fix: Add proper feature policy
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
Родитель
c64b603fa6
Коммит
398d165a5d
|
|
@ -37,8 +37,9 @@ return array(
|
|||
'OCA\\Richdocuments\\Exceptions\\ExpiredTokenException' => $baseDir . '/../lib/Exceptions/ExpiredTokenException.php',
|
||||
'OCA\\Richdocuments\\Exceptions\\UnknownTokenException' => $baseDir . '/../lib/Exceptions/UnknownTokenException.php',
|
||||
'OCA\\Richdocuments\\Helper' => $baseDir . '/../lib/Helper.php',
|
||||
'OCA\\Richdocuments\\Listener\\AddContentSecurityPolicyListener' => $baseDir . '/../lib/Listener/AddContentSecurityPolicyListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\AddFeaturePolicyListener' => $baseDir . '/../lib/Listener/AddFeaturePolicyListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\BeforeFetchPreviewListener' => $baseDir . '/../lib/Listener/BeforeFetchPreviewListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\CSPListener' => $baseDir . '/../lib/Listener/CSPListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\FileCreatedFromTemplateListener' => $baseDir . '/../lib/Listener/FileCreatedFromTemplateListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\LoadViewerListener' => $baseDir . '/../lib/Listener/LoadViewerListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\ReferenceListener' => $baseDir . '/../lib/Listener/ReferenceListener.php',
|
||||
|
|
|
|||
|
|
@ -52,8 +52,9 @@ class ComposerStaticInitRichdocuments
|
|||
'OCA\\Richdocuments\\Exceptions\\ExpiredTokenException' => __DIR__ . '/..' . '/../lib/Exceptions/ExpiredTokenException.php',
|
||||
'OCA\\Richdocuments\\Exceptions\\UnknownTokenException' => __DIR__ . '/..' . '/../lib/Exceptions/UnknownTokenException.php',
|
||||
'OCA\\Richdocuments\\Helper' => __DIR__ . '/..' . '/../lib/Helper.php',
|
||||
'OCA\\Richdocuments\\Listener\\AddContentSecurityPolicyListener' => __DIR__ . '/..' . '/../lib/Listener/AddContentSecurityPolicyListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\AddFeaturePolicyListener' => __DIR__ . '/..' . '/../lib/Listener/AddFeaturePolicyListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\BeforeFetchPreviewListener' => __DIR__ . '/..' . '/../lib/Listener/BeforeFetchPreviewListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\CSPListener' => __DIR__ . '/..' . '/../lib/Listener/CSPListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\FileCreatedFromTemplateListener' => __DIR__ . '/..' . '/../lib/Listener/FileCreatedFromTemplateListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\LoadViewerListener' => __DIR__ . '/..' . '/../lib/Listener/LoadViewerListener.php',
|
||||
'OCA\\Richdocuments\\Listener\\ReferenceListener' => __DIR__ . '/..' . '/../lib/Listener/ReferenceListener.php',
|
||||
|
|
|
|||
|
|
@ -13,6 +13,9 @@ namespace OCA\Richdocuments;
|
|||
|
||||
use \OCP\IConfig;
|
||||
use OCA\Richdocuments\AppInfo\Application;
|
||||
use OCA\Richdocuments\Service\FederationService;
|
||||
use OCP\App\IAppManager;
|
||||
use OCP\GlobalScale\IConfig as GlobalScaleConfig;
|
||||
|
||||
class AppConfig {
|
||||
public const WOPI_URL = 'wopi_url';
|
||||
|
|
@ -28,7 +31,7 @@ class AppConfig {
|
|||
// Default: 'no', set to 'yes' to enable
|
||||
public const USE_SECURE_VIEW_ADDITIONAL_MIMES = 'use_secure_view_additional_mimes';
|
||||
|
||||
private $defaults = [
|
||||
private array $defaults = [
|
||||
'wopi_url' => '',
|
||||
'timeout' => 15,
|
||||
'watermark_text' => '{userId}',
|
||||
|
|
@ -46,15 +49,15 @@ class AppConfig {
|
|||
'watermark_linkTagsList' => 'array'
|
||||
];
|
||||
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
public function __construct(IConfig $config) {
|
||||
$this->config = $config;
|
||||
public function __construct(
|
||||
private IConfig $config,
|
||||
private IAppManager $appManager,
|
||||
private GlobalScaleConfig $globalScaleConfig,
|
||||
) {
|
||||
}
|
||||
|
||||
public function getAppNamespace($key) {
|
||||
if (strpos($key, 'watermark_') === 0) {
|
||||
if (str_starts_with($key, 'watermark_')) {
|
||||
return self::WATERMARK_APP_NAMESPACE;
|
||||
}
|
||||
return Application::APPNAME;
|
||||
|
|
@ -186,4 +189,57 @@ class AppConfig {
|
|||
public function useSecureViewAdditionalMimes(): bool {
|
||||
return $this->config->getAppValue(Application::APPNAME, self::USE_SECURE_VIEW_ADDITIONAL_MIMES, 'no') === 'yes';
|
||||
}
|
||||
|
||||
public function getDomainList(): array {
|
||||
$urls = array_merge(
|
||||
[ $this->domainOnly($this->getCollaboraUrlPublic()) ],
|
||||
$this->getFederationDomains(),
|
||||
$this->getGSDomains()
|
||||
);
|
||||
|
||||
return array_filter($urls);
|
||||
}
|
||||
|
||||
private function getFederationDomains(): array {
|
||||
if (!$this->appManager->isEnabledForUser('federation')) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$federationService = \OCP\Server::get(FederationService::class);
|
||||
$trustedNextcloudDomains = array_filter(array_map(function ($server) use ($federationService) {
|
||||
return $federationService->isTrustedRemote($server) ? $server : null;
|
||||
}, $federationService->getTrustedServers()));
|
||||
|
||||
$trustedCollaboraDomains = array_filter(array_map(function ($server) use ($federationService) {
|
||||
try {
|
||||
return $federationService->getRemoteCollaboraURL($server);
|
||||
} catch (\Exception $e) {
|
||||
// If there is no remote collabora server we can just skip that
|
||||
return null;
|
||||
}
|
||||
}, $trustedNextcloudDomains));
|
||||
|
||||
return array_map(function ($url) {
|
||||
return $this->domainOnly($url);
|
||||
}, array_merge($trustedNextcloudDomains, $trustedCollaboraDomains));
|
||||
}
|
||||
|
||||
private function getGSDomains(): array {
|
||||
if (!$this->globalScaleConfig->isGlobalScaleEnabled()) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return $this->getGlobalScaleTrustedHosts();
|
||||
}
|
||||
|
||||
/**
|
||||
* Strips the path and query parameters from the URL.
|
||||
*/
|
||||
private function domainOnly(string $url): string {
|
||||
$parsedUrl = parse_url($url);
|
||||
$scheme = isset($parsedUrl['scheme']) ? $parsedUrl['scheme'] . '://' : '';
|
||||
$host = $parsedUrl['host'] ?? '';
|
||||
$port = isset($parsedUrl['port']) ? ':' . $parsedUrl['port'] : '';
|
||||
return "$scheme$host$port";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,8 +28,9 @@ use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
|
|||
use OCA\Richdocuments\AppConfig;
|
||||
use OCA\Richdocuments\Capabilities;
|
||||
use OCA\Richdocuments\Db\WopiMapper;
|
||||
use OCA\Richdocuments\Listener\AddContentSecurityPolicyListener;
|
||||
use OCA\Richdocuments\Listener\AddFeaturePolicyListener;
|
||||
use OCA\Richdocuments\Listener\BeforeFetchPreviewListener;
|
||||
use OCA\Richdocuments\Listener\CSPListener;
|
||||
use OCA\Richdocuments\Listener\FileCreatedFromTemplateListener;
|
||||
use OCA\Richdocuments\Listener\LoadViewerListener;
|
||||
use OCA\Richdocuments\Listener\ReferenceListener;
|
||||
|
|
@ -60,6 +61,7 @@ use OCP\IL10N;
|
|||
use OCP\IPreview;
|
||||
use OCP\Preview\BeforePreviewFetchedEvent;
|
||||
use OCP\Security\CSP\AddContentSecurityPolicyEvent;
|
||||
use OCP\Security\FeaturePolicy\AddFeaturePolicyEvent;
|
||||
use OCP\Server;
|
||||
|
||||
class Application extends App implements IBootstrap {
|
||||
|
|
@ -75,7 +77,8 @@ class Application extends App implements IBootstrap {
|
|||
$context->registerCapability(Capabilities::class);
|
||||
$context->registerMiddleWare(WOPIMiddleware::class);
|
||||
$context->registerEventListener(FileCreatedFromTemplateEvent::class, FileCreatedFromTemplateListener::class);
|
||||
$context->registerEventListener(AddContentSecurityPolicyEvent::class, CSPListener::class);
|
||||
$context->registerEventListener(AddContentSecurityPolicyEvent::class, AddContentSecurityPolicyListener::class);
|
||||
$context->registerEventListener(AddFeaturePolicyEvent::class, AddFeaturePolicyListener::class);
|
||||
$context->registerEventListener(LoadViewer::class, LoadViewerListener::class);
|
||||
$context->registerEventListener(ShareLinkAccessedEvent::class, ShareLinkListener::class);
|
||||
$context->registerEventListener(BeforePreviewFetchedEvent::class, BeforeFetchPreviewListener::class);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @author Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Richdocuments\Listener;
|
||||
|
||||
use OCA\Richdocuments\AppConfig;
|
||||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
|
||||
use OCP\EventDispatcher\Event;
|
||||
use OCP\EventDispatcher\IEventListener;
|
||||
use OCP\IRequest;
|
||||
use OCP\Security\CSP\AddContentSecurityPolicyEvent;
|
||||
|
||||
/** @template-implements IEventListener<Event|AddContentSecurityPolicyEvent> */
|
||||
class AddContentSecurityPolicyListener implements IEventListener {
|
||||
public function __construct(
|
||||
private IRequest $request,
|
||||
private AppConfig $config,
|
||||
) {
|
||||
}
|
||||
|
||||
public function handle(Event $event): void {
|
||||
if (!$event instanceof AddContentSecurityPolicyEvent) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$this->isPageLoad()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$policy = new EmptyContentSecurityPolicy();
|
||||
$policy->addAllowedFrameDomain("'self'");
|
||||
$policy->addAllowedFrameDomain("nc:");
|
||||
|
||||
foreach ($this->config->getDomainList() as $url) {
|
||||
$policy->addAllowedFrameDomain($url);
|
||||
$policy->addAllowedFormActionDomain($url);
|
||||
$policy->addAllowedFrameAncestorDomain($url);
|
||||
$policy->addAllowedImageDomain($url);
|
||||
}
|
||||
|
||||
$event->addPolicy($policy);
|
||||
}
|
||||
|
||||
private function isPageLoad(): bool {
|
||||
$scriptNameParts = explode('/', $this->request->getScriptName());
|
||||
return end($scriptNameParts) === 'index.php';
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,64 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @author Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Richdocuments\Listener;
|
||||
|
||||
use OCA\Richdocuments\AppConfig;
|
||||
use OCP\AppFramework\Http\FeaturePolicy;
|
||||
use OCP\EventDispatcher\Event;
|
||||
use OCP\EventDispatcher\IEventListener;
|
||||
use OCP\IRequest;
|
||||
use OCP\Security\FeaturePolicy\AddFeaturePolicyEvent;
|
||||
|
||||
/** @template-implements IEventListener<Event|AddFeaturePolicyEvent> */
|
||||
