upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 28

Merge pull request #59544 from nextcloud/chore/remove-deprecated-methods

Browse source 
Remove long-time deprecated methods
This commit is contained in:
Carl Schwan 2026-04-14 11:55:24 +02:00 committed by GitHub
commit f0ff73f47c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 3 additions and 464 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/composer/composer/autoload_classmap.php
View file

@ -126,9 +126,6 @@ return array(
'OCP\\AppFramework\\Http\\StandaloneTemplateResponse' => $baseDir . '/lib/public/AppFramework/Http/StandaloneTemplateResponse.php',
'OCP\\AppFramework\\Http\\StreamResponse' => $baseDir . '/lib/public/AppFramework/Http/StreamResponse.php',
'OCP\\AppFramework\\Http\\StreamTraversableResponse' => $baseDir . '/lib/public/AppFramework/Http/StreamTraversableResponse.php',
'OCP\\AppFramework\\Http\\StrictContentSecurityPolicy' => $baseDir . '/lib/public/AppFramework/Http/StrictContentSecurityPolicy.php',
'OCP\\AppFramework\\Http\\StrictEvalContentSecurityPolicy' => $baseDir . '/lib/public/AppFramework/Http/StrictEvalContentSecurityPolicy.php',
'OCP\\AppFramework\\Http\\StrictInlineContentSecurityPolicy' => $baseDir . '/lib/public/AppFramework/Http/StrictInlineContentSecurityPolicy.php',
'OCP\\AppFramework\\Http\\TemplateResponse' => $baseDir . '/lib/public/AppFramework/Http/TemplateResponse.php',
'OCP\\AppFramework\\Http\\Template\\ExternalShareMenuAction' => $baseDir . '/lib/public/AppFramework/Http/Template/ExternalShareMenuAction.php',
'OCP\\AppFramework\\Http\\Template\\IMenuAction' => $baseDir . '/lib/public/AppFramework/Http/Template/IMenuAction.php',

3
lib/composer/composer/autoload_static.php
View file

@ -167,9 +167,6 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
'OCP\\AppFramework\\Http\\StandaloneTemplateResponse' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/StandaloneTemplateResponse.php',
'OCP\\AppFramework\\Http\\StreamResponse' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/StreamResponse.php',
'OCP\\AppFramework\\Http\\StreamTraversableResponse' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/StreamTraversableResponse.php',
'OCP\\AppFramework\\Http\\StrictContentSecurityPolicy' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/StrictContentSecurityPolicy.php',
'OCP\\AppFramework\\Http\\StrictEvalContentSecurityPolicy' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/StrictEvalContentSecurityPolicy.php',
'OCP\\AppFramework\\Http\\StrictInlineContentSecurityPolicy' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/StrictInlineContentSecurityPolicy.php',
'OCP\\AppFramework\\Http\\TemplateResponse' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/TemplateResponse.php',
'OCP\\AppFramework\\Http\\Template\\ExternalShareMenuAction' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Template/ExternalShareMenuAction.php',
'OCP\\AppFramework\\Http\\Template\\IMenuAction' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Template/IMenuAction.php',

5
lib/private/Collaboration/Resources/Manager.php
View file

@ -457,11 +457,6 @@ class Manager implements IManager {
$query->executeStatement();
}
public function registerResourceProvider(string $provider): void {
$this->logger->debug('\OC\Collaboration\Resources\Manager::registerResourceProvider is deprecated', ['provider' => $provider]);
$this->providerManager->registerResourceProvider($provider);
}
/**
* Get the resource type of the provider
*

16
lib/private/Notification/Manager.php
View file

@ -90,22 +90,6 @@ class Manager implements IManager {
}
}
/**
* @param \Closure $service The service must implement INotifier, otherwise a
* \InvalidArgumentException is thrown later
* @param \Closure $info An array with the keys 'id' and 'name' containing
* the app id and the app name
* @deprecated 17.0.0 use registerNotifierService instead.
* @since 8.2.0 - Parameter $info was added in 9.0.0
*/
public function registerNotifier(\Closure $service, \Closure $info): void {
$infoData = $info();
$exception = new \InvalidArgumentException(
'Notifier ' . $infoData['name'] . ' (id: ' . $infoData['id'] . ') is not considered because it is using the old way to register.'
);
$this->logger->error($exception->getMessage(), ['exception' => $exception]);
}
/**
* @param string $notifierService The service must implement INotifier, otherwise a
* \InvalidArgumentException is thrown later

26
lib/private/Security/CSP/ContentSecurityPolicy.php
View file

@ -24,17 +24,6 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
$this->inlineScriptAllowed = $inlineScriptAllowed;
}
public function isEvalScriptAllowed(): bool {
return $this->evalScriptAllowed;
}
/**
* @deprecated 17.0.0 Unsafe eval should not be used anymore.
*/
public function setEvalScriptAllowed(bool $evalScriptAllowed): void {
$this->evalScriptAllowed = $evalScriptAllowed;
}
public function isEvalWasmAllowed(): ?bool {
return $this->evalWasmAllowed;
}
@ -115,21 +104,6 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
$this->allowedFontDomains = $allowedFontDomains;
}
/**
* @deprecated 15.0.0 use FrameDomains and WorkerSrcDomains
*/
public function getAllowedChildSrcDomains(): array {
return $this->allowedChildSrcDomains;
}
/**
* @param array $allowedChildSrcDomains
* @deprecated 15.0.0 use FrameDomains and WorkerSrcDomains
*/
public function setAllowedChildSrcDomains($allowedChildSrcDomains): void {
$this->allowedChildSrcDomains = $allowedChildSrcDomains;
}
public function getAllowedFrameAncestors(): array {
return $this->allowedFrameAncestors;
}

4
lib/public/AppFramework/Http/ContentSecurityPolicy.php
View file

@ -24,8 +24,6 @@ namespace OCP\AppFramework\Http;
class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed */
protected $inlineScriptAllowed = false;
/** @var bool Whether eval in JS scripts is allowed */
protected $evalScriptAllowed = false;
/** @var bool Whether WebAssembly compilation is allowed */
protected ?bool $evalWasmAllowed = false;
/** @var bool Whether strict-dynamic should be set */
@ -69,8 +67,6 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
'\'self\'',
'data:',
];
/** @var array Domains from which web-workers and nested browsing content can load elements */
protected $allowedChildSrcDomains = [];
/** @var array Domains which can embed this Nextcloud instance */
protected $allowedFrameAncestors = [

55
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
View file

@ -24,12 +24,6 @@ class EmptyContentSecurityPolicy {
protected $strictDynamicAllowed = null;
/** @var bool Whether strict-dynamic should be used on script-src-elem */
protected $strictDynamicAllowedOnScripts = null;
/**
* @var bool Whether eval in JS scripts is allowed
* TODO: Disallow per default
* @link https://github.com/owncloud/core/issues/11925
*/
protected $evalScriptAllowed = null;
/** @var bool Whether WebAssembly compilation is allowed */
protected ?bool $evalWasmAllowed = null;
/** @var array Domains from which scripts can get loaded */
@ -54,8 +48,6 @@ class EmptyContentSecurityPolicy {
protected $allowedFrameDomains = null;
/** @var array Domains from which fonts can be loaded */
protected $allowedFontDomains = null;
/** @var array Domains from which web-workers and nested browsing content can load elements */
protected $allowedChildSrcDomains = null;
/** @var array Domains which can embed this Nextcloud instance */
protected $allowedFrameAncestors = null;
/** @var array Domains from which web-workers can be loaded */
@ -101,18 +93,6 @@ class EmptyContentSecurityPolicy {
return $this;
}
/**
* Whether eval in JavaScript is allowed or forbidden
* @param bool $state
* @return $this
* @since 8.1.0
* @deprecated 17.0.0 Eval should not be used anymore. Please update your scripts. This function will stop functioning in a future version of Nextcloud.
*/
public function allowEvalScript($state = true) {
$this->evalScriptAllowed = $state;
return $this;
}
/**
* Whether WebAssembly compilation is allowed or forbidden
* @param bool $state
@ -323,31 +303,6 @@ class EmptyContentSecurityPolicy {
return $this;
}
/**
* Domains from which web-workers and nested browsing content can load elements
* @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
* @return $this
* @since 8.1.0
* @deprecated 15.0.0 use addAllowedWorkerSrcDomains or addAllowedFrameDomain
*/
public function addAllowedChildSrcDomain($domain) {
$this->allowedChildSrcDomains[] = $domain;
return $this;
}
/**
* Remove the specified allowed child src domain from the allowed domains.
*
* @param string $domain
* @return $this
* @since 8.1.0
* @deprecated 15.0.0 use the WorkerSrcDomains or FrameDomain
*/
public function disallowChildSrcDomain($domain) {
$this->allowedChildSrcDomains = array_diff($this->allowedChildSrcDomains, [$domain]);
return $this;
}
/**
* Domains which can embed an iFrame of the Nextcloud instance
*
@ -441,7 +396,7 @@ class EmptyContentSecurityPolicy {
$policy .= "base-uri 'none';";
$policy .= "manifest-src 'self';";
if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed || is_string($this->jsNonce)) {
if (!empty($this->allowedScriptDomains) || $this->evalWasmAllowed || is_string($this->jsNonce)) {
$policy .= 'script-src ';
$scriptSrc = '';
if (is_string($this->jsNonce)) {
@ -459,9 +414,6 @@ class EmptyContentSecurityPolicy {
if (is_array($this->allowedScriptDomains)) {
$scriptSrc .= implode(' ', $this->allowedScriptDomains);
}
if ($this->evalScriptAllowed) {
$scriptSrc .= ' \'unsafe-eval\'';
}
if ($this->evalWasmAllowed) {
$scriptSrc .= ' \'wasm-unsafe-eval\'';
}
@ -517,11 +469,6 @@ class EmptyContentSecurityPolicy {
$policy .= ';';
}
if (!empty($this->allowedChildSrcDomains)) {
$policy .= 'child-src ' . implode(' ', $this->allowedChildSrcDomains);
$policy .= ';';
}
if (!empty($this->allowedFrameAncestors)) {
$policy .= 'frame-ancestors ' . implode(' ', $this->allowedFrameAncestors);
$policy .= ';';

