wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup middleware registering

Browse source 
Fixes #12224

Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-11-23 11:11:10 +01:00
parent 36b3117d50
commit 54ff913de6
No known key found for this signature in database
GPG key ID: F941078878347C0C
2 changed files with 87 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

179
lib/private/AppFramework/DependencyInjection/DIContainer.php
View file

@ -58,9 +58,11 @@ use OCP\Files\IAppData;
use OCP\GlobalScale\IConfig;
use OCP\IL10N;
use OCP\ILogger;
use OCP\INavigationManager;
use OCP\IRequest;
use OCP\IServerContainer;
use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUserSession;
use OCA\WorkflowEngine\Manager;
@ -69,7 +71,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
/**
* @var array
*/
private $middleWares = array();
private $middleWares = [];
/** @var ServerContainer */
private $server;
@ -102,7 +104,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
/**
* Core services
*/
$this->registerService(IOutput::class, function($c){
$this->registerService(IOutput::class, function(){
return new Output($this->getServer()->getWebRoot());
});
@ -123,7 +125,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
return new OC\AppFramework\Logger($this->server->query(ILogger::class), $c->query('AppName'));
});
$this->registerService(IServerContainer::class, function ($c) {
$this->registerService(IServerContainer::class, function () {
return $this->getServer();
});
$this->registerAlias('ServerContainer', IServerContainer::class);
@ -179,16 +181,35 @@ class DIContainer extends SimpleContainer implements IAppContainer {
/**
* Middleware
*/
$app = $this;
$this->registerService('SecurityMiddleware', function($c) use ($app){
/** @var \OC\Server $server */
$server = $app->getServer();
$this->registerService('MiddlewareDispatcher', function(SimpleContainer $c) {
$server = $this->getServer();
return new SecurityMiddleware(
$c['Request'],
$server->query(IControllerMethodReflector::class),
$server->getNavigationManager(),
$server->getURLGenerator(),
$dispatcher = new MiddlewareDispatcher();
$dispatcher->registerMiddleware(
new OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class)
)
);
$dispatcher->registerMiddleware(
new CORSMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class),
$c->query(IUserSession::class),
$c->query(OC\Security\Bruteforce\Throttler::class)
)
);
$dispatcher->registerMiddleware(
new OCSMiddleware(
$c->query(IRequest::class)
)
);
$securityMiddleware = new SecurityMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class),
$c->query(INavigationManager::class),
$c->query(IURLGenerator::class),
$server->getLogger(),
$c['AppName'],
$server->getUserSession()->isLoggedIn(),
@ -199,105 +220,59 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$server->getAppManager(),
$server->getL10N('lib')
);
});
$this->registerService(OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware::class, function ($c) use ($app) {
/** @var \OC\Server $server */
$server = $app->getServer();
return new OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware(
$c->query(IControllerMethodReflector::class),
$server->getSession(),
$server->getUserSession(),
$server->query(ITimeFactory::class)
$dispatcher->registerMiddleware($securityMiddleware);
$dispatcher->registerMiddleware(
new OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware(
$c->query(IControllerMethodReflector::class),
$c->query(ISession::class),
$c->query(IUserSession::class),
$c->query(ITimeFactory::class)
)
);
});
$this->registerService('BruteForceMiddleware', function($c) use ($app) {
/** @var \OC\Server $server */
$server = $app->getServer();
return new OC\AppFramework\Middleware\Security\BruteForceMiddleware(
$c->query(IControllerMethodReflector::class),
$server->getBruteForceThrottler(),
$server->getRequest()
$dispatcher->registerMiddleware(
new TwoFactorMiddleware(
$c->query(OC\Authentication\TwoFactorAuth\Manager::class),
$c->query(IUserSession::class),
$c->query(ISession::class),
$c->query(IURLGenerator::class),
$c->query(IControllerMethodReflector::class),
$c->query(IRequest::class)
)
);
});
$this->registerService('RateLimitingMiddleware', function($c) use ($app) {
/** @var \OC\Server $server */
$server = $app->getServer();
return new RateLimitingMiddleware(
$server->getRequest(),
$server->getUserSession(),
$c->query(IControllerMethodReflector::class),
$c->query(OC\Security\RateLimiting\Limiter::class)
$dispatcher->registerMiddleware(
new OC\AppFramework\Middleware\Security\BruteForceMiddleware(
$c->query(IControllerMethodReflector::class),
$c->query(OC\Security\Bruteforce\Throttler::class),
$c->query(IRequest::class)
)
);
});
$this->registerService('CORSMiddleware', function($c) {
return new CORSMiddleware(
$c['Request'],
$c->query(IControllerMethodReflector::class),
$c->query(IUserSession::class),
$c->getServer()->getBruteForceThrottler()
$dispatcher->registerMiddleware(
new RateLimitingMiddleware(
$c->query(IRequest::class),
$c->query(IUserSession::class),
$c->query(IControllerMethodReflector::class),
$c->query(OC\Security\RateLimiting\Limiter::class)
)
);
});
$this->registerService('SessionMiddleware', function($c) use ($app) {
return new SessionMiddleware(
$c['Request'],
$c->query(IControllerMethodReflector::class),
$app->getServer()->getSession()
$dispatcher->registerMiddleware(
new OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware(
$c->query(IRequest::class),
$c->query(ISession::class),
$c->query(\OCP\IConfig::class)
)
);
});
$this->registerService('TwoFactorMiddleware', function (SimpleContainer $c) use ($app) {
$twoFactorManager = $c->getServer()->getTwoFactorAuthManager();
$userSession = $app->getServer()->getUserSession();
$session = $app->getServer()->getSession();
$urlGenerator = $app->getServer()->getURLGenerator();
$reflector = $c->query(IControllerMethodReflector::class);
$request = $app->getServer()->getRequest();
return new TwoFactorMiddleware($twoFactorManager, $userSession, $session, $urlGenerator, $reflector, $request);
});
$this->registerService('OCSMiddleware', function (SimpleContainer $c) {
return new OCSMiddleware(
$c['Request']
);
});
$this->registerService(OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware::class, function (SimpleContainer $c) {
return new OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware(
$c['Request'],
$c->query(IControllerMethodReflector::class)
);
});
$middleWares = &$this->middleWares;
$this->registerService('MiddlewareDispatcher', function(SimpleContainer $c) use (&$middleWares) {
$dispatcher = new MiddlewareDispatcher();
$dispatcher->registerMiddleware($c[OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware::class]);
$dispatcher->registerMiddleware($c['CORSMiddleware']);
$dispatcher->registerMiddleware($c['OCSMiddleware']);
$dispatcher->registerMiddleware($c['SecurityMiddleware']);
$dispatcher->registerMiddleware($c[OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware::class]);
$dispatcher->registerMiddleware($c['TwoFactorMiddleware']);
$dispatcher->registerMiddleware($c['BruteForceMiddleware']);
$dispatcher->registerMiddleware($c['RateLimitingMiddleware']);
$dispatcher->registerMiddleware(new OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware(
$c['Request'],
$c->query(ISession::class),
$c->query(\OCP\IConfig::class)
));
foreach($middleWares as $middleWare) {
foreach($this->middleWares as $middleWare) {
$dispatcher->registerMiddleware($c[$middleWare]);
}
$dispatcher->registerMiddleware($c['SessionMiddleware']);
$dispatcher->registerMiddleware(
new SessionMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class),
$c->query(ISession::class)
)
);
return $dispatcher;
});

19
tests/lib/AppFramework/DependencyInjection/DIContainerTest.php
View file

@ -29,6 +29,7 @@ namespace Test\AppFramework\DependencyInjection;
use OC\AppFramework\DependencyInjection\DIContainer;
use \OC\AppFramework\Http\Request;
use OC\AppFramework\Middleware\Security\SecurityMiddleware;
use OCP\AppFramework\QueryException;
use OCP\IConfig;
use OCP\Security\ISecureRandom;
@ -54,17 +55,10 @@ class DIContainerTest extends \Test\TestCase {
$this->assertTrue(isset($this->container['Request']));
}
public function testProvidesSecurityMiddleware(){
$this->assertTrue(isset($this->container['SecurityMiddleware']));
}
public function testProvidesMiddlewareDispatcher(){
$this->assertTrue(isset($this->container['MiddlewareDispatcher']));
}
public function testProvidesAppName(){
$this->assertTrue(isset($this->container['AppName']));
}
@ -80,10 +74,17 @@ class DIContainerTest extends \Test\TestCase {
$this->createMock(ISecureRandom::class),
$this->createMock(IConfig::class)
);
$security = $this->container['SecurityMiddleware'];
$dispatcher = $this->container['MiddlewareDispatcher'];
$middlewares = $dispatcher->getMiddlewares();
$this->assertContains($security, $dispatcher->getMiddlewares());
$found = false;
foreach ($middlewares as $middleware) {
if ($middleware instanceof SecurityMiddleware) {
$found = true;
}
}
$this->assertTrue($found);
}
public function testInvalidAppClass() {