) {
-			$users = $this->userManager->getByEmail($user);
-			// we only allow login by email if unique
-			if (count($users) === 1) {
-				$user = $users[0]->getUID();
-				$loginResult = $this->userManager->checkPassword($user, $password);
-			} else {
-				$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
-			}
-		}
-		if ($loginResult === false) {
-			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
-			$args = !is_null($user) ? ['user' => $originalUser] : [];
-			$response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
-			$response->throttle();
-			$this->session->set('loginMessages', [
-				['invalidpassword'], []
-			]);
-			return $response;
-		}
-		// TODO: remove password checks from above and let the user session handle failures
-		// requires https://github.com/owncloud/core/pull/24616
-		$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
-		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
+        $originalUser = $user;
+        // TODO: Add all the insane error handling
+        /* @var $loginResult IUser */
+        $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
+        if ($loginResult === false) {
+            $users = $this->userManager->getByEmail($user);
+            // we only allow login by email if unique
+            if (count($users) === 1) {
+                $user = $users[0]->getUID();
+                $loginResult = $this->userManager->checkPassword($user, $password);
+            } else {
+                $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
+            }
+        }
+        if ($loginResult === false) {
+            // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
+            $args = !is_null($user) ? ['user' => $originalUser] : [];
+            $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
+            $response->throttle();
+            $this->session->set('loginMessages', [
+                ['invalidpassword'], []
+            ]);
+            return $response;
+        }
+        // TODO: remove password checks from above and let the user session handle failures
+        // requires https://github.com/owncloud/core/pull/24616
+        $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
+        $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
 
-		// User has successfully logged in, now remove the password reset link, when it is available
-		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
+        // User has successfully logged in, now remove the password reset link, when it is available
+        $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
 
-		$this->session->set('last-password-confirm', $loginResult->getLastLogin());
+        $this->session->set('last-password-confirm', $loginResult->getLastLogin());
 
-		if ($timezone_offset !== '') {
-			$this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
-			$this->session->set('timezone', $timezone_offset);
-		}
+        if ($timezone_offset !== '') {
+            $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
+            $this->session->set('timezone', $timezone_offset);
+        }
 
-		if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
-			$this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
+        if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
+            $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
 
-			$providers = $this->twoFactorManager->getProviders($loginResult);
-			if (count($providers) === 1) {
-				// Single provider, hence we can redirect to that provider's challenge page directly
-				/* @var $provider IProvider */
-				$provider = array_pop($providers);
-				$url = 'core.TwoFactorChallenge.showChallenge';
-				$urlParams = [
-					'challengeProviderId' => $provider->getId(),
-				];
-			} else {
-				$url = 'core.TwoFactorChallenge.selectChallenge';
-				$urlParams = [];
-			}
+            $providers = $this->twoFactorManager->getProviders($loginResult);
+            if (count($providers) === 1) {
+                // Single provider, hence we can redirect to that provider's challenge page directly
+                /* @var $provider IProvider */
+                $provider = array_pop($providers);
+                $url = 'core.TwoFactorChallenge.showChallenge';
+                $urlParams = [
+                    'challengeProviderId' => $provider->getId(),
+                ];
+            } else {
+                $url = 'core.TwoFactorChallenge.selectChallenge';
+                $urlParams = [];
+            }
 
-			if (!is_null($redirect_url)) {
-				$urlParams['redirect_url'] = $redirect_url;
-			}
+            if (!is_null($redirect_url)) {
+                $urlParams['redirect_url'] = $redirect_url;
+            }
 
-			return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
-		}
+            return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
+        }
 
-		if ($remember_login) {
-			$this->userSession->createRememberMeToken($loginResult);
-		}
+        if ($remember_login) {
+            $this->userSession->createRememberMeToken($loginResult);
+        }
 
-		return $this->generateRedirect($redirect_url);
-	}
+        return $this->generateRedirect($redirect_url);
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 * @BruteForceProtection(action=sudo)
-	 *
-	 * @license GNU AGPL version 3 or any later version
-	 *
-	 * @param string $password
-	 * @return DataResponse
-	 */
-	public function confirmPassword($password) {
-		$loginName = $this->userSession->getLoginName();
-		$loginResult = $this->userManager->checkPassword($loginName, $password);
-		if ($loginResult === false) {
-			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
-			$response->throttle();
-			return $response;
-		}
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     * @BruteForceProtection(action=sudo)
+     *
+     * @license GNU AGPL version 3 or any later version
+     *
+     * @param string $password
+     * @return DataResponse
+     */
+    public function confirmPassword($password) {
+        $loginName = $this->userSession->getLoginName();
+        $loginResult = $this->userManager->checkPassword($loginName, $password);
+        if ($loginResult === false) {
+            $response = new DataResponse([], Http::STATUS_FORBIDDEN);
+            $response->throttle();
+            return $response;
+        }
 
-		$confirmTimestamp = time();
-		$this->session->set('last-password-confirm', $confirmTimestamp);
-		return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
-	}
+        $confirmTimestamp = time();
+        $this->session->set('last-password-confirm', $confirmTimestamp);
+        return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
+    }
 }

Spacing +4 added lines, -4 removed lines

@@ -208,14 +208,14 @@ 
 	 * @return RedirectResponse
 	 */
 	public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
-		if(!is_string($user)) {
+		if (!is_string($user)) {
 			throw new \InvalidArgumentException('Username must be string');
 		}
 
 		// If the user is already logged in and the CSRF check does not pass then
 		// simply redirect the user to the correct page as required. This is the
 		// case when an user has already logged-in, in another tab.
-		if(!$this->request->passesCSRFCheck()) {
+		if (!$this->request->passesCSRFCheck()) {
 			return $this->generateRedirect($redirect_url);
 		}
 
@@ -234,7 +234,7 @@ 
 				$user = $users[0]->getUID();
 				$loginResult = $this->userManager->checkPassword($user, $password);
 			} else {
-				$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
+				$this->logger->warning('Login failed: \''.$user.'\' (Remote IP: \''.$this->request->getRemoteAddress().'\')', ['app' => 'core']);
 			}
 		}
 		if ($loginResult === false) {
@@ -250,7 +250,7 @@ 
 		// TODO: remove password checks from above and let the user session handle failures
 		// requires https://github.com/owncloud/core/pull/24616
 		$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
-		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
+		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int) $remember_login);
 
 		// User has successfully logged in, now remove the password reset link, when it is available
 		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');

lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php

Indentation +40 added lines, -40 removed lines

@@ -35,49 +35,49 @@
  * @package OC\AppFramework\Middleware\Security
  */
 class BruteForceMiddleware extends Middleware {
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var Throttler */
-	private $throttler;
-	/** @var IRequest */
-	private $request;
+    /** @var ControllerMethodReflector */
+    private $reflector;
+    /** @var Throttler */
+    private $throttler;
+    /** @var IRequest */
+    private $request;
 