class AddFeaturePolicyListener implements IEventListener {
|
||||
public function __construct(
|
||||
private IRequest $request,
|
||||
private AppConfig $config,
|
||||
) {
|
||||
}
|
||||
|
||||
public function handle(Event $event): void {
|
||||
if (!$event instanceof AddFeaturePolicyEvent) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$this->isPageLoad()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$policy = new FeaturePolicy();
|
||||
|
||||
foreach ($this->config->getDomainList() as $url) {
|
||||
$policy->addAllowedFullScreenDomain($url);
|
||||
}
|
||||
|
||||
$event->addPolicy($policy);
|
||||
}
|
||||
|
||||
private function isPageLoad(): bool {
|
||||
$scriptNameParts = explode('/', $this->request->getScriptName());
|
||||
return end($scriptNameParts) === 'index.php';
|
||||
}
|
||||
}
|
||||
|
|
@ -1,130 +0,0 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @author Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Richdocuments\Listener;
|
||||
|
||||
use OCA\Richdocuments\AppConfig;
|
||||
use OCA\Richdocuments\Service\FederationService;
|
||||
use OCP\App\IAppManager;
|
||||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
|
||||
use OCP\EventDispatcher\Event;
|
||||
use OCP\EventDispatcher\IEventListener;
|
||||
use OCP\GlobalScale\IConfig as GlobalScaleConfig;
|
||||
use OCP\IRequest;
|
||||
use OCP\Security\CSP\AddContentSecurityPolicyEvent;
|
||||
|
||||
/** @template-implements IEventListener<Event|AddContentSecurityPolicyEvent> */
|
||||
class CSPListener implements IEventListener {
|
||||
private IRequest $request;
|
||||
private AppConfig $config;
|
||||
private IAppManager $appManager;
|
||||
private FederationService $federationService;
|
||||
private GlobalScaleConfig $globalScaleConfig;
|
||||
|
||||
public function __construct(IRequest $request, AppConfig $config, IAppManager $appManager, FederationService $federationService, GlobalScaleConfig $globalScaleConfig) {
|
||||
$this->request = $request;
|
||||
$this->config = $config;
|
||||
$this->appManager = $appManager;
|
||||
$this->federationService = $federationService;
|
||||
$this->globalScaleConfig = $globalScaleConfig;
|
||||
}
|
||||
|
||||
public function handle(Event $event): void {
|
||||
if (!$event instanceof AddContentSecurityPolicyEvent) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$this->isPageLoad()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$urls = array_merge(
|
||||
[ $this->domainOnly($this->config->getCollaboraUrlPublic()) ],
|
||||
$this->getFederationDomains(),
|
||||
$this->getGSDomains()
|
||||
);
|
||||
|
||||
$urls = array_filter($urls);
|
||||
|
||||
$policy = new EmptyContentSecurityPolicy();
|
||||
$policy->addAllowedFrameDomain("'self'");
|
||||
$policy->addAllowedFrameDomain("nc:");
|
||||
|
||||
foreach ($urls as $url) {
|
||||
$policy->addAllowedFrameDomain($url);
|
||||
$policy->addAllowedFormActionDomain($url);
|
||||
$policy->addAllowedFrameAncestorDomain($url);
|
||||
$policy->addAllowedImageDomain($url);
|
||||
}
|
||||
|
||||
$event->addPolicy($policy);
|
||||
}
|
||||
|
||||
private function isPageLoad(): bool {
|
||||
$scriptNameParts = explode('/', $this->request->getScriptName());
|
||||
return end($scriptNameParts) === 'index.php';
|
||||
}
|
||||
|
||||
private function getFederationDomains(): array {
|
||||
if (!$this->appManager->isEnabledForUser('federation')) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$trustedNextcloudDomains = array_filter(array_map(function ($server) {
|
||||
return $this->federationService->isTrustedRemote($server) ? $server : null;
|
||||
}, $this->federationService->getTrustedServers()));
|
||||
|
||||
$trustedCollaboraDomains = array_filter(array_map(function ($server) {
|
||||
try {
|
||||
return $this->federationService->getRemoteCollaboraURL($server);
|
||||
} catch (\Exception $e) {
|
||||
// If there is no remote collabora server we can just skip that
|
||||
return null;
|
||||
}
|
||||
}, $trustedNextcloudDomains));
|
||||
|
||||
return array_map(function ($url) {
|
||||
return $this->domainOnly($url);
|
||||
}, array_merge($trustedNextcloudDomains, $trustedCollaboraDomains));
|
||||
}
|
||||
|
||||
private function getGSDomains(): array {
|
||||
if (!$this->globalScaleConfig->isGlobalScaleEnabled()) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return $this->config->getGlobalScaleTrustedHosts();
|
||||
}
|
||||
|
||||
/**
|
||||
* Strips the path and query parameters from the URL.
