Skip to content

Commit

Permalink
Merge pull request #46822 from nextcloud/refactor/user_ldap/security-…
Browse files Browse the repository at this point in the history
…attributes
  • Loading branch information
provokateurin authored Jul 30, 2024
2 parents d539717 + 9b8488e commit 1df2f7e
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 19 deletions.
12 changes: 7 additions & 5 deletions apps/user_ldap/lib/Controller/ConfigAPIController.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@
use OCA\User_LDAP\Configuration;
use OCA\User_LDAP\ConnectionFactory;
use OCA\User_LDAP\Helper;
use OCA\User_LDAP\Settings\Admin;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSException;
Expand Down Expand Up @@ -46,12 +48,12 @@ public function __construct(
/**
* Create a new (empty) configuration and return the resulting prefix
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @return DataResponse<Http::STATUS_OK, array{configID: string}, array{}>
* @throws OCSException
*
* 200: Config created successfully
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function create() {
try {
$configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
Expand All @@ -68,14 +70,14 @@ public function create() {
/**
* Delete a LDAP configuration
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID ID of the config
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
* @throws OCSException
* @throws OCSNotFoundException Config not found
*
* 200: Config deleted successfully
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function delete($configID) {
try {
$this->ensureConfigIDExists($configID);
Expand All @@ -95,7 +97,6 @@ public function delete($configID) {
/**
* Modify a configuration
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID ID of the config
* @param array<string, mixed> $configData New config
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
Expand All @@ -105,6 +106,7 @@ public function delete($configID) {
*
* 200: Config returned
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function modify($configID, $configData) {
try {
$this->ensureConfigIDExists($configID);
Expand Down Expand Up @@ -200,7 +202,6 @@ public function modify($configID, $configData) {
* </data>
* </ocs>
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID ID of the config
* @param bool $showPassword Whether to show the password
* @return DataResponse<Http::STATUS_OK, array<string, mixed>, array{}>
Expand All @@ -209,6 +210,7 @@ public function modify($configID, $configData) {
*
* 200: Config returned
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function show($configID, $showPassword = false) {
try {
$this->ensureConfigIDExists($configID);
Expand Down Expand Up @@ -237,10 +239,10 @@ public function show($configID, $showPassword = false) {
/**
* If the given config ID is not available, an exception is thrown
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID
* @throws OCSNotFoundException
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
private function ensureConfigIDExists($configID): void {
$prefixes = $this->ldapHelper->getServerConfigurationPrefixes();
if (!in_array($configID, $prefixes, true)) {
Expand Down
27 changes: 13 additions & 14 deletions apps/user_ldap/lib/Controller/RenewPasswordController.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@
namespace OCA\User_LDAP\Controller;

use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\HintException;
Expand Down Expand Up @@ -49,24 +52,22 @@ public function __construct($appName, IRequest $request, IUserManager $userManag
}

/**
* @PublicPage
* @NoCSRFRequired
*
* @return RedirectResponse
*/
#[PublicPage]
#[NoCSRFRequired]
public function cancel() {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
}

/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* @param string $user
*
* @return TemplateResponse|RedirectResponse
*/
#[PublicPage]
#[NoCSRFRequired]
#[UseSession]
public function showRenewPasswordForm($user) {
if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
Expand Down Expand Up @@ -102,15 +103,14 @@ public function showRenewPasswordForm($user) {
}

/**
* @PublicPage
* @UseSession
*
* @param string $user
* @param string $oldPassword
* @param string $newPassword
*
* @return RedirectResponse
*/
#[PublicPage]
#[UseSession]
public function tryRenewPassword($user, $oldPassword, $newPassword) {
if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
Expand Down Expand Up @@ -146,12 +146,11 @@ public function tryRenewPassword($user, $oldPassword, $newPassword) {
}

/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* @return RedirectResponse
*/
#[PublicPage]
#[NoCSRFRequired]
#[UseSession]
public function showLoginFormInvalidPassword($user) {
$args = !is_null($user) ? ['user' => $user] : [];
$this->session->set('loginMessages', [
Expand Down

0 comments on commit 1df2f7e

Please sign in to comment.