-	/**
-	 * @param ControllerMethodReflector $controllerMethodReflector
-	 * @param Throttler $throttler
-	 * @param IRequest $request
-	 */
-	public function __construct(ControllerMethodReflector $controllerMethodReflector,
-								Throttler $throttler,
-								IRequest $request) {
-		$this->reflector = $controllerMethodReflector;
-		$this->throttler = $throttler;
-		$this->request = $request;
-	}
+    /**
+     * @param ControllerMethodReflector $controllerMethodReflector
+     * @param Throttler $throttler
+     * @param IRequest $request
+     */
+    public function __construct(ControllerMethodReflector $controllerMethodReflector,
+                                Throttler $throttler,
+                                IRequest $request) {
+        $this->reflector = $controllerMethodReflector;
+        $this->throttler = $throttler;
+        $this->request = $request;
+    }
 
-	/**
-	 * {@inheritDoc}
-	 */
-	public function beforeController($controller, $methodName) {
-		parent::beforeController($controller, $methodName);
+    /**
+     * {@inheritDoc}
+     */
+    public function beforeController($controller, $methodName) {
+        parent::beforeController($controller, $methodName);
 
-		if($this->reflector->hasAnnotation('BruteForceProtection')) {
-			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
-			$this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
-		}
-	}
+        if($this->reflector->hasAnnotation('BruteForceProtection')) {
+            $action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
+            $this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
+        }
+    }
 
-	/**
-	 * {@inheritDoc}
-	 */
-	public function afterController($controller, $methodName, Response $response) {
-		if($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
-			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
-			$ip = $this->request->getRemoteAddress();
-			$this->throttler->sleepDelay($ip, $action);
-			$this->throttler->registerAttempt($action, $ip);
-		}
+    /**
+     * {@inheritDoc}
+     */
+    public function afterController($controller, $methodName, Response $response) {
+        if($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
+            $action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
+            $ip = $this->request->getRemoteAddress();
+            $this->throttler->sleepDelay($ip, $action);
+            $this->throttler->registerAttempt($action, $ip);
+        }
 
-		return parent::afterController($controller, $methodName, $response);
-	}
+        return parent::afterController($controller, $methodName, $response);
+    }
 }

Spacing +2 added lines, -2 removed lines

@@ -61,7 +61,7 @@ 
 	public function beforeController($controller, $methodName) {
 		parent::beforeController($controller, $methodName);
 
-		if($this->reflector->hasAnnotation('BruteForceProtection')) {
+		if ($this->reflector->hasAnnotation('BruteForceProtection')) {
 			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
 			$this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
 		}
@@ -71,7 +71,7 @@ 
 	 * {@inheritDoc}
 	 */
 	public function afterController($controller, $methodName, Response $response) {
-		if($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
+		if ($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
 			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
 			$ip = $this->request->getRemoteAddress();
 			$this->throttler->sleepDelay($ip, $action);