|
||||
*/
|
||||
private function domainOnly(string $url): string {
|
||||
$parsedUrl = parse_url($url);
|
||||
$scheme = isset($parsedUrl['scheme']) ? $parsedUrl['scheme'] . '://' : '';
|
||||
$host = $parsedUrl['host'] ?? '';
|
||||
$port = isset($parsedUrl['port']) ? ':' . $parsedUrl['port'] : '';
|
||||
return "$scheme$host$port";
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,84 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2023 Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @author Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace OCA\Richdocuments\Listener;
|
||||
|
||||
use OC\Security\FeaturePolicy\FeaturePolicyManager;
|
||||
use OCA\Richdocuments\AppConfig;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\IRequest;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class AddFeaturePolicyListenerTest extends TestCase {
|
||||
private AddFeaturePolicyListener $featurePolicyListener;
|
||||
|
||||
public function setUp(): void {
|
||||
|
||||
$this->request = $this->createMock(IRequest::class);
|
||||
$this->config = $this->createMock(AppConfig::class);
|
||||
parent::setUp();
|
||||
|
||||
$this->featurePolicyListener = new AddFeaturePolicyListener(
|
||||
$this->request,
|
||||
$this->config,
|
||||
);
|
||||
}
|
||||
|
||||
public function testEmpty() {
|
||||
$this->expectPageLoad();
|
||||
$this->config->expects(self::any())
|
||||
->method('getDomainList')
|
||||
->willReturn([]);
|
||||
|
||||
$policy = $this->getMergedPolicy();
|
||||
self::assertEquals(["'self'"], $policy->getFullscreenDomains());
|
||||
}
|
||||
|
||||
public function testDomains() {
|
||||
$this->expectPageLoad();
|
||||
$this->config->expects(self::any())
|
||||
->method('getDomainList')
|
||||
->willReturn(['https://collabora.local']);
|
||||
|
||||
$policy = $this->getMergedPolicy();
|
||||
self::assertEquals(["'self'", 'https://collabora.local'], $policy->getFullscreenDomains());
|
||||
}
|
||||
|
||||
private function getMergedPolicy(): \OC\Security\FeaturePolicy\FeaturePolicy {
|
||||
$eventDispatcher = $this->createMock(IEventDispatcher::class);
|
||||
$eventDispatcher->expects(self::once())
|
||||
->method('dispatchTyped')
|
||||
->willReturnCallback(function ($event) {
|
||||
$this->featurePolicyListener->handle($event);
|
||||
});
|
||||
$manager = new FeaturePolicyManager($eventDispatcher);
|
||||
|
||||
return $manager->getDefaultPolicy();
|
||||
}
|
||||
|
||||
private function expectPageLoad(): void {
|
||||
$this->request->expects(self::once())
|
||||
->method('getScriptName')
|
||||
->willReturn('index.php');
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -24,6 +24,7 @@
|
|||
namespace Tests\Richdocuments;
|
||||
|
||||
use OCA\Richdocuments\AppConfig;
|
||||
use OCP\App\IAppManager;
|
||||
use OCP\IConfig;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
use Test\TestCase;
|
||||
|
|
@ -33,11 +34,13 @@ class AppConfigTest extends TestCase {
|
|||
