[Pkg-owncloud-commits] [owncloud] 52/172: use new controllermethodreflector for corsmiddleware
David Prévot
taffit at moszumanska.debian.org
Sun May 18 20:09:39 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository owncloud.
commit 63f2f16b852e126cbbf478f2d25232195c5a37e4
Author: Bernhard Posselt <dev at bernhard-posselt.com>
Date: Sun May 11 17:55:59 2014 +0200
use new controllermethodreflector for corsmiddleware
---
.../appframework/dependencyinjection/dicontainer.php | 5 ++++-
.../middleware/security/corsmiddleware.php | 13 ++++++++-----
.../middleware/security/CORSMiddlewareTest.php | 20 +++++++++++++++-----
3 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php
index 0018169..97a6569 100644
--- a/lib/private/appframework/dependencyinjection/dicontainer.php
+++ b/lib/private/appframework/dependencyinjection/dicontainer.php
@@ -104,7 +104,10 @@ class DIContainer extends SimpleContainer implements IAppContainer{
});
$this['CORSMiddleware'] = $this->share(function($c) {
- return new CORSMiddleware($c['Request']);
+ return new CORSMiddleware(
+ $c['Request'],
+ $c['ControllerMethodReflector']
+ );
});
$middleWares = &$this->middleWares;
diff --git a/lib/private/appframework/middleware/security/corsmiddleware.php b/lib/private/appframework/middleware/security/corsmiddleware.php
index e32c5d4..dca3996 100644
--- a/lib/private/appframework/middleware/security/corsmiddleware.php
+++ b/lib/private/appframework/middleware/security/corsmiddleware.php
@@ -11,7 +11,7 @@
namespace OC\AppFramework\Middleware\Security;
-use OC\AppFramework\Utility\MethodAnnotationReader;
+use OC\AppFramework\Utility\ControllerMethodReflector;
use OCP\IRequest;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware;
@@ -25,12 +25,16 @@ use OCP\AppFramework\Middleware;
class CORSMiddleware extends Middleware {
private $request;
+ private $reflector;
/**
* @param IRequest $request
+ * @param ControllerMethodReflector $reflector
*/
- public function __construct(IRequest $request) {
+ public function __construct(IRequest $request,
+ ControllerMethodReflector $reflector) {
$this->request = $request;
+ $this->reflector = $reflector;
}
@@ -46,10 +50,9 @@ class CORSMiddleware extends Middleware {
*/
public function afterController($controller, $methodName, Response $response){
// only react if its a CORS request and if the request sends origin and
- $reflector = new MethodAnnotationReader($controller, $methodName);
if(isset($this->request->server['HTTP_ORIGIN']) &&
- $reflector->hasAnnotation('CORS')) {
+ $this->reflector->hasAnnotation('CORS')) {
// allow credentials headers must not be true or CSRF is possible
// otherwise
@@ -57,7 +60,7 @@ class CORSMiddleware extends Middleware {
if(strtolower($header) === 'access-control-allow-credentials' &&
strtolower(trim($value)) === 'true') {
$msg = 'Access-Control-Allow-Credentials must not be '.
- 'set to true in order to prevent CSRF';
+ 'set to true in order to prevent CSRF';
throw new SecurityException($msg);
}
}
diff --git a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
index 8224e9b..79cd3b2 100644
--- a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
+++ b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
@@ -13,11 +13,19 @@
namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Http\Request;
+use OC\AppFramework\Utility\ControllerMethodReflector;
+
use OCP\AppFramework\Http\Response;
class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
+ private $reflector;
+
+ protected function setUp() {
+ $this->reflector = new ControllerMethodReflector();
+ }
+
/**
* @CORS
*/
@@ -25,11 +33,11 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
$request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test'))
);
+ $this->reflector->reflect($this, __FUNCTION__);
+ $middleware = new CORSMiddleware($request, $this->reflector);
- $middleware = new CORSMiddleware($request);
$response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders();
-
$this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
}
@@ -38,7 +46,7 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
$request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test'))
);
- $middleware = new CORSMiddleware($request);
+ $middleware = new CORSMiddleware($request, $this->reflector);
$response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders();
@@ -51,8 +59,9 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
*/
public function testNoOriginHeaderNoCORSHEADER() {
$request = new Request();
+ $this->reflector->reflect($this, __FUNCTION__);
+ $middleware = new CORSMiddleware($request, $this->reflector);
- $middleware = new CORSMiddleware($request);
$response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders();
$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
@@ -67,7 +76,8 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
$request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test'))
);
- $middleware = new CORSMiddleware($request);
+ $this->reflector->reflect($this, __FUNCTION__);
+ $middleware = new CORSMiddleware($request, $this->reflector);
$response = new Response();
$response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE');
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list