lib/private/AppFramework/DependencyInjection/DIContainer.php

Indentation +372 added lines, -372 removed lines

@@ -62,376 +62,376 @@
 
 class DIContainer extends SimpleContainer implements IAppContainer {
 
-	/**
-	 * @var array
-	 */
-	private $middleWares = array();
-
-	/** @var ServerContainer */
-	private $server;
-
-	/**
-	 * Put your class dependencies in here
-	 * @param string $appName the name of the app
-	 * @param array $urlParams
-	 * @param ServerContainer $server
-	 */
-	public function __construct($appName, $urlParams = array(), ServerContainer $server = null){
-		parent::__construct();
-		$this['AppName'] = $appName;
-		$this['urlParams'] = $urlParams;
-
-		/** @var \OC\ServerContainer $server */
-		if ($server === null) {
-			$server = \OC::$server;
-		}
-		$this->server = $server;
-		$this->server->registerAppContainer($appName, $this);
-
-		// aliases
-		$this->registerAlias('appName', 'AppName');
-		$this->registerAlias('webRoot', 'WebRoot');
-		$this->registerAlias('userId', 'UserId');
-
-		/**
-		 * Core services
-		 */
-		$this->registerService(IOutput::class, function($c){
-			return new Output($this->getServer()->getWebRoot());
-		});
-
-		$this->registerService(Folder::class, function() {
-			return $this->getServer()->getUserFolder();
-		});
-
-		$this->registerService(IAppData::class, function (SimpleContainer $c) {
-			return $this->getServer()->getAppDataDir($c->query('AppName'));
-		});
-
-		$this->registerService(IL10N::class, function($c) {
-			return $this->getServer()->getL10N($c->query('AppName'));
-		});
-
-		$this->registerAlias(\OCP\AppFramework\Utility\IControllerMethodReflector::class, \OC\AppFramework\Utility\ControllerMethodReflector::class);
-		$this->registerAlias('ControllerMethodReflector', \OCP\AppFramework\Utility\IControllerMethodReflector::class);
-
-		$this->registerService(IRequest::class, function() {
-			return $this->getServer()->query(IRequest::class);
-		});
-		$this->registerAlias('Request', IRequest::class);
-
-		$this->registerAlias(\OCP\AppFramework\Utility\ITimeFactory::class, \OC\AppFramework\Utility\TimeFactory::class);
-		$this->registerAlias('TimeFactory', \OCP\AppFramework\Utility\ITimeFactory::class);
-
-		$this->registerAlias(\OC\User\Session::class, \OCP\IUserSession::class);
-
-		$this->registerService(IServerContainer::class, function ($c) {
-			return $this->getServer();
-		});
-		$this->registerAlias('ServerContainer', IServerContainer::class);
-
-		$this->registerService(\OCP\WorkflowEngine\IManager::class, function ($c) {
-			return $c->query('OCA\WorkflowEngine\Manager');
-		});
-
-		$this->registerService(\OCP\AppFramework\IAppContainer::class, function ($c) {
-			return $c;
-		});
-
-		// commonly used attributes
-		$this->registerService('UserId', function ($c) {
-			return $c->query('OCP\\IUserSession')->getSession()->get('user_id');
-		});
-
-		$this->registerService('WebRoot', function ($c) {
-			return $c->query('ServerContainer')->getWebRoot();
-		});
-
-		$this->registerService('fromMailAddress', function() {
-			return Util::getDefaultEmailAddress('no-reply');
-		});
-
-		$this->registerService('OC_Defaults', function ($c) {
-			return $c->getServer()->getThemingDefaults();
-		});
-
-		$this->registerService('OCP\Encryption\IManager', function ($c) {
-			return $this->getServer()->getEncryptionManager();
-		});
-
-		$this->registerService(IValidator::class, function($c) {
-			return $c->query(Validator::class);
-		});
-
-		$this->registerService(\OC\Security\IdentityProof\Manager::class, function ($c) {
-			return new \OC\Security\IdentityProof\Manager(
-				$this->getServer()->getAppDataDir('identityproof'),
-				$this->getServer()->getCrypto()
-			);
-		});
-
-		/**
-		 * App Framework APIs
-		 */
-		$this->registerService('API', function($c){
-			$c->query('OCP\\ILogger')->debug(
-				'Accessing the API class is deprecated! Use the appropriate ' .
-				'services instead!'
-			);
-			return new API($c['AppName']);
-		});
-
-		$this->registerService('Protocol', function($c){
-			/** @var \OC\Server $server */
-			$server = $c->query('ServerContainer');
-			$protocol = $server->getRequest()->getHttpProtocol();
-			return new Http($_SERVER, $protocol);
-		});
-
-		$this->registerService('Dispatcher', function($c) {
-			return new Dispatcher(
-				$c['Protocol'],
-				$c['MiddlewareDispatcher'],
-				$c['ControllerMethodReflector'],
-				$c['Request']
-			);
-		});
-
-		/**
-		 * App Framework default arguments
-		 */
-		$this->registerParameter('corsMethods', 'PUT, POST, GET, DELETE, PATCH');
-		$this->registerParameter('corsAllowedHeaders', 'Authorization, Content-Type, Accept');
-		$this->registerParameter('corsMaxAge', 1728000);
-
-		/**
-		 * Middleware
-		 */
-		$app = $this;
-		$this->registerService('SecurityMiddleware', function($c) use ($app){
-			/** @var \OC\Server $server */
-			$server = $app->getServer();
-
-			return new SecurityMiddleware(
-				$c['Request'],
-				$c['ControllerMethodReflector'],
-				$server->getNavigationManager(),
-				$server->getURLGenerator(),
-				$server->getLogger(),
-				$server->getSession(),
-				$c['AppName'],
-				$app->isLoggedIn(),
-				$app->isAdminUser(),
-				$server->getContentSecurityPolicyManager(),
-				$server->getCsrfTokenManager(),
-				$server->getContentSecurityPolicyNonceManager()
-			);
-
-		});
-
-		$this->registerService('BruteForceMiddleware', function($c) use ($app) {
-			/** @var \OC\Server $server */
-			$server = $app->getServer();
-
-			return new OC\AppFramework\Middleware\Security\BruteForceMiddleware(
-				$c['ControllerMethodReflector'],
-				$server->getBruteForceThrottler(),
-				$server->getRequest()
-			);
-		});
-
-		$this->registerService('RateLimitingMiddleware', function($c) use ($app) {
-			/** @var \OC\Server $server */
-			$server = $app->getServer();
-
-			return new RateLimitingMiddleware(
-				$server->getRequest(),
-				$server->getUserSession(),
-				$c['ControllerMethodReflector'],
-				$c->query(OC\Security\RateLimiting\Limiter::class)
-			);
-		});
-
-		$this->registerService('CORSMiddleware', function($c) {
-			return new CORSMiddleware(
-				$c['Request'],
-				$c['ControllerMethodReflector'],
-				$c->query(IUserSession::class),
-				$c->getServer()->getBruteForceThrottler()
-			);
-		});
-
-		$this->registerService('SessionMiddleware', function($c) use ($app) {
-			return new SessionMiddleware(
-				$c['Request'],
-				$c['ControllerMethodReflector'],
-				$app->getServer()->getSession()
-			);
-		});
-
-		$this->registerService('TwoFactorMiddleware', function (SimpleContainer $c) use ($app) {
-			$twoFactorManager = $c->getServer()->getTwoFactorAuthManager();
-			$userSession = $app->getServer()->getUserSession();
-			$session = $app->getServer()->getSession();
-			$urlGenerator = $app->getServer()->getURLGenerator();
-			$reflector = $c['ControllerMethodReflector'];
-			$request = $app->getServer()->getRequest();
-			return new TwoFactorMiddleware($twoFactorManager, $userSession, $session, $urlGenerator, $reflector, $request);
-		});
-
-		$this->registerService('OCSMiddleware', function (SimpleContainer $c) {
-			return new OCSMiddleware(
-				$c['Request']
-			);
-		});
-
-		$middleWares = &$this->middleWares;
-		$this->registerService('MiddlewareDispatcher', function($c) use (&$middleWares) {
-			$dispatcher = new MiddlewareDispatcher();
-			$dispatcher->registerMiddleware($c['CORSMiddleware']);
-			$dispatcher->registerMiddleware($c['OCSMiddleware']);
-			$dispatcher->registerMiddleware($c['SecurityMiddleware']);
-			$dispatcher->registerMiddleware($c['TwoFactorMiddleware']);
-			$dispatcher->registerMiddleware($c['BruteForceMiddleware']);
-			$dispatcher->registerMiddleware($c['RateLimitingMiddleware']);
-
-			foreach($middleWares as $middleWare) {
-				$dispatcher->registerMiddleware($c[$middleWare]);
-			}
-
-			$dispatcher->registerMiddleware($c['SessionMiddleware']);
-			return $dispatcher;
-		});
-
-	}
-
-
-	/**
-	 * @deprecated implements only deprecated methods
-	 * @return IApi
-	 */
-	function getCoreApi()
-	{
-		return $this->query('API');
-	}
-
-	/**
-	 * @return \OCP\IServerContainer
-	 */
-	function getServer()
-	{
-		return $this->server;
-	}
-
-	/**
-	 * @param string $middleWare
-	 * @return boolean|null
-	 */
-	function registerMiddleWare($middleWare) {
-		array_push($this->middleWares, $middleWare);
-	}
-
-	/**
-	 * used to return the appname of the set application
-	 * @return string the name of your application
-	 */
-	function getAppName() {
-		return $this->query('AppName');
-	}
-
-	/**
-	 * @deprecated use IUserSession->isLoggedIn()
-	 * @return boolean
-	 */
-	function isLoggedIn() {
-		return \OC::$server->getUserSession()->isLoggedIn();
-	}
-
-	/**
-	 * @deprecated use IGroupManager->isAdmin($userId)
-	 * @return boolean
-	 */
-	function isAdminUser() {
-		$uid = $this->getUserId();
-		return \OC_User::isAdminUser($uid);
-	}
-
-	private function getUserId() {
-		return $this->getServer()->getSession()->get('user_id');
-	}
-
-	/**
-	 * @deprecated use the ILogger instead
-	 * @param string $message
-	 * @param string $level
-	 * @return mixed
-	 */
-	function log($message, $level) {
-		switch($level){
-			case 'debug':
-				$level = \OCP\Util::DEBUG;
-				break;
-			case 'info':
-				$level = \OCP\Util::INFO;
-				break;
-			case 'warn':
-				$level = \OCP\Util::WARN;
-				break;
-			case 'fatal':
-				$level = \OCP\Util::FATAL;
-				break;
-			default:
-				$level = \OCP\Util::ERROR;
-				break;
-		}
-		\OCP\Util::writeLog($this->getAppName(), $message, $level);
-	}
-
-	/**
-	 * Register a capability
-	 *
-	 * @param string $serviceName e.g. 'OCA\Files\Capabilities'
-	 */
-	public function registerCapability($serviceName) {
-		$this->query('OC\CapabilitiesManager')->registerCapability(function() use ($serviceName) {
-			return $this->query($serviceName);
-		});
-	}
-
-	/**
-	 * @param string $name
-	 * @return mixed
-	 * @throws QueryException if the query could not be resolved
-	 */
-	public function query($name) {
-		try {
-			return $this->queryNoFallback($name);
-		} catch (QueryException $e) {
-			return $this->getServer()->query($name);
-		}
-	}
-
-	/**
-	 * @param string $name
-	 * @return mixed
-	 * @throws QueryException if the query could not be resolved
-	 */
-	public function queryNoFallback($name) {
-		$name = $this->sanitizeName($name);
-
-		if ($this->offsetExists($name)) {
-			return parent::query($name);
-		} else {
-			if ($this['AppName'] === 'settings' && strpos($name, 'OC\\Settings\\') === 0) {
-				return parent::query($name);
-			} else if ($this['AppName'] === 'core' && strpos($name, 'OC\\Core\\') === 0) {
-				return parent::query($name);
-			} else if (strpos($name, \OC\AppFramework\App::buildAppNamespace($this['AppName']) . '\\') === 0) {
-				return parent::query($name);
-			}
-		}
-
-		throw new QueryException('Could not resolve ' . $name . '!' .
-			' Class can not be instantiated');
-	}
+    /**
+     * @var array
+     */
+    private $middleWares = array();
+
+    /** @var ServerContainer */
+    private $server;
+
+    /**
+     * Put your class dependencies in here
+     * @param string $appName the name of the app
+     * @param array $urlParams
+     * @param ServerContainer $server
+     */
+    public function __construct($appName, $urlParams = array(), ServerContainer $server = null){
+        parent::__construct();
+        $this['AppName'] = $appName;
+        $this['urlParams'] = $urlParams;
+
+        /** @var \OC\ServerContainer $server */
+        if ($server === null) {
+            $server = \OC::$server;
+        }
+        $this->server = $server;
+        $this->server->registerAppContainer($appName, $this);
+
+        // aliases
+        $this->registerAlias('appName', 'AppName');
+        $this->registerAlias('webRoot', 'WebRoot');
+        $this->registerAlias('userId', 'UserId');
+
+        /**
+         * Core services
+         */
+        $this->registerService(IOutput::class, function($c){
+            return new Output($this->getServer()->getWebRoot());
+        });
+
+        $this->registerService(Folder::class, function() {
+            return $this->getServer()->getUserFolder();
+        });
+
+        $this->registerService(IAppData::class, function (SimpleContainer $c) {
+            return $this->getServer()->getAppDataDir($c->query('AppName'));
+        });
+
+        $this->registerService(IL10N::class, function($c) {
+            return $this->getServer()->getL10N($c->query('AppName'));
+        });
+
+        $this->registerAlias(\OCP\AppFramework\Utility\IControllerMethodReflector::class, \OC\AppFramework\Utility\ControllerMethodReflector::class);
+        $this->registerAlias('ControllerMethodReflector', \OCP\AppFramework\Utility\IControllerMethodReflector::class);
+
+        $this->registerService(IRequest::class, function() {
+            return $this->getServer()->query(IRequest::class);
+        });
+        $this->registerAlias('Request', IRequest::class);
+
+        $this->registerAlias(\OCP\AppFramework\Utility\ITimeFactory::class, \OC\AppFramework\Utility\TimeFactory::class);
+        $this->registerAlias('TimeFactory', \OCP\AppFramework\Utility\ITimeFactory::class);
+
+        $this->registerAlias(\OC\User\Session::class, \OCP\IUserSession::class);
+
+        $this->registerService(IServerContainer::class, function ($c) {
+            return $this->getServer();
+        });
+        $this->registerAlias('ServerContainer', IServerContainer::class);
+
+        $this->registerService(\OCP\WorkflowEngine\IManager::class, function ($c) {
+            return $c->query('OCA\WorkflowEngine\Manager');
+        });
+
+        $this->registerService(\OCP\AppFramework\IAppContainer::class, function ($c) {
+            return $c;
+        });
+
+        // commonly used attributes
+        $this->registerService('UserId', function ($c) {
+            return $c->query('OCP\\IUserSession')->getSession()->get('user_id');
+        });
+
+        $this->registerService('WebRoot', function ($c) {
+            return $c->query('ServerContainer')->getWebRoot();
+        });
+
+        $this->registerService('fromMailAddress', function() {
+            return Util::getDefaultEmailAddress('no-reply');
+        });
+
+        $this->registerService('OC_Defaults', function ($c) {
+            return $c->getServer()->getThemingDefaults();
+        });
+
+        $this->registerService('OCP\Encryption\IManager', function ($c) {
+            return $this->getServer()->getEncryptionManager();
+        });
+
+        $this->registerService(IValidator::class, function($c) {
+            return $c->query(Validator::class);
+        });
+
+        $this->registerService(\OC\Security\IdentityProof\Manager::class, function ($c) {
+            return new \OC\Security\IdentityProof\Manager(
+                $this->getServer()->getAppDataDir('identityproof'),
+                $this->getServer()->getCrypto()
+            );
+        });
+
+        /**
+         * App Framework APIs
+         */
+        $this->registerService('API', function($c){
+            $c->query('OCP\\ILogger')->debug(
+                'Accessing the API class is deprecated! Use the appropriate ' .
+                'services instead!'
+            );
+            return new API($c['AppName']);
+        });
+
+        $this->registerService('Protocol', function($c){
+            /** @var \OC\Server $server */
+            $server = $c->query('ServerContainer');
+            $protocol = $server->getRequest()->getHttpProtocol();
+            return new Http($_SERVER, $protocol);
+        });
+
+        $this->registerService('Dispatcher', function($c) {
+            return new Dispatcher(
+                $c['Protocol'],
+                $c['MiddlewareDispatcher'],
+                $c['ControllerMethodReflector'],
+                $c['Request']
+            );
+        });
+
+        /**
+         * App Framework default arguments
+         */
+        $this->registerParameter('corsMethods', 'PUT, POST, GET, DELETE, PATCH');
+        $this->registerParameter('corsAllowedHeaders', 'Authorization, Content-Type, Accept');
+        $this->registerParameter('corsMaxAge', 1728000);
+
+        /**
+         * Middleware
+         */
+        $app = $this;
+        $this->registerService('SecurityMiddleware', function($c) use ($app){
+            /** @var \OC\Server $server */
+            $server = $app->getServer();
+
+            return new SecurityMiddleware(
+                $c['Request'],
+                $c['ControllerMethodReflector'],
+                $server->getNavigationManager(),
+                $server->getURLGenerator(),
+                $server->getLogger(),
+                $server->getSession(),
+                $c['AppName'],
+                $app->isLoggedIn(),
+                $app->isAdminUser(),
+                $server->getContentSecurityPolicyManager(),
+                $server->getCsrfTokenManager(),
+                $server->getContentSecurityPolicyNonceManager()
+            );
+
+        });
+
+        $this->registerService('BruteForceMiddleware', function($c) use ($app) {
+            /** @var \OC\Server $server */
+            $server = $app->getServer();
+
+            return new OC\AppFramework\Middleware\Security\BruteForceMiddleware(
+                $c['ControllerMethodReflector'],
+                $server->getBruteForceThrottler(),
+                $server->getRequest()
+            );
+        });
+
+        $this->registerService('RateLimitingMiddleware', function($c) use ($app) {
+            /** @var \OC\Server $server */
+            $server = $app->getServer();
+
+            return new RateLimitingMiddleware(
+                $server->getRequest(),
+                $server->getUserSession(),
+                $c['ControllerMethodReflector'],
+                $c->query(OC\Security\RateLimiting\Limiter::class)
+            );
+        });
+
+        $this->registerService('CORSMiddleware', function($c) {
+            return new CORSMiddleware(
+                $c['Request'],
+                $c['ControllerMethodReflector'],
+                $c->query(IUserSession::class),
+                $c->getServer()->getBruteForceThrottler()
+            );
+        });
+
+        $this->registerService('SessionMiddleware', function($c) use ($app) {
+            return new SessionMiddleware(
+                $c['Request'],
+                $c['ControllerMethodReflector'],
+                $app->getServer()->getSession()
+            );
+        });
+
+        $this->registerService('TwoFactorMiddleware', function (SimpleContainer $c) use ($app) {
+            $twoFactorManager = $c->getServer()->getTwoFactorAuthManager();
+            $userSession = $app->getServer()->getUserSession();
+            $session = $app->getServer()->getSession();
+            $urlGenerator = $app->getServer()->getURLGenerator();
+            $reflector = $c['ControllerMethodReflector'];
+            $request = $app->getServer()->getRequest();
+            return new TwoFactorMiddleware($twoFactorManager, $userSession, $session, $urlGenerator, $reflector, $request);
+        });
+
+        $this->registerService('OCSMiddleware', function (SimpleContainer $c) {
+            return new OCSMiddleware(
+                $c['Request']
+            );
+        });
+
+        $middleWares = &$this->middleWares;
+        $this->registerService('MiddlewareDispatcher', function($c) use (&$middleWares) {
+            $dispatcher = new MiddlewareDispatcher();
+            $dispatcher->registerMiddleware($c['CORSMiddleware']);
+            $dispatcher->registerMiddleware($c['OCSMiddleware']);
+            $dispatcher->registerMiddleware($c['SecurityMiddleware']);
+            $dispatcher->registerMiddleware($c['TwoFactorMiddleware']);
+            $dispatcher->registerMiddleware($c['BruteForceMiddleware']);
+            $dispatcher->registerMiddleware($c['RateLimitingMiddleware']);
+
+            foreach($middleWares as $middleWare) {
+                $dispatcher->registerMiddleware($c[$middleWare]);
+            }
+
+            $dispatcher->registerMiddleware($c['SessionMiddleware']);
+            return $dispatcher;
+        });
+
+    }
+
+
+    /**
+     * @deprecated implements only deprecated methods
+     * @return IApi
+     */
+    function getCoreApi()
+    {
+        return $this->query('API');
+    }
+
+    /**
+     * @return \OCP\IServerContainer
+     */
+    function getServer()
+    {
+        return $this->server;
+    }
+
+    /**
+     * @param string $middleWare
+     * @return boolean|null
+     */
+    function registerMiddleWare($middleWare) {
+        array_push($this->middleWares, $middleWare);
+    }
+
+    /**
+     * used to return the appname of the set application
+     * @return string the name of your application
+     */
+    function getAppName() {
+        return $this->query('AppName');
+    }
+
+    /**
+     * @deprecated use IUserSession->isLoggedIn()
+     * @return boolean
+     */
+    function isLoggedIn() {
+        return \OC::$server->getUserSession()->isLoggedIn();
+    }
+
+    /**
+     * @deprecated use IGroupManager->isAdmin($userId)
+     * @return boolean
+     */
+    function isAdminUser() {
+        $uid = $this->getUserId();
+        return \OC_User::isAdminUser($uid);
+    }
+
+    private function getUserId() {
+        return $this->getServer()->getSession()->get('user_id');
+    }
+
+    /**
+     * @deprecated use the ILogger instead
+     * @param string $message
+     * @param string $level
+     * @return mixed
+     */
+    function log($message, $level) {
+        switch($level){
+            case 'debug':
+                $level = \OCP\Util::DEBUG;
+                break;
+            case 'info':
+                $level = \OCP\Util::INFO;
+                break;
+            case 'warn':
+                $level = \OCP\Util::WARN;
+                break;
+            case 'fatal':
+                $level = \OCP\Util::FATAL;
+                break;
+            default:
+                $level = \OCP\Util::ERROR;
+                break;
+        }
+        \OCP\Util::writeLog($this->getAppName(), $message, $level);
+    }
+
+    /**
+     * Register a capability
+     *
+     * @param string $serviceName e.g. 'OCA\Files\Capabilities'
+     */
+    public function registerCapability($serviceName) {
+        $this->query('OC\CapabilitiesManager')->registerCapability(function() use ($serviceName) {
+            return $this->query($serviceName);
+        });
+    }
+
+    /**
+     * @param string $name
+     * @return mixed
+     * @throws QueryException if the query could not be resolved
+     */
+    public function query($name) {
+        try {
+            return $this->queryNoFallback($name);
+        } catch (QueryException $e) {
+            return $this->getServer()->query($name);
+        }
+    }
+
+    /**
+     * @param string $name
+     * @return mixed
+     * @throws QueryException if the query could not be resolved
+     */
+    public function queryNoFallback($name) {
+        $name = $this->sanitizeName($name);
+
+        if ($this->offsetExists($name)) {
+            return parent::query($name);
+        } else {
+            if ($this['AppName'] === 'settings' && strpos($name, 'OC\\Settings\\') === 0) {
+                return parent::query($name);
+            } else if ($this['AppName'] === 'core' && strpos($name, 'OC\\Core\\') === 0) {
+                return parent::query($name);
+            } else if (strpos($name, \OC\AppFramework\App::buildAppNamespace($this['AppName']) . '\\') === 0) {
+                return parent::query($name);
+            }
+        }
+
+        throw new QueryException('Could not resolve ' . $name . '!' .
+            ' Class can not be instantiated');
+    }
 }

Spacing +20 added lines, -20 removed lines

@@ -76,7 +76,7 @@ 
 	 * @param array $urlParams
 	 * @param ServerContainer $server
 	 */
-	public function __construct($appName, $urlParams = array(), ServerContainer $server = null){
+	public function __construct($appName, $urlParams = array(), ServerContainer $server = null) {
 		parent::__construct();
 		$this['AppName'] = $appName;
 		$this['urlParams'] = $urlParams;
@@ -96,7 +96,7 @@ 
 		/**
 		 * Core services
 		 */
-		$this->registerService(IOutput::class, function($c){
+		$this->registerService(IOutput::class, function($c) {
 			return new Output($this->getServer()->getWebRoot());
 		});
 
@@ -104,7 +104,7 @@ 
 			return $this->getServer()->getUserFolder();
 		});
 
-		$this->registerService(IAppData::class, function (SimpleContainer $c) {
+		$this->registerService(IAppData::class, function(SimpleContainer $c) {
 			return $this->getServer()->getAppDataDir($c->query('AppName'));
 		});
 
@@ -125,25 +125,25 @@ 
 
 		$this->registerAlias(\OC\User\Session::class, \OCP\IUserSession::class);
 
-		$this->registerService(IServerContainer::class, function ($c) {
+		$this->registerService(IServerContainer::class, function($c) {
 			return $this->getServer();
 		});
 		$this->registerAlias('ServerContainer', IServerContainer::class);
 
-		$this->registerService(\OCP\WorkflowEngine\IManager::class, function ($c) {
+		$this->registerService(\OCP\WorkflowEngine\IManager::class, function($c) {
 			return $c->query('OCA\WorkflowEngine\Manager');
 		});
 
-		$this->registerService(\OCP\AppFramework\IAppContainer::class, function ($c) {
+		$this->registerService(\OCP\AppFramework\IAppContainer::class, function($c) {
 			return $c;
 		});
 
 		// commonly used attributes
-		$this->registerService('UserId', function ($c) {
+		$this->registerService('UserId', function($c) {
 			return $c->query('OCP\\IUserSession')->getSession()->get('user_id');
 		});
 
-		$this->registerService('WebRoot', function ($c) {
+		$this->registerService('WebRoot', function($c) {
 			return $c->query('ServerContainer')->getWebRoot();
 		});
 
@@ -151,11 +151,11 @@ 
 			return Util::getDefaultEmailAddress('no-reply');
 		});
 
-		$this->registerService('OC_Defaults', function ($c) {
+		$this->registerService('OC_Defaults', function($c) {
 			return $c->getServer()->getThemingDefaults();
 		});
 
-		$this->registerService('OCP\Encryption\IManager', function ($c) {
+		$this->registerService('OCP\Encryption\IManager', function($c) {
 			return $this->getServer()->getEncryptionManager();
 		});
 
@@ -163,7 +163,7 @@ 
 			return $c->query(Validator::class);
 		});
 
-		$this->registerService(\OC\Security\IdentityProof\Manager::class, function ($c) {
+		$this->registerService(\OC\Security\IdentityProof\Manager::class, function($c) {
 			return new \OC\Security\IdentityProof\Manager(
 				$this->getServer()->getAppDataDir('identityproof'),
 				$this->getServer()->getCrypto()
@@ -173,15 +173,15 @@ 
 		/**
 		 * App Framework APIs
 		 */
-		$this->registerService('API', function($c){
+		$this->registerService('API', function($c) {
 			$c->query('OCP\\ILogger')->debug(
-				'Accessing the API class is deprecated! Use the appropriate ' .
+				'Accessing the API class is deprecated! Use the appropriate '.
 				'services instead!'
 			);
 			return new API($c['AppName']);
 		});
 
-		$this->registerService('Protocol', function($c){
+		$this->registerService('Protocol', function($c) {
 			/** @var \OC\Server $server */
 			$server = $c->query('ServerContainer');
 			$protocol = $server->getRequest()->getHttpProtocol();
@@ -269,7 +269,7 @@ 
 			);
 		});
 
-		$this->registerService('TwoFactorMiddleware', function (SimpleContainer $c) use ($app) {
+		$this->registerService('TwoFactorMiddleware', function(SimpleContainer $c) use ($app) {
 			$twoFactorManager = $c->getServer()->getTwoFactorAuthManager();
 			$userSession = $app->getServer()->getUserSession();
 			$session = $app->getServer()->getSession();
@@ -279,7 +279,7 @@ 
 			return new TwoFactorMiddleware($twoFactorManager, $userSession, $session, $urlGenerator, $reflector, $request);
 		});
 
-		$this->registerService('OCSMiddleware', function (SimpleContainer $c) {
+		$this->registerService('OCSMiddleware', function(SimpleContainer $c) {
 			return new OCSMiddleware(
 				$c['Request']
 			);
@@ -295,7 +295,7 @@ 
 			$dispatcher->registerMiddleware($c['BruteForceMiddleware']);
 			$dispatcher->registerMiddleware($c['RateLimitingMiddleware']);
 
-			foreach($middleWares as $middleWare) {
+			foreach ($middleWares as $middleWare) {
 				$dispatcher->registerMiddleware($c[$middleWare]);
 			}
 
@@ -367,7 +367,7 @@ 
 	 * @return mixed
 	 */
 	function log($message, $level) {
-		switch($level){
+		switch ($level) {
 			case 'debug':
 				$level = \OCP\Util::DEBUG;
 				break;
@@ -426,12 +426,12 @@ 
 				return parent::query($name);
 			} else if ($this['AppName'] === 'core' && strpos($name, 'OC\\Core\\') === 0) {
 				return parent::query($name);
-			} else if (strpos($name, \OC\AppFramework\App::buildAppNamespace($this['AppName']) . '\\') === 0) {
+			} else if (strpos($name, \OC\AppFramework\App::buildAppNamespace($this['AppName']).'\\') === 0) {
 				return parent::query($name);
 			}
 		}
 
