Skip to content

Commit

Permalink
feat: Implement settings frontend for allowed CORS domains
Browse files Browse the repository at this point in the history
Signed-off-by: Ferdinand Thiessen <[email protected]>
  • Loading branch information
susnux committed Sep 20, 2023
1 parent f4eae2d commit b76825d
Show file tree
Hide file tree
Showing 10 changed files with 395 additions and 10 deletions.
2 changes: 2 additions & 0 deletions apps/settings/appinfo/routes.php
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@
['name' => 'TwoFactorSettings#index', 'url' => '/settings/api/admin/twofactorauth', 'verb' => 'GET' , 'root' => ''],
['name' => 'TwoFactorSettings#update', 'url' => '/settings/api/admin/twofactorauth', 'verb' => 'PUT' , 'root' => ''],
['name' => 'AISettings#update', 'url' => '/settings/api/admin/ai', 'verb' => 'PUT' , 'root' => ''],
['name' => 'CORSSettings#updateUserEnabled', 'url' => '/settings/api/admin/cors/allowusers', 'verb' => 'PUT' , 'root' => ''],
['name' => 'CORSSettings#allowedDomains', 'url' => '/settings/api/admin/cors/domains', 'verb' => 'PUT' , 'root' => ''],

['name' => 'Help#help', 'url' => '/settings/help/{mode}', 'verb' => 'GET', 'defaults' => ['mode' => ''] , 'root' => ''],

Expand Down
1 change: 1 addition & 0 deletions apps/settings/composer/composer/autoload_classmap.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
'OCA\\Settings\\Controller\\AppSettingsController' => $baseDir . '/../lib/Controller/AppSettingsController.php',
'OCA\\Settings\\Controller\\AuthSettingsController' => $baseDir . '/../lib/Controller/AuthSettingsController.php',
'OCA\\Settings\\Controller\\AuthorizedGroupController' => $baseDir . '/../lib/Controller/AuthorizedGroupController.php',
'OCA\\Settings\\Controller\\CORSSettingsController' => $baseDir . '/../lib/Controller/CORSSettingsController.php',
'OCA\\Settings\\Controller\\ChangePasswordController' => $baseDir . '/../lib/Controller/ChangePasswordController.php',
'OCA\\Settings\\Controller\\CheckSetupController' => $baseDir . '/../lib/Controller/CheckSetupController.php',
'OCA\\Settings\\Controller\\CommonSettingsTrait' => $baseDir . '/../lib/Controller/CommonSettingsTrait.php',
Expand Down
1 change: 1 addition & 0 deletions apps/settings/composer/composer/autoload_static.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ class ComposerStaticInitSettings
'OCA\\Settings\\Controller\\AppSettingsController' => __DIR__ . '/..' . '/../lib/Controller/AppSettingsController.php',
'OCA\\Settings\\Controller\\AuthSettingsController' => __DIR__ . '/..' . '/../lib/Controller/AuthSettingsController.php',
'OCA\\Settings\\Controller\\AuthorizedGroupController' => __DIR__ . '/..' . '/../lib/Controller/AuthorizedGroupController.php',
'OCA\\Settings\\Controller\\CORSSettingsController' => __DIR__ . '/..' . '/../lib/Controller/CORSSettingsController.php',
'OCA\\Settings\\Controller\\ChangePasswordController' => __DIR__ . '/..' . '/../lib/Controller/ChangePasswordController.php',
'OCA\\Settings\\Controller\\CheckSetupController' => __DIR__ . '/..' . '/../lib/Controller/CheckSetupController.php',
'OCA\\Settings\\Controller\\CommonSettingsTrait' => __DIR__ . '/..' . '/../lib/Controller/CommonSettingsTrait.php',
Expand Down
88 changes: 88 additions & 0 deletions apps/settings/lib/Controller/CORSSettingsController.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
<?php

declare(strict_types=1);

/**
* @copyright Copyright (c) 2023 Ferdinand Thiessen <opensource@fthiessend.de>
*
* @license AGPL-3.0-or-later
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License
* as published by the Free Software Foundation,
* either version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*/
namespace OCA\Settings\Controller;

use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
use OCP\IConfig;
use OCP\IRequest;
use OCP\Util;

class CORSSettingsController extends Controller {

/**
* @param string $appName
* @param IRequest $request
* @param IConfig $config
*/
public function __construct(
$appName,
IRequest $request,
private IConfig $config,
) {
parent::__construct($appName, $request);
}

/**
* Set whether users can configure their own list of allowed CORS domains
*
* @AuthorizedAdminSetting(settings=OCA\Settings\Settings\Admin\Security)
*
* @param bool $value
* @return DataResponse
*/
public function updateUserEnabled(bool $value) {
if (!is_bool($value)) {
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}

$this->config->setSystemValue('cors.allow-user-domains', $value);

return new DataResponse();
}

/**
* Set list of globally allowed CORS domains
*
* @AuthorizedAdminSetting(settings=OCA\Settings\Settings\Admin\Security)
*
* @param array $value
* @return DataResponse
*/
public function allowedDomains(array $value) {
try {
foreach ($value as $entry) {
if (!is_string($entry) || $entry === '' || Util::getFullDomain($entry) === '') {
return new DataResponse([], HTTP::STATUS_BAD_REQUEST);
}
}
} catch (\InvalidArgumentException $e) {
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}

$this->config->setSystemValue('cors.allowed-domains', $value);

return new DataResponse();
}
}
11 changes: 10 additions & 1 deletion apps/settings/lib/Settings/Admin/Security.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState;
use OCP\Encryption\IManager;
use OCP\IConfig;
use OCP\IUserManager;
use OCP\IURLGenerator;
use OCP\Settings\ISettings;
Expand All @@ -40,17 +41,20 @@ class Security implements ISettings {
private MandatoryTwoFactor $mandatoryTwoFactor;
private IInitialState $initialState;
private IURLGenerator $urlGenerator;
private IConfig $config;

public function __construct(IManager $manager,
IUserManager $userManager,
MandatoryTwoFactor $mandatoryTwoFactor,
IInitialState $initialState,
IURLGenerator $urlGenerator) {
IURLGenerator $urlGenerator,
IConfig $config) {
$this->manager = $manager;
$this->userManager = $userManager;
$this->mandatoryTwoFactor = $mandatoryTwoFactor;
$this->initialState = $initialState;
$this->urlGenerator = $urlGenerator;
$this->config = $config;
}

/**
Expand All @@ -76,6 +80,11 @@ public function getForm(): TemplateResponse {
$this->initialState->provideInitialState('encryption-modules', $encryptionModuleList);
$this->initialState->provideInitialState('encryption-admin-doc', $this->urlGenerator->linkToDocs('admin-encryption'));

$this->initialState->provideInitialState('cors-allowed-domains', $this->config->getSystemValue('cors.allowed-domains', []));
$this->initialState->provideInitialState('cors-allow-user-domains', $this->config->getSystemValue('cors.allow-user-domains', false));
$this->initialState->provideInitialState('cors-settings-admin-docs', $this->urlGenerator->linkToDocs('admin-cors'));


return new TemplateResponse('settings', 'settings/admin/security', [], '');
}

Expand Down
Loading

0 comments on commit b76825d

Please sign in to comment.