70
lib/public/AppFramework/Http/StrictContentSecurityPolicy.php
View file

@ -1,70 +0,0 @@
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCP\AppFramework\Http;
/**
* Class StrictContentSecurityPolicy is a simple helper which allows applications to
* modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,
* stylesheets, images, fonts, media and connections from the same domain
* ('self') are allowed.
*
* Even if a value gets modified above defaults will still get appended. Please
* note that Nextcloud ships already with sensible defaults and those policies
* should require no modification at all for most use-cases.
*
* This class represents out strictest defaults. They may get change from release
* to release if more strict CSP directives become available.
*
* @since 14.0.0
* @deprecated 17.0.0
*/
class StrictContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed */
protected $inlineScriptAllowed = false;
/** @var bool Whether eval in JS scripts is allowed */
protected $evalScriptAllowed = false;
/** @var bool Whether WebAssembly compilation is allowed */
protected ?bool $evalWasmAllowed = false;
/** @var array Domains from which scripts can get loaded */
protected $allowedScriptDomains = [
'\'self\'',
];
/** @var bool Whether inline CSS is allowed */
protected $inlineStyleAllowed = false;
/** @var array Domains from which CSS can get loaded */
protected $allowedStyleDomains = [
'\'self\'',
];
/** @var array Domains from which images can get loaded */
protected $allowedImageDomains = [
'\'self\'',
'data:',
'blob:',
];
/** @var array Domains to which connections can be done */
protected $allowedConnectDomains = [
'\'self\'',
];
/** @var array Domains from which media elements can be loaded */
protected $allowedMediaDomains = [
'\'self\'',
];
/** @var array Domains from which object elements can be loaded */
protected $allowedObjectDomains = [];
/** @var array Domains from which iframes can be loaded */
protected $allowedFrameDomains = [];
/** @var array Domains from which fonts can be loaded */
protected $allowedFontDomains = [
'\'self\'',
];
/** @var array Domains from which web-workers and nested browsing content can load elements */
protected $allowedChildSrcDomains = [];
/** @var array Domains which can embed this Nextcloud instance */
protected $allowedFrameAncestors = [];
}

33
lib/public/AppFramework/Http/StrictEvalContentSecurityPolicy.php
View file

@ -1,33 +0,0 @@
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCP\AppFramework\Http;
/**
* Class StrictEvalContentSecurityPolicy is a simple helper which allows applications to
* modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,
* stylesheets, images, fonts, media and connections from the same domain
* ('self') are allowed.
*
* Even if a value gets modified above defaults will still get appended. Please
* note that Nextcloud ships already with sensible defaults and those policies
* should require no modification at all for most use-cases.
*
* This is a temp helper class from the default ContentSecurityPolicy to allow slow
* migration to a stricter CSP. This does not allow unsafe eval.
*
* @since 14.0.0
* @deprecated 17.0.0
*/
class StrictEvalContentSecurityPolicy extends ContentSecurityPolicy {
/**
* @since 14.0.0
*/
public function __construct() {
$this->evalScriptAllowed = false;
}
}

33
lib/public/AppFramework/Http/StrictInlineContentSecurityPolicy.php
View file

@ -1,33 +0,0 @@
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCP\AppFramework\Http;
/**
* Class StrictInlineContentSecurityPolicy is a simple helper which allows applications to
* modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,
* stylesheets, images, fonts, media and connections from the same domain
* ('self') are allowed.
*
* Even if a value gets modified above defaults will still get appended. Please
* note that Nextcloud ships already with sensible defaults and those policies
* should require no modification at all for most use-cases.
*
* This is a temp helper class from the default ContentSecurityPolicy to allow slow
* migration to a stricter CSP. This does not allow inline styles.
*
* @since 14.0.0
* @deprecated 17.0.0
*/
class StrictInlineContentSecurityPolicy extends ContentSecurityPolicy {
/**
* @since 14.0.0
*/
public function __construct() {
$this->inlineStyleAllowed = false;
}
}

7
lib/public/Collaboration/Resources/IManager.php
View file

@ -97,11 +97,4 @@ interface IManager extends IProvider {
* @since 16.0.0
*/
public function getResourceForUser(string $type, string $id, ?IUser $user): IResource;
/**
* @param string $provider
* @since 16.0.0
* @deprecated 18.0.0 Use IProviderManager::registerResourceProvider instead
*/
public function registerResourceProvider(string $provider): void;
}

10
lib/public/Notification/IManager.php
View file

@ -19,16 +19,6 @@ interface IManager extends IApp, IPreloadableNotifier {
*/
public function registerApp(string $appClass): void;
/**
* @param \Closure $service The service must implement INotifier, otherwise a
* \InvalidArgumentException is thrown later
* @param \Closure $info An array with the keys 'id' and 'name' containing
* the app id and the app name
* @deprecated 17.0.0 use registerNotifierService instead.
* @since 8.2.0 - Parameter $info was added in 9.0.0
*/
public function registerNotifier(\Closure $service, \Closure $info);
/**
* @param string $notifierService The service must implement INotifier, otherwise a
* \InvalidArgumentException is thrown later

25
lib/public/Util.php
View file

@ -468,31 +468,6 @@ class Util {
return $ret;
}
/**
* performs a search in a nested array
*
* @param array $haystack the array to be searched
* @param string $needle the search string
* @param mixed $index optional, only search this key name
* @return mixed the key of the matching field, otherwise false
* @since 4.5.0
* @deprecated 15.0.0
*/
public static function recursiveArraySearch($haystack, $needle, $index = null) {
$aIt = new \RecursiveArrayIterator($haystack);
$it = new \RecursiveIteratorIterator($aIt);
while ($it->valid()) {
if (((isset($index) && ($it->key() == $index)) || !isset($index)) && ($it->current() == $needle)) {
return $aIt->key();
}
$it->next();
}
return false;
}
/**
* calculates the maximum upload size respecting system settings, free space and user quota
*

57
tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php
View file

@ -72,7 +72,6 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
public function testGetPolicyScriptDisallowEval(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->allowEvalScript(false);
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
@ -370,47 +369,6 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetAllowedChildSrcDomain(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src child.nextcloud.com;frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyChildSrcValidMultiple(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src child.nextcloud.com child.nextcloud.org;frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com');
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.org');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyDisallowChildSrcDomain(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyDisallowChildSrcDomainMultiple(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src www.nextcloud.com;frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyDisallowChildSrcDomainMultipleStakes(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org')->disallowChildSrcDomain('www.nextcloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetAllowedFrameAncestorDomain(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self' sub.nextcloud.com;form-action 'self'";
@ -442,21 +400,6 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyDisallowFrameAncestorDomainMultipleStakes(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org')->disallowChildSrcDomain('www.nextcloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyUnsafeEval(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
$this->contentSecurityPolicy->allowEvalScript(true);
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyUnsafeWasmEval(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'wasm-unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";

46
tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
View file

@ -68,13 +68,6 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyScriptAllowEval(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-eval';frame-ancestors 'none'";
$this->contentSecurityPolicy->allowEvalScript(true);
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyScriptAllowWasmEval(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'wasm-unsafe-eval';frame-ancestors 'none'";
@ -377,45 +370,6 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetAllowedChildSrcDomain(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.nextcloud.com;frame-ancestors 'none'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyChildSrcValidMultiple(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.nextcloud.com child.nextcloud.org;frame-ancestors 'none'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com');
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.org');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyDisallowChildSrcDomain(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyDisallowChildSrcDomainMultiple(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src www.nextcloud.com;frame-ancestors 'none'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyDisallowChildSrcDomainMultipleStakes(): void {
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org')->disallowChildSrcDomain('www.nextcloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
public function testGetPolicyWithJsNonceAndScriptDomains(): void {
$nonce = base64_encode('MyJsNonce');
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-$nonce' www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'";

46
tests/lib/Collaboration/Resources/ManagerTest.php
View file

@ -1,46 +0,0 @@
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace Test\Collaboration\Resources;
use OC\Collaboration\Resources\Manager;
use OCP\Collaboration\Resources\IManager;
use OCP\Collaboration\Resources\IProviderManager;
use OCP\IDBConnection;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\Log\LoggerInterface;
use Test\TestCase;
class ManagerTest extends TestCase {
protected LoggerInterface&MockObject $logger;
protected IProviderManager&MockObject $providerManager;
protected IManager $manager;
protected function setUp(): void {
parent::setUp();
$this->logger = $this->createMock(LoggerInterface::class);
$this->providerManager = $this->createMock(IProviderManager::class);
/** @var IDBConnection $connection */
$connection = $this->createMock(IDBConnection::class);
$this->manager = new Manager($connection, $this->providerManager, $this->logger);
}
public function testRegisterResourceProvider(): void {
$this->logger->expects($this->once())
->method('debug')
->with($this->equalTo('\OC\Collaboration\Resources\Manager::registerResourceProvider is deprecated'), $this->equalTo(['provider' => 'AwesomeResourceProvider']));
$this->providerManager->expects($this->once())
->method('registerResourceProvider')
->with($this->equalTo('AwesomeResourceProvider'));
$this->manager->registerResourceProvider('AwesomeResourceProvider');
}
}

13
tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php
View file

@ -44,24 +44,20 @@ class ContentSecurityPolicyManagerTest extends TestCase {
$policy = new ContentSecurityPolicy();
$policy->addAllowedFontDomain('example.com');
$policy->addAllowedImageDomain('example.org');
$policy->allowEvalScript(true);
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$policy = new EmptyContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('childdomain');
$policy->addAllowedFontDomain('anotherFontDomain');
$policy->addAllowedFormActionDomain('thirdDomain');
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$expected = new \OC\Security\CSP\ContentSecurityPolicy();
$expected->allowEvalScript(true);
$expected->addAllowedFontDomain('mydomain.com');
$expected->addAllowedFontDomain('example.com');
$expected->addAllowedFontDomain('anotherFontDomain');
$expected->addAllowedFormActionDomain('thirdDomain');
$expected->addAllowedImageDomain('anotherdomain.de');
$expected->addAllowedImageDomain('example.org');
$expected->addAllowedChildSrcDomain('childdomain');
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain;frame-ancestors 'self';form-action 'self' thirdDomain";
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self' thirdDomain";
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());
@ -73,7 +69,6 @@ class ContentSecurityPolicyManagerTest extends TestCase {
$policy->addAllowedFontDomain('mydomain.com');
$policy->addAllowedImageDomain('anotherdomain.de');
$policy->useStrictDynamic(true);
$policy->allowEvalScript(true);
$e->addPolicy($policy);
});
@ -82,29 +77,25 @@ class ContentSecurityPolicyManagerTest extends TestCase {
$policy = new ContentSecurityPolicy();
$policy->addAllowedFontDomain('example.com');
$policy->addAllowedImageDomain('example.org');
$policy->allowEvalScript(false);
$e->addPolicy($policy);
});
$this->dispatcher->addListener(AddContentSecurityPolicyEvent::class, function (AddContentSecurityPolicyEvent $e): void {
$policy = new EmptyContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('childdomain');
$policy->addAllowedFontDomain('anotherFontDomain');
$policy->addAllowedFormActionDomain('thirdDomain');
$e->addPolicy($policy);
});
$expected = new \OC\Security\CSP\ContentSecurityPolicy();
$expected->allowEvalScript(true);
$expected->addAllowedFontDomain('mydomain.com');
$expected->addAllowedFontDomain('example.com');
$expected->addAllowedFontDomain('anotherFontDomain');
$expected->addAllowedImageDomain('anotherdomain.de');
$expected->addAllowedImageDomain('example.org');
$expected->addAllowedChildSrcDomain('childdomain');
$expected->addAllowedFormActionDomain('thirdDomain');
$expected->useStrictDynamic(true);
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain;frame-ancestors 'self';form-action 'self' thirdDomain";
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self' thirdDomain";
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());

15
tests/lib/UtilTest.php
View file

@ -401,19 +401,4 @@ class UtilTest extends \Test\TestCase {
$expected = $arrayResult;
$this->assertEquals($result, $expected);
}
public function testRecursiveArraySearch(): void {
$haystack = [
'Foo' => 'own',
'Bar' => 'Cloud',
];
$result = Util::recursiveArraySearch($haystack, 'own');
$expected = 'Foo';
$this->assertEquals($result, $expected);
$result = Util::recursiveArraySearch($haystack, 'NotFound');
$this->assertFalse($result);
}
}