private $config;
|
||||
/** @var AppConfig */
|
||||
private $appConfig;
|
||||
|
||||
|
||||
public function setUp(): void {
|
||||
parent::setUp();
|
||||
$this->config = $this->createMock(IConfig::class);
|
||||
$this->appConfig = new AppConfig($this->config);
|
||||
$this->appManager = $this->createMock(IAppManager::class);
|
||||
|
||||
$this->appConfig = new AppConfig($this->config, $this->appManager, $this->createMock(\OCP\GlobalScale\IConfig::class));
|
||||
}
|
||||
|
||||
public function testGetAppValueArrayWithValues() {
|
||||
|
|
|
|||
|
|
@ -26,19 +26,23 @@ declare(strict_types=1);
|
|||
|
||||
use OC\Security\CSP\ContentSecurityPolicyManager;
|
||||
use OCA\Richdocuments\AppConfig;
|
||||
use OCA\Richdocuments\Listener\CSPListener;
|
||||
use OCA\Richdocuments\Listener\AddContentSecurityPolicyListener;
|
||||
use OCA\Richdocuments\Service\FederationService;
|
||||
use OCP\App\IAppManager;
|
||||
use OCP\AppFramework\Http\ContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\GlobalScale\IConfig as GlobalScaleConfig;
|
||||
use OCP\IConfig;
|
||||
use OCP\IRequest;
|
||||
use OCP\Security\CSP\AddContentSecurityPolicyEvent;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Test\TestCase;
|
||||
|
||||
class CSPListenerTest extends TestCase {
|
||||
/**
|
||||
* @group DB
|
||||
*/
|
||||
class AddContentSecurityPolicyListenerTest extends TestCase {
|
||||
/** @var IRequest|MockObject */
|
||||
private $request;
|
||||
/** @var AppConfig|MockObject */
|
||||
|
|
@ -49,23 +53,31 @@ class CSPListenerTest extends TestCase {
|
|||
private $gsConfig;
|
||||
/** @var FederationService|MockObject */
|
||||
private $federationService;
|
||||
private CSPListener $listener;
|
||||
private AddContentSecurityPolicyListener $listener;
|
||||
|
||||
public function setUp(): void {
|
||||
parent::setUp();
|
||||
|
||||
$this->request = $this->createMock(IRequest::class);
|
||||
$this->config = $this->createMock(AppConfig::class);
|
||||
$this->appManager = $this->createMock(IAppManager::class);
|
||||
$this->gsConfig = $this->createMock(GlobalScaleConfig::class);
|
||||
$this->federationService = $this->createMock(FederationService::class);
|
||||
|
||||
$this->listener = new CSPListener(
|
||||
$this->overwriteService(FederationService::class, $this->federationService);
|
||||
|
||||
$this->request = $this->createMock(IRequest::class);
|
||||
$this->config = $this->getMockBuilder(AppConfig::class)
|
||||
->setConstructorArgs([
|
||||
$this->createMock(IConfig::class),
|
||||
$this->appManager,
|
||||
$this->gsConfig,
|
||||
])
|
||||
->onlyMethods(['getCollaboraUrlPublic', 'getGlobalScaleTrustedHosts'])
|
||||
->getMock();
|
||||
|
||||
|
||||
$this->listener = new AddContentSecurityPolicyListener(
|
||||
$this->request,
|
||||
$this->config,
|
||||
$this->appManager,
|
||||
$this->federationService,
|
||||
$this->gsConfig
|
||||
);
|
||||
}
|
||||
|
||||
Загрузка…
Ссылка в новой задаче