refactor: Move hasAnnotationOrAttribute to MiddlewareUtils

Signed-off-by: Carl Schwan <[email protected]>

Author: CarlSchwan

build/psalm-baseline.xml

@@ -3324,13 +3324,6 @@
     </DeprecatedMethod>
   </file>
   <file src="core/Middleware/TwoFactorMiddleware.php">
-    <DeprecatedInterface>
-      <code><![CDATA[private]]></code>
-    </DeprecatedInterface>
-    <DeprecatedMethod>
-      <code><![CDATA[hasAnnotation]]></code>
-      <code><![CDATA[hasAnnotation]]></code>
-    </DeprecatedMethod>
     <NoInterfaceProperties>
       <code><![CDATA[$this->request->server]]></code>
     </NoInterfaceProperties>

core/Middleware/TwoFactorMiddleware.php

@@ -11,6 +11,7 @@
 
 use Exception;
 use OC\AppFramework\Http\Attributes\TwoFactorSetUpDoneRequired;
+use OC\AppFramework\Middleware\MiddlewareUtils;
 use OC\Authentication\Exceptions\TwoFactorAuthRequiredException;
 use OC\Authentication\Exceptions\UserAlreadyLoggedInException;
 use OC\Authentication\TwoFactorAuth\Manager;
@@ -22,13 +23,11 @@
 use OCP\AppFramework\Http\Attribute\NoTwoFactorRequired;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Middleware;
-use OCP\AppFramework\Utility\IControllerMethodReflector;
 use OCP\Authentication\TwoFactorAuth\ALoginSetupController;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
 use OCP\IUser;
-use Psr\Log\LoggerInterface;
 use ReflectionMethod;
 
 class TwoFactorMiddleware extends Middleware {
@@ -37,9 +36,8 @@ public function __construct(
 		private Session $userSession,
 		private ISession $session,
 		private IURLGenerator $urlGenerator,
-		private IControllerMethodReflector $reflector,
+		private MiddlewareUtils $middlewareUtils,
 		private IRequest $request,
-		private LoggerInterface $logger,
 	) {
 	}
 
@@ -50,7 +48,7 @@ public function __construct(
 	public function beforeController($controller, $methodName) {
 		$reflectionMethod = new ReflectionMethod($controller, $methodName);
 
-		if ($this->hasAnnotationOrAttribute($reflectionMethod, 'NoTwoFactorRequired', NoTwoFactorRequired::class)) {
+		if ($this->middlewareUtils->hasAnnotationOrAttribute($reflectionMethod, 'NoTwoFactorRequired', NoTwoFactorRequired::class)) {
 			// Route handler explicitly marked to work without finished 2FA are
 			// not blocked
 			return;
@@ -137,26 +135,4 @@ public function afterException($controller, $methodName, Exception $exception) {
 
 		throw $exception;
 	}
-
-
-	/**
-	 * @template T
-	 *
-	 * @param ReflectionMethod $reflectionMethod
-	 * @param ?string $annotationName
-	 * @param class-string<T> $attributeClass
-	 * @return boolean
-	 */
-	protected function hasAnnotationOrAttribute(ReflectionMethod $reflectionMethod, ?string $annotationName, string $attributeClass): bool {
-		if (!empty($reflectionMethod->getAttributes($attributeClass))) {
-			return true;
-		}
-
-		if ($annotationName && $this->reflector->hasAnnotation($annotationName)) {
-			$this->logger->debug($reflectionMethod->getDeclaringClass()->getName() . '::' . $reflectionMethod->getName() . ' uses the @' . $annotationName . ' annotation and should use the #[' . $attributeClass . '] attribute instead');
-			return true;
-		}
-
-		return false;
-	}
 }

lib/composer/composer/LICENSE

@@ -1,3 +1,4 @@
+
 Copyright (c) Nils Adermann, Jordi Boggiano
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -17,3 +18,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
+

lib/composer/composer/autoload_classmap.php

@@ -1064,6 +1064,7 @@
     'OC\\AppFramework\\Middleware\\CompressionMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/CompressionMiddleware.php',
     'OC\\AppFramework\\Middleware\\FlowV2EphemeralSessionsMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php',
     'OC\\AppFramework\\Middleware\\MiddlewareDispatcher' => $baseDir . '/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php',
+    'OC\\AppFramework\\Middleware\\MiddlewareUtils' => $baseDir . '/lib/private/AppFramework/Middleware/MiddlewareUtils.php',
     'OC\\AppFramework\\Middleware\\NotModifiedMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/NotModifiedMiddleware.php',
     'OC\\AppFramework\\Middleware\\OCSMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/OCSMiddleware.php',
     'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => $baseDir . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php',

lib/composer/composer/autoload_static.php

@@ -1105,6 +1105,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\AppFramework\\Middleware\\CompressionMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/CompressionMiddleware.php',
         'OC\\AppFramework\\Middleware\\FlowV2EphemeralSessionsMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php',
         'OC\\AppFramework\\Middleware\\MiddlewareDispatcher' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php',
+        'OC\\AppFramework\\Middleware\\MiddlewareUtils' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/MiddlewareUtils.php',
         'OC\\AppFramework\\Middleware\\NotModifiedMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/NotModifiedMiddleware.php',
         'OC\\AppFramework\\Middleware\\OCSMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/OCSMiddleware.php',
         'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php',

lib/private/AppFramework/DependencyInjection/DIContainer.php

@@ -17,6 +17,7 @@
 use OC\AppFramework\Middleware\CompressionMiddleware;
 use OC\AppFramework\Middleware\FlowV2EphemeralSessionsMiddleware;
 use OC\AppFramework\Middleware\MiddlewareDispatcher;
+use OC\AppFramework\Middleware\MiddlewareUtils;
 use OC\AppFramework\Middleware\NotModifiedMiddleware;
 use OC\AppFramework\Middleware\OCSMiddleware;
 use OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware;
@@ -31,6 +32,7 @@
 use OC\AppFramework\Middleware\Security\SecurityMiddleware;
 use OC\AppFramework\Middleware\SessionMiddleware;
 use OC\AppFramework\ScopedPsrLogger;
+use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\AppFramework\Utility\SimpleContainer;
 use OC\Core\Middleware\TwoFactorMiddleware;
 use OC\Diagnostics\EventLogger;
@@ -44,7 +46,6 @@
 use OCP\AppFramework\QueryException;
 use OCP\AppFramework\Services\IAppConfig;
 use OCP\AppFramework\Services\IInitialState;
-use OCP\AppFramework\Utility\IControllerMethodReflector;
 use OCP\Files\AppData\IAppDataFactory;
 use OCP\Files\Folder;
 use OCP\Files\IAppData;
@@ -155,7 +156,7 @@ public function __construct(string $appName, array $urlParams = [], ?ServerConta
 			return new Dispatcher(
 				$c->get(Http::class),
 				$c->get(MiddlewareDispatcher::class),
-				$c->get(IControllerMethodReflector::class),
+				$c->get(ControllerMethodReflector::class),
 				$c->get(IRequest::class),
 				$c->get(IConfig::class),
 				$c->get(IDBConnection::class),
@@ -193,7 +194,7 @@ public function __construct(string $appName, array $urlParams = [], ?ServerConta
 
 			$securityMiddleware = new SecurityMiddleware(
 				$c->get(IRequest::class),
-				$c->get(IControllerMethodReflector::class),
+				$c->get(MiddlewareUtils::class),
 				$c->get(INavigationManager::class),
 				$c->get(IURLGenerator::class),
 				$c->get(LoggerInterface::class),

lib/private/AppFramework/Http/Dispatcher.php

@@ -26,64 +26,22 @@
  * Class to dispatch the request to the middleware dispatcher
  */
 class Dispatcher {
-	/** @var MiddlewareDispatcher */
-	private $middlewareDispatcher;
-
-	/** @var Http */
-	private $protocol;
-
-	/** @var ControllerMethodReflector */
-	private $reflector;
-
-	/** @var IRequest */
-	private $request;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var ConnectionAdapter */
-	private $connection;
-
-	/** @var LoggerInterface */
-	private $logger;
-
-	/** @var IEventLogger */
-	private $eventLogger;
-
-	private ContainerInterface $appContainer;
-
 	/**
 	 * @param Http $protocol the http protocol with contains all status headers
 	 * @param MiddlewareDispatcher $middlewareDispatcher the dispatcher which
 	 *                                                   runs the middleware
-	 * @param ControllerMethodReflector $reflector the reflector that is used to inject
-	 *                                             the arguments for the controller
-	 * @param IRequest $request the incoming request
-	 * @param IConfig $config
-	 * @param ConnectionAdapter $connection
-	 * @param LoggerInterface $logger
-	 * @param IEventLogger $eventLogger
 	 */
 	public function __construct(
-		Http $protocol,
-		MiddlewareDispatcher $middlewareDispatcher,
-		ControllerMethodReflector $reflector,
-		IRequest $request,
-		IConfig $config,
-		ConnectionAdapter $connection,
-		LoggerInterface $logger,
-		IEventLogger $eventLogger,
-		ContainerInterface $appContainer,
+		private readonly Http $protocol,
+		private readonly MiddlewareDispatcher $middlewareDispatcher,
+		private readonly ControllerMethodReflector $reflector,
+		private readonly IRequest $request,
+		private readonly IConfig $config,
+		private readonly ConnectionAdapter $connection,
+		private readonly LoggerInterface $logger,
+		private readonly IEventLogger $eventLogger,
+		private readonly ContainerInterface $appContainer,
 	) {
-		$this->protocol = $protocol;
-		$this->middlewareDispatcher = $middlewareDispatcher;
-		$this->reflector = $reflector;
-		$this->request = $request;
-		$this->config = $config;
-		$this->connection = $connection;
-		$this->logger = $logger;
-		$this->eventLogger = $eventLogger;
-		$this->appContainer = $appContainer;
 	}
 
 
@@ -92,16 +50,15 @@ public function __construct(
 	 * @param Controller $controller the controller which will be called
 	 * @param string $methodName the method name which will be called on
 	 *                           the controller
-	 * @return array $array[0] contains the http status header as a string,
-	 *               $array[1] contains response headers as an array,
-	 *               $array[2] contains response cookies as an array,
-	 *               $array[3] contains the response output as a string,
-	 *               $array[4] contains the response object
+	 * @return array{0: string, 1: array, 2: array, 3: string, 4: Response}
+	 *     	$array[0] contains the http status header as a string,
+	 *      $array[1] contains response headers as an array,
+	 *      $array[2] contains response cookies as an array,
+	 *      $array[3] contains the response output as a string,
+	 *      $array[4] contains the response object
 	 * @throws \Exception
 	 */
 	public function dispatch(Controller $controller, string $methodName): array {
-		$out = [null, [], null];
-
 		try {
 			// prefill reflector with everything that's needed for the
 			// middlewares
@@ -156,15 +113,15 @@ public function dispatch(Controller $controller, string $methodName): array {
 			$controller, $methodName, $response);
 
 		// depending on the cache object the headers need to be changed
-		$out[0] = $this->protocol->getStatusHeader($response->getStatus());
-		$out[1] = array_merge($response->getHeaders());
-		$out[2] = $response->getCookies();
-		$out[3] = $this->middlewareDispatcher->beforeOutput(
-			$controller, $methodName, $response->render()
-		);
-		$out[4] = $response;
-
-		return $out;
+		return [
+			$this->protocol->getStatusHeader($response->getStatus()),
+			array_merge($response->getHeaders()),
+			$response->getCookies(),
+			$this->middlewareDispatcher->beforeOutput(
+				$controller, $methodName, $response->render()
+			),
+			$response,
+		];
 	}
 
 

lib/private/AppFramework/Middleware/MiddlewareUtils.php

@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH
+ * SPDX-FileContributor: Carl Schwan
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OC\AppFramework\Middleware;
+
+use OC\AppFramework\Utility\ControllerMethodReflector;
+use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
+use Psr\Log\LoggerInterface;
+use ReflectionMethod;
+
+/**
+ * Temporary helper to abstract IControllerMethodReflector and ReflectionMethod
+ */
+class MiddlewareUtils {
+	public function __construct(
+		private readonly ControllerMethodReflector $reflector,
+		private readonly LoggerInterface $logger,
+	) {
+	}
+
+	/**
+	 * @template T
+	 *
+	 * @param ReflectionMethod $reflectionMethod
+	 * @param ?string $annotationName
+	 * @param class-string<T> $attributeClass
+	 * @return boolean
+	 */
+	public function hasAnnotationOrAttribute(ReflectionMethod $reflectionMethod, ?string $annotationName, string $attributeClass): bool {
+		if (!empty($reflectionMethod->getAttributes($attributeClass))) {
+			return true;
+		}
+
+		if ($annotationName && $this->reflector->hasAnnotation($annotationName)) {
+			$this->logger->debug($reflectionMethod->getDeclaringClass()->getName() . '::' . $reflectionMethod->getName() . ' uses the @' . $annotationName . ' annotation and should use the #[' . $attributeClass . '] attribute instead');
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	 * @param ReflectionMethod $reflectionMethod
+	 * @return string[]
+	 */
+	public function getAuthorizedAdminSettingClasses(ReflectionMethod $reflectionMethod): array {
+		$classes = [];
+		if ($this->reflector->hasAnnotation('AuthorizedAdminSetting')) {
+			$classes = explode(';', $this->reflector->getAnnotationParameter('AuthorizedAdminSetting', 'settings'));
+		}
+
+		$attributes = $reflectionMethod->getAttributes(AuthorizedAdminSetting::class);
+		if (!empty($attributes)) {
+			foreach ($attributes as $attribute) {
+				/** @var AuthorizedAdminSetting $setting */
+				$setting = $attribute->newInstance();
+				$classes[] = $setting->getSettings();
+			}
+		}
+
+		return $classes;
+	}
+}