From 92f3f7e2d28246c334bf6af751adc90d7d607349 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Fri, 30 Aug 2024 23:58:56 +0200 Subject: [PATCH] chore: Remove unused `CsrfTokenManager` from `CSPMiddleware` Signed-off-by: Ferdinand Thiessen --- .../DependencyInjection/DIContainer.php | 1 - .../Middleware/Security/CSPMiddleware.php | 21 ++++++------------- .../Middleware/Security/CSPMiddlewareTest.php | 5 ----- 3 files changed, 6 insertions(+), 21 deletions(-) diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index b11dec93426..a96e050c0e6 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -242,7 +242,6 @@ class DIContainer extends SimpleContainer implements IAppContainer { new OC\AppFramework\Middleware\Security\CSPMiddleware( $server->query(OC\Security\CSP\ContentSecurityPolicyManager::class), $server->query(OC\Security\CSP\ContentSecurityPolicyNonceManager::class), - $server->query(OC\Security\CSRF\CsrfTokenManager::class) ) ); $dispatcher->registerMiddleware( diff --git a/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php b/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php index 32e9b04cd1e..e88c9563c00 100644 --- a/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php @@ -10,7 +10,6 @@ namespace OC\AppFramework\Middleware\Security; use OC\Security\CSP\ContentSecurityPolicyManager; use OC\Security\CSP\ContentSecurityPolicyNonceManager; -use OC\Security\CSRF\CsrfTokenManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\EmptyContentSecurityPolicy; @@ -18,19 +17,11 @@ use OCP\AppFramework\Http\Response; use OCP\AppFramework\Middleware; class CSPMiddleware extends Middleware { - /** @var ContentSecurityPolicyManager */ - private $contentSecurityPolicyManager; - /** @var ContentSecurityPolicyNonceManager */ - private $cspNonceManager; - /** @var CsrfTokenManager */ - private $csrfTokenManager; - public function __construct(ContentSecurityPolicyManager $policyManager, - ContentSecurityPolicyNonceManager $cspNonceManager, - CsrfTokenManager $csrfTokenManager) { - $this->contentSecurityPolicyManager = $policyManager; - $this->cspNonceManager = $cspNonceManager; - $this->csrfTokenManager = $csrfTokenManager; + public function __construct( + private ContentSecurityPolicyManager $policyManager, + private ContentSecurityPolicyNonceManager $cspNonceManager, + ) { } /** @@ -49,8 +40,8 @@ class CSPMiddleware extends Middleware { return $response; } - $defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy(); - $defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy); + $defaultPolicy = $this->policyManager->getDefaultPolicy(); + $defaultPolicy = $this->policyManager->mergePolicies($defaultPolicy, $policy); if ($this->cspNonceManager->browserSupportsCspV3()) { $defaultPolicy->useJsNonce($this->cspNonceManager->getNonce()); diff --git a/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php index 63981d72b54..dd6ee9531b2 100644 --- a/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php @@ -12,7 +12,6 @@ use OC\AppFramework\Middleware\Security\CSPMiddleware; use OC\Security\CSP\ContentSecurityPolicy; use OC\Security\CSP\ContentSecurityPolicyManager; use OC\Security\CSP\ContentSecurityPolicyNonceManager; -use OC\Security\CSRF\CsrfTokenManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\EmptyContentSecurityPolicy; use OCP\AppFramework\Http\Response; @@ -25,8 +24,6 @@ class CSPMiddlewareTest extends \Test\TestCase { private $controller; /** @var ContentSecurityPolicyManager&MockObject */ private $contentSecurityPolicyManager; - /** @var CsrfTokenManager&MockObject */ - private $csrfTokenManager; /** @var ContentSecurityPolicyNonceManager&MockObject */ private $cspNonceManager; @@ -35,12 +32,10 @@ class CSPMiddlewareTest extends \Test\TestCase { $this->controller = $this->createMock(Controller::class); $this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class); - $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); $this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class); $this->middleware = new CSPMiddleware( $this->contentSecurityPolicyManager, $this->cspNonceManager, - $this->csrfTokenManager ); }