-		throw new QueryException('Could not resolve ' . $name . '!' .
+		throw new QueryException('Could not resolve '.$name.'!'.
 			' Class can not be instantiated');
 	}
 }

lib/public/AppFramework/Http/Response.php

Indentation +300 added lines, -300 removed lines

@@ -42,304 +42,304 @@
  */
 class Response {
 
-	/**
-	 * Headers - defaults to ['Cache-Control' => 'no-cache, no-store, must-revalidate']
-	 * @var array
-	 */
-	private $headers = array(
-		'Cache-Control' => 'no-cache, no-store, must-revalidate'
-	);
-
-
-	/**
-	 * Cookies that will be need to be constructed as header
-	 * @var array
-	 */
-	private $cookies = array();
-
-
-	/**
-	 * HTTP status code - defaults to STATUS OK
-	 * @var int
-	 */
-	private $status = Http::STATUS_OK;
-
-
-	/**
-	 * Last modified date
-	 * @var \DateTime
-	 */
-	private $lastModified;
-
-
-	/**
-	 * ETag
-	 * @var string
-	 */
-	private $ETag;
-
-	/** @var ContentSecurityPolicy|null Used Content-Security-Policy */
-	private $contentSecurityPolicy = null;
-
-	/** @var bool */
-	private $throttled = false;
-
-	/**
-	 * Caches the response
-	 * @param int $cacheSeconds the amount of seconds that should be cached
-	 * if 0 then caching will be disabled
-	 * @return $this
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function cacheFor($cacheSeconds) {
-
-		if($cacheSeconds > 0) {
-			$this->addHeader('Cache-Control', 'max-age=' . $cacheSeconds . ', must-revalidate');
-		} else {
-			$this->addHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
-		}
-
-		return $this;
-	}
-
-	/**
-	 * Adds a new cookie to the response
-	 * @param string $name The name of the cookie
-	 * @param string $value The value of the cookie
-	 * @param \DateTime|null $expireDate Date on that the cookie should expire, if set
-	 * 									to null cookie will be considered as session
-	 * 									cookie.
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function addCookie($name, $value, \DateTime $expireDate = null) {
-		$this->cookies[$name] = array('value' => $value, 'expireDate' => $expireDate);
-		return $this;
-	}
-
-
-	/**
-	 * Set the specified cookies
-	 * @param array $cookies array('foo' => array('value' => 'bar', 'expire' => null))
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function setCookies(array $cookies) {
-		$this->cookies = $cookies;
-		return $this;
-	}
-
-
-	/**
-	 * Invalidates the specified cookie
-	 * @param string $name
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function invalidateCookie($name) {
-		$this->addCookie($name, 'expired', new \DateTime('1971-01-01 00:00'));
-		return $this;
-	}
-
-	/**
-	 * Invalidates the specified cookies
-	 * @param array $cookieNames array('foo', 'bar')
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function invalidateCookies(array $cookieNames) {
-		foreach($cookieNames as $cookieName) {
-			$this->invalidateCookie($cookieName);
-		}
-		return $this;
-	}
-
-	/**
-	 * Returns the cookies
-	 * @return array
-	 * @since 8.0.0
-	 */
-	public function getCookies() {
-		return $this->cookies;
-	}
-
-	/**
-	 * Adds a new header to the response that will be called before the render
-	 * function
-	 * @param string $name The name of the HTTP header
-	 * @param string $value The value, null will delete it
-	 * @return $this
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function addHeader($name, $value) {
-		$name = trim($name);  // always remove leading and trailing whitespace
-		                      // to be able to reliably check for security
-		                      // headers
-
-		if(is_null($value)) {
-			unset($this->headers[$name]);
-		} else {
-			$this->headers[$name] = $value;
-		}
-
-		return $this;
-	}
-
-
-	/**
-	 * Set the headers
-	 * @param array $headers value header pairs
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function setHeaders(array $headers) {
-		$this->headers = $headers;
-
-		return $this;
-	}
-
-
-	/**
-	 * Returns the set headers
-	 * @return array the headers
-	 * @since 6.0.0
-	 */
-	public function getHeaders() {
-		$mergeWith = [];
-
-		if($this->lastModified) {
-			$mergeWith['Last-Modified'] =
-				$this->lastModified->format(\DateTime::RFC2822);
-		}
-
-		// Build Content-Security-Policy and use default if none has been specified
-		if(is_null($this->contentSecurityPolicy)) {
-			$this->setContentSecurityPolicy(new ContentSecurityPolicy());
-		}
-		$this->headers['Content-Security-Policy'] = $this->contentSecurityPolicy->buildPolicy();
-
-		if($this->ETag) {
-			$mergeWith['ETag'] = '"' . $this->ETag . '"';
-		}
-
-		return array_merge($mergeWith, $this->headers);
-	}
-
-
-	/**
-	 * By default renders no output
-	 * @return null
-	 * @since 6.0.0
-	 */
-	public function render() {
-		return null;
-	}
-
-
-	/**
-	 * Set response status
-	 * @param int $status a HTTP status code, see also the STATUS constants
-	 * @return Response Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function setStatus($status) {
-		$this->status = $status;
-
-		return $this;
-	}
-
-	/**
-	 * Set a Content-Security-Policy
-	 * @param EmptyContentSecurityPolicy $csp Policy to set for the response object
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function setContentSecurityPolicy(EmptyContentSecurityPolicy $csp) {
-		$this->contentSecurityPolicy = $csp;
-		return $this;
-	}
-
-	/**
-	 * Get the currently used Content-Security-Policy
-	 * @return EmptyContentSecurityPolicy|null Used Content-Security-Policy or null if
-	 *                                    none specified.
-	 * @since 8.1.0
-	 */
-	public function getContentSecurityPolicy() {
-		return $this->contentSecurityPolicy;
-	}
-
-
-	/**
-	 * Get response status
-	 * @since 6.0.0
-	 */
-	public function getStatus() {
-		return $this->status;
-	}
-
-
-	/**
-	 * Get the ETag
-	 * @return string the etag
-	 * @since 6.0.0
-	 */
-	public function getETag() {
-		return $this->ETag;
-	}
-
-
-	/**
-	 * Get "last modified" date
-	 * @return \DateTime RFC2822 formatted last modified date
-	 * @since 6.0.0
-	 */
-	public function getLastModified() {
-		return $this->lastModified;
-	}
-
-
-	/**
-	 * Set the ETag
-	 * @param string $ETag
-	 * @return Response Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function setETag($ETag) {
-		$this->ETag = $ETag;
-
-		return $this;
-	}
-
-
-	/**
-	 * Set "last modified" date
-	 * @param \DateTime $lastModified
-	 * @return Response Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function setLastModified($lastModified) {
-		$this->lastModified = $lastModified;
-
-		return $this;
-	}
-
-	/**
-	 * Marks the response as to throttle. Will be throttled when the
-	 * @BruteForceProtection annotation is added.
-	 *
-	 * @since 12.0.0
-	 */
-	public function throttle() {
-		$this->throttled = true;
-	}
-
-	/**
-	 * Whether the current response is throttled.
-	 *
-	 * @since 12.0.0
-	 */
-	public function isThrottled() {
-		return $this->throttled;
-	}
+    /**
+     * Headers - defaults to ['Cache-Control' => 'no-cache, no-store, must-revalidate']
+     * @var array
+     */
+    private $headers = array(
+        'Cache-Control' => 'no-cache, no-store, must-revalidate'
+    );
+
+
+    /**
+     * Cookies that will be need to be constructed as header
+     * @var array
+     */
+    private $cookies = array();
+
+
+    /**
+     * HTTP status code - defaults to STATUS OK
+     * @var int
+     */
+    private $status = Http::STATUS_OK;
+
+
+    /**
+     * Last modified date
+     * @var \DateTime
+     */
+    private $lastModified;
+
+
+    /**
+     * ETag
+     * @var string
+     */
+    private $ETag;
+
+    /** @var ContentSecurityPolicy|null Used Content-Security-Policy */
+    private $contentSecurityPolicy = null;
+
+    /** @var bool */
+    private $throttled = false;
+
+    /**
+     * Caches the response
+     * @param int $cacheSeconds the amount of seconds that should be cached
+     * if 0 then caching will be disabled
+     * @return $this
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function cacheFor($cacheSeconds) {
+
+        if($cacheSeconds > 0) {
+            $this->addHeader('Cache-Control', 'max-age=' . $cacheSeconds . ', must-revalidate');
+        } else {
+            $this->addHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
+        }
+
+        return $this;
+    }
+
+    /**
+     * Adds a new cookie to the response
+     * @param string $name The name of the cookie
+     * @param string $value The value of the cookie
+     * @param \DateTime|null $expireDate Date on that the cookie should expire, if set
+     * 									to null cookie will be considered as session
+     * 									cookie.
+     * @return $this
+     * @since 8.0.0
+     */
+    public function addCookie($name, $value, \DateTime $expireDate = null) {
+        $this->cookies[$name] = array('value' => $value, 'expireDate' => $expireDate);
+        return $this;
+    }
+
+
+    /**
+     * Set the specified cookies
+     * @param array $cookies array('foo' => array('value' => 'bar', 'expire' => null))
+     * @return $this
+     * @since 8.0.0
+     */
+    public function setCookies(array $cookies) {
+        $this->cookies = $cookies;
+        return $this;
+    }
+
+
+    /**
+     * Invalidates the specified cookie
+     * @param string $name
+     * @return $this
+     * @since 8.0.0
+     */
+    public function invalidateCookie($name) {
+        $this->addCookie($name, 'expired', new \DateTime('1971-01-01 00:00'));
+        return $this;
+    }
+
+    /**
+     * Invalidates the specified cookies
+     * @param array $cookieNames array('foo', 'bar')
+     * @return $this
+     * @since 8.0.0
+     */
+    public function invalidateCookies(array $cookieNames) {
+        foreach($cookieNames as $cookieName) {
+            $this->invalidateCookie($cookieName);
+        }
+        return $this;
+    }
+
+    /**
+     * Returns the cookies
+     * @return array
+     * @since 8.0.0
+     */
+    public function getCookies() {
+        return $this->cookies;
+    }
+
+    /**
+     * Adds a new header to the response that will be called before the render
+     * function
+     * @param string $name The name of the HTTP header
+     * @param string $value The value, null will delete it
+     * @return $this
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function addHeader($name, $value) {
+        $name = trim($name);  // always remove leading and trailing whitespace
+                                // to be able to reliably check for security
+                                // headers
+
+        if(is_null($value)) {
+            unset($this->headers[$name]);
+        } else {
+            $this->headers[$name] = $value;
+        }
+
+        return $this;
+    }
+
+
+    /**
+     * Set the headers
+     * @param array $headers value header pairs
+     * @return $this
+     * @since 8.0.0
+     */
+    public function setHeaders(array $headers) {
+        $this->headers = $headers;
+
+        return $this;
+    }
+
+
+    /**
+     * Returns the set headers
+     * @return array the headers
+     * @since 6.0.0
+     */
+    public function getHeaders() {
+        $mergeWith = [];
+
+        if($this->lastModified) {
+            $mergeWith['Last-Modified'] =
+                $this->lastModified->format(\DateTime::RFC2822);
+        }
+
+        // Build Content-Security-Policy and use default if none has been specified
+        if(is_null($this->contentSecurityPolicy)) {
+            $this->setContentSecurityPolicy(new ContentSecurityPolicy());
+        }
+        $this->headers['Content-Security-Policy'] = $this->contentSecurityPolicy->buildPolicy();
+
+        if($this->ETag) {
+            $mergeWith['ETag'] = '"' . $this->ETag . '"';
+        }
+
+        return array_merge($mergeWith, $this->headers);
+    }
+
+
+    /**
+     * By default renders no output
+     * @return null
+     * @since 6.0.0
+     */
+    public function render() {
+        return null;
+    }
+
+
+    /**
+     * Set response status
+     * @param int $status a HTTP status code, see also the STATUS constants
+     * @return Response Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function setStatus($status) {
+        $this->status = $status;
+
+        return $this;
+    }
+
+    /**
+     * Set a Content-Security-Policy
+     * @param EmptyContentSecurityPolicy $csp Policy to set for the response object
+     * @return $this
+     * @since 8.1.0
+     */
+    public function setContentSecurityPolicy(EmptyContentSecurityPolicy $csp) {
+        $this->contentSecurityPolicy = $csp;
+        return $this;
+    }
+
+    /**
+     * Get the currently used Content-Security-Policy
+     * @return EmptyContentSecurityPolicy|null Used Content-Security-Policy or null if
+     *                                    none specified.
+     * @since 8.1.0
+     */
+    public function getContentSecurityPolicy() {
+        return $this->contentSecurityPolicy;
+    }
+
+
+    /**
+     * Get response status
+     * @since 6.0.0
+     */
+    public function getStatus() {
+        return $this->status;
+    }
+
+
+    /**
+     * Get the ETag
+     * @return string the etag
+     * @since 6.0.0
+     */
+    public function getETag() {
+        return $this->ETag;
+    }
+
+
+    /**
+     * Get "last modified" date
+     * @return \DateTime RFC2822 formatted last modified date
+     * @since 6.0.0
+     */
+    public function getLastModified() {
+        return $this->lastModified;
+    }
+
+
+    /**
+     * Set the ETag
+     * @param string $ETag
+     * @return Response Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function setETag($ETag) {
+        $this->ETag = $ETag;
+
+        return $this;
+    }
+
+
+    /**
+     * Set "last modified" date
+     * @param \DateTime $lastModified
+     * @return Response Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function setLastModified($lastModified) {
+        $this->lastModified = $lastModified;
+
+        return $this;
+    }
+
+    /**
+     * Marks the response as to throttle. Will be throttled when the
+     * @BruteForceProtection annotation is added.
+     *
+     * @since 12.0.0
+     */
+    public function throttle() {
+        $this->throttled = true;
+    }
+
+    /**
+     * Whether the current response is throttled.
+     *
+     * @since 12.0.0
+     */
+    public function isThrottled() {
+        return $this->throttled;
+    }
 }