New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[stable13] Don't perform CSRF check on OCS routes with Bearer auth #8099

Merged
merged 2 commits into from Feb 28, 2018

Conversation

Projects
None yet
3 participants
@rullzer
Member

rullzer commented Jan 29, 2018

Backport of #7873

@MorrisJobke

⚠️ Please wait until 13.0.0 is out ⚠️

@rullzer

This comment has been minimized.

Member

rullzer commented Feb 6, 2018

Review time! we can merge 13.0.1 stuff!

* @param bool $exception
*/
public function testCsrfOcsController(Controller $controller, $hasOcsApiHeader, $exception) {
public function testCsrfOcsController(Controller $controller, bool $hasOcsApiHeader, bool $hasBearerAuth, bool $exception) {

This comment has been minimized.

@nickvergessen

nickvergessen Feb 7, 2018

Member

No, this breaks because stable13 needs to be testable on 5.6

This comment has been minimized.

@nickvergessen

nickvergessen Feb 7, 2018

Member

Argument 2 passed to Test\AppFramework\Middleware\Security\SecurityMiddlewareTest::testCsrfOcsController() must be an instance of Test\AppFramework\Middleware\Security\bool, boolean given

$this->request
->method('getHeader')
->with('OCS-APIREQUEST')
->willReturn($hasOcsApiHeader ? 'true' : null);
->will(self::returnCallback(function ($header) use ($hasOcsApiHeader, $hasBearerAuth) {

This comment has been minimized.

@nickvergessen

nickvergessen Feb 7, 2018

Member

willReturnMap ? ;)

This comment has been minimized.

@rullzer

rullzer Feb 7, 2018

Member

That doesn't have a default I think

@codecov

This comment has been minimized.

codecov bot commented Feb 7, 2018

Codecov Report

Merging #8099 into stable13 will increase coverage by <.01%.
The diff coverage is 60%.

@@              Coverage Diff               @@
##             stable13    #8099      +/-   ##
==============================================
+ Coverage       51.23%   51.23%   +<.01%     
- Complexity      24990    24991       +1     
==============================================
  Files            1608     1608              
  Lines           95106    95109       +3     
  Branches         1376     1376              
==============================================
+ Hits            48730    48733       +3     
  Misses          46376    46376
Impacted Files Coverage Δ Complexity Δ
...amework/Middleware/Security/SecurityMiddleware.php 78.48% <60%> (-1.79%) 26 <0> (+1)
.../dav/lib/Connector/Sabre/Exception/InvalidPath.php 81.81% <0%> (ø) 3% <0%> (ø) ⬇️
apps/files_trashbin/lib/Trashbin.php 72.53% <0%> (+0.24%) 136% <0%> (ø) ⬇️
lib/private/Files/Cache/Propagator.php 96.2% <0%> (+1.26%) 16% <0%> (ø) ⬇️

rullzer added some commits Jan 15, 2018

Don't perform CSRF check on OCS routes with Bearer auth
Fixes #5694

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Update tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer

This comment has been minimized.

Member

rullzer commented Feb 8, 2018

Relevant tests pass

@rullzer rullzer merged commit 2c6f3c8 into stable13 Feb 28, 2018

1 check failed

continuous-integration/drone/pr the build failed
Details

@rullzer rullzer deleted the 7873_13 branch Feb 28, 2018

@MorrisJobke MorrisJobke referenced this pull request Mar 9, 2018

Merged

13.0.1 RC1 #8748

10 of 10 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment