diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2017-10-24 00:40:17 +0300 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2017-10-24 16:36:28 +0300 |
| commit | ce0c45a4eabbe622500a4b621ccc4393720fc5ad (patch) | |
| tree | 1d2bbcb7ecf7766bf043aaed4ca218e647b99d6c /lib | |
| parent | db1096bcfdf2336ccf6aefb70dd902a63ed615db (diff) | |
Use proper DI for security middleware for app enabled check
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/AppFramework/DependencyInjection/DIContainer.php | 3 | ||||
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 10 |
2 files changed, 10 insertions, 3 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index 2290f0d0045..0ea7eed4ae2 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -230,7 +230,8 @@ class DIContainer extends SimpleContainer implements IAppContainer { $app->isAdminUser(), $server->getContentSecurityPolicyManager(), $server->getCsrfTokenManager(), - $server->getContentSecurityPolicyNonceManager() + $server->getContentSecurityPolicyNonceManager(), + $server->getAppManager() ); }); diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 4e41c946432..52004987909 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -39,6 +39,7 @@ use OC\AppFramework\Utility\ControllerMethodReflector; use OC\Security\CSP\ContentSecurityPolicyManager; use OC\Security\CSP\ContentSecurityPolicyNonceManager; use OC\Security\CSRF\CsrfTokenManager; +use OCP\App\IAppManager; use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\EmptyContentSecurityPolicy; use OCP\AppFramework\Http\RedirectResponse; @@ -87,6 +88,8 @@ class SecurityMiddleware extends Middleware { private $csrfTokenManager; /** @var ContentSecurityPolicyNonceManager */ private $cspNonceManager; + /** @var IAppManager */ + private $appManager; /** * @param IRequest $request @@ -101,6 +104,7 @@ class SecurityMiddleware extends Middleware { * @param ContentSecurityPolicyManager $contentSecurityPolicyManager * @param CSRFTokenManager $csrfTokenManager * @param ContentSecurityPolicyNonceManager $cspNonceManager + * @param IAppManager $appManager */ public function __construct(IRequest $request, ControllerMethodReflector $reflector, @@ -113,7 +117,8 @@ class SecurityMiddleware extends Middleware { $isAdminUser, ContentSecurityPolicyManager $contentSecurityPolicyManager, CsrfTokenManager $csrfTokenManager, - ContentSecurityPolicyNonceManager $cspNonceManager) { + ContentSecurityPolicyNonceManager $cspNonceManager, + IAppManager $appManager) { $this->navigationManager = $navigationManager; $this->request = $request; $this->reflector = $reflector; @@ -126,6 +131,7 @@ class SecurityMiddleware extends Middleware { $this->contentSecurityPolicyManager = $contentSecurityPolicyManager; $this->csrfTokenManager = $csrfTokenManager; $this->cspNonceManager = $cspNonceManager; + $this->appManager = $appManager; } /** @@ -190,7 +196,7 @@ class SecurityMiddleware extends Middleware { * The getAppPath() check is here since components such as settings also use the AppFramework and * therefore won't pass this check. */ - if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) { + if(\OC_App::getAppPath($this->appName) !== false && !$this->appManager->isEnabledForUser($this->appName)) { throw new AppNotEnabledException(); } |