Commit 0a6e09a6 authored by VicDeo's avatar VicDeo Committed by Thomas Müller
Browse files

Allow one more origin. Log the reason of occ controller failure (#26031)

* Log the reason of occ controller failure

* Allow requests from SERVER_ADDR
parent fd370425
......@@ -26,6 +26,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OC\Console\Application;
use OCP\IConfig;
use OCP\IRequest;
use OCP\ILogger;
use Symfony\Component\Console\Input\ArrayInput;
use Symfony\Component\Console\Output\BufferedOutput;
......@@ -48,6 +49,8 @@ class OccController extends Controller {
private $config;
/** @var Application */
private $console;
/** @var ILogger */
private $logger;
/**
* OccController constructor.
......@@ -56,12 +59,14 @@ class OccController extends Controller {
* @param IRequest $request
* @param IConfig $config
* @param Application $console
* @param ILogger $logger
*/
public function __construct($appName, IRequest $request,
IConfig $config, Application $console) {
IConfig $config, Application $console, ILogger $logger) {
parent::__construct($appName, $request);
$this->config = $config;
$this->console = $console;
$this->logger = $logger;
}
/**
......@@ -108,6 +113,13 @@ class OccController extends Controller {
];
} catch (\UnexpectedValueException $e){
$this->logger->warning(
'Invalid request to occ controller. Details: "{details}"',
[
'app' => 'core',
'details' => $e->getMessage()
]
);
$json = [
'exitCode' => 126,
'response' => 'Not allowed',
......@@ -123,8 +135,13 @@ class OccController extends Controller {
* @param $token
*/
protected function validateRequest($command, $token){
if (!in_array($this->request->getRemoteAddress(), ['::1', '127.0.0.1', 'localhost'])) {
throw new \UnexpectedValueException('Web executor is not allowed to run from a different host');
$allowedHosts = ['::1', '127.0.0.1', 'localhost'];
if (isset($this->request->server['SERVER_ADDR'])){
array_push($allowedHosts, $this->request->server['SERVER_ADDR']);
}
if (!in_array($this->request->getRemoteAddress(), $allowedHosts)) {
throw new \UnexpectedValueException('Web executor is not allowed to run from a host ' . $this->request->getRemoteAddress());
}
if (!in_array($command, $this->allowedCommands)) {
......
......@@ -46,7 +46,8 @@ class OccControllerTest extends TestCase {
private $console;
public function testFromInvalidLocation(){
$this->getControllerMock('example.org');
$fakeHost = 'example.org';
$this->getControllerMock($fakeHost);
$response = $this->controller->execute('status', '');
$responseData = $response->getData();
......@@ -55,7 +56,7 @@ class OccControllerTest extends TestCase {
$this->assertEquals(126, $responseData['exitCode']);
$this->assertArrayHasKey('details', $responseData);
$this->assertEquals('Web executor is not allowed to run from a different host', $responseData['details']);
$this->assertEquals('Web executor is not allowed to run from a host ' . $fakeHost, $responseData['details']);
}
public function testNotWhiteListedCommand(){
......@@ -136,7 +137,10 @@ class OccControllerTest extends TestCase {
'core',
$this->request,
$this->config,
$this->console
$this->console,
$this->getMockBuilder('\OCP\ILogger')
->disableOriginalConstructor()
->getMock()
);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment