refactor: Port more stuff to IAppConfig

Signed-off-by: Carl Schwan <[email protected]>

Author: CarlSchwan

lib/AppInfo/Application.php

@@ -26,6 +26,7 @@
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\AppFramework\Http\Events\BeforeTemplateRenderedEvent;
+use OCP\AppFramework\Services\IAppConfig;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IConfig;
 use OCP\IDBConnection;
@@ -55,7 +56,7 @@ public function register(IRegistrationContext $context): void {
 		$context->registerEventListener(SabrePluginAddEvent::class, SabrePluginEventListener::class);
 		$context->registerService(DavPlugin::class, fn (ContainerInterface $c) => new DavPlugin(
 			$c->get(ISession::class),
-			$c->get(IConfig::class),
+			$c->get(IAppConfig::class),
 			$_SERVER,
 			$c->get(SAMLSettings::class)
 		));

lib/Controller/SAMLController.php

@@ -22,6 +22,11 @@
 use OCA\User_SAML\UserResolver;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
+use OCP\AppFramework\Http\Attribute\UseSession;
+use OCP\AppFramework\Services\IAppConfig;
 use OCP\IConfig;
 use OCP\IL10N;
 use OCP\IRequest;
@@ -50,6 +55,7 @@ public function __construct(
 		private SAMLSettings $samlSettings,
 		private UserBackend $userBackend,
 		private IConfig $config,
+		private IAppConfig $appConfig,
 		private IURLGenerator $urlGenerator,
 		private LoggerInterface $logger,
 		private IL10N $l,
@@ -137,20 +143,19 @@ protected function assertGroupMemberships(): void {
 	}
 
 	/**
-	 * @PublicPage
-	 * @UseSession
 	 * @OnlyUnauthenticatedUsers
-	 * @NoCSRFRequired
-	 *
 	 * @throws Exception
 	 */
+	#[PublicPage]
+	#[UseSession]
+	#[NoCSRFRequired]
 	public function login(int $idp = 1): Http\RedirectResponse|Http\TemplateResponse {
 		$originalUrl = (string)$this->request->getParam('originalUrl', '');
 		if (!$this->trustedDomainHelper->isTrustedUrl($originalUrl)) {
 			$originalUrl = '';
 		}
 
-		$type = $this->config->getAppValue($this->appName, 'type');
+		$type = $this->appConfig->getAppValueString('type');
 		switch ($type) {
 			case 'saml':
 				$settings = $this->samlSettings->getOneLoginSettingsArray($idp);
@@ -273,10 +278,10 @@ public function login(int $idp = 1): Http\RedirectResponse|Http\TemplateResponse
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
 	 * @throws Error
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function getMetadata(int $idp = 1): Http\DataDownloadResponse {
 		$settings = new Settings($this->samlSettings->getOneLoginSettingsArray($idp));
 		$metadata = $settings->getSPMetadata();
@@ -292,16 +297,16 @@ public function getMetadata(int $idp = 1): Http\DataDownloadResponse {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
 	 * @OnlyUnauthenticatedUsers
 	 * @NoSameSiteCookieRequired
 	 *
 	 * @return Http\RedirectResponse
 	 * @throws Error
 	 * @throws ValidationError
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[UseSession]
 	public function assertionConsumerService(): Http\RedirectResponse {
 		// Fetch and decrypt the cookie
 		$cookie = $this->request->getCookie('saml_data');
@@ -423,12 +428,12 @@ public function assertionConsumerService(): Http\RedirectResponse {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
 	 * @throws Error
 	 */
+	#[PublicPage]
+	#[NoAdminRequired]
+	#[UseSession]
+	#[NoCSRFRequired]
 	public function singleLogoutService(): Http\RedirectResponse {
 		$isFromGS = ($this->config->getSystemValueBool('gs.enabled', false)
 					 && $this->config->getSystemValueString('gss.mode', '') === 'master');
@@ -506,7 +511,7 @@ public function singleLogoutService(): Http\RedirectResponse {
 	}
 
 	/**
-	 * @returns [?string, ?Auth]
+	 * @return array{0: ?string, 1: ?Auth}
 	 */
 	private function tryProcessSLOResponse(?int $idp): array {
 		$idps = ($idp !== null) ? [$idp] : array_keys($this->samlSettings->getListOfIdps());
@@ -532,28 +537,28 @@ private function tryProcessSLOResponse(?int $idp): array {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
 	 * @OnlyUnauthenticatedUsers
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function notProvisioned(): Http\TemplateResponse {
 		return new Http\TemplateResponse($this->appName, 'notProvisioned', [], 'guest');
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
 	 * @OnlyUnauthenticatedUsers
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function notPermitted(): Http\TemplateResponse {
 		return new Http\TemplateResponse($this->appName, 'notPermitted', [], 'guest');
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
 	 * @OnlyUnauthenticatedUsers
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function genericError(string $message): Http\TemplateResponse {
 		if (empty($message)) {
 			$message = $this->l->t('Unknown error, please check the log file for more details.');
@@ -562,17 +567,17 @@ public function genericError(string $message): Http\TemplateResponse {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
 	 * @OnlyUnauthenticatedUsers
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function selectUserBackEnd(string $redirectUrl = ''): Http\TemplateResponse {
 		$attributes = ['loginUrls' => []];
 
 		if ($this->samlSettings->allowMultipleUserBackEnds()) {
 			$displayName = $this->l->t('Direct log in');
 
-			$customDisplayName = $this->config->getAppValue('user_saml', 'directLoginName', '');
+			$customDisplayName = $this->appConfig->getAppValueString('directLoginName');
 			if ($customDisplayName !== '') {
 				$displayName = $customDisplayName;
 			}
@@ -584,10 +589,8 @@ public function selectUserBackEnd(string $redirectUrl = ''): Http\TemplateRespon
 		}
 
 		$attributes['loginUrls']['ssoLogin'] = $this->getIdps($redirectUrl);
-
 		$attributes['useCombobox'] = count($attributes['loginUrls']['ssoLogin']) > 4;
 
-
 		return new Http\TemplateResponse($this->appName, 'selectUserBackEnd', $attributes, 'guest');
 	}
 
@@ -651,17 +654,14 @@ protected function getSSODisplayName(?string $displayName): string {
 	 * get Nextcloud login URL
 	 */
 	private function getDirectLoginUrl(string $redirectUrl): string {
-		$directUrl = $this->urlGenerator->linkToRouteAbsolute('core.login.tryLogin', [
+		return $this->urlGenerator->linkToRouteAbsolute('core.login.tryLogin', [
 			'direct' => '1',
 			'redirect_url' => $redirectUrl,
 		]);
-		return $directUrl;
 	}
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function base(): Http\TemplateResponse {
 		$message = $this->l->t('This page should not be visited directly.');
 		return new Http\TemplateResponse($this->appName, 'error', ['message' => $message], 'guest');

lib/DavPlugin.php

@@ -8,7 +8,7 @@
 namespace OCA\User_SAML;
 
 use OCA\DAV\Connector\Sabre\Auth;
-use OCP\IConfig;
+use OCP\AppFramework\Services\IAppConfig;
 use OCP\ISession;
 use Sabre\DAV\Server;
 use Sabre\DAV\ServerPlugin;
@@ -21,21 +21,21 @@ class DavPlugin extends ServerPlugin {
 
 	public function __construct(
 		private readonly ISession $session,
-		private readonly IConfig $config,
+		private readonly IAppConfig $config,
 		private array $auth,
 		private readonly SAMLSettings $samlSettings,
 	) {
 	}
 
-	public function initialize(Server $server) {
+	public function initialize(Server $server): void {
 		// before auth
 		$server->on('beforeMethod:*', $this->beforeMethod(...), 9);
 		$this->server = $server;
 	}
 
-	public function beforeMethod(RequestInterface $request, ResponseInterface $response) {
+	public function beforeMethod(RequestInterface $request, ResponseInterface $response): void {
 		if (
-			$this->config->getAppValue('user_saml', 'type') === 'environment-variable'
+			$this->config->getAppValueString('type') === 'environment-variable'
 			&& !$this->session->exists('user_saml.samlUserData')
 		) {
 			$uidMapping = $this->samlSettings->get(1)['general-uid_mapping'];

lib/Listener/LoadAdditionalScriptsListener.php

@@ -10,9 +10,9 @@
 namespace OCA\User_SAML\Listener;
 
 use OCP\AppFramework\Http\Events\BeforeTemplateRenderedEvent;
+use OCP\Config\IUserConfig;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
-use OCP\IConfig;
 use OCP\ISession;
 use OCP\IUserSession;
 use OCP\Util;
@@ -22,7 +22,7 @@ class LoadAdditionalScriptsListener implements IEventListener {
 	public function __construct(
 		private readonly ISession $session,
 		private readonly IUserSession $userSession,
-		private readonly IConfig $config,
+		private readonly IUserConfig $userConfig,
 	) {
 	}
 
@@ -39,7 +39,7 @@ public function handle(Event $event): void {
 		if ($user === null) {
 			return; // already checked by $event->isLoggedIn above
 		}
-		$timezoneDB = $this->config->getUserValue($user->getUID(), 'core', 'timezone', '');
+		$timezoneDB = $this->userConfig->getValueString($user->getUID(), 'core', 'timezone');
 
 		if ($timezoneDB === '' || !$this->session->exists('timezone')) {
 			Util::addScript('user_saml', 'vendor/jstz.min');

lib/Listener/SabrePluginEventListener.php

@@ -11,16 +11,30 @@
 
 use OCA\DAV\Events\SabrePluginAddEvent;
 use OCA\User_SAML\DavPlugin;
+use OCA\User_SAML\SAMLSettings;
+use OCP\AppFramework\Services\IAppConfig;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
-use OCP\Server;
+use OCP\ISession;
 
 /** @template-implements IEventListener<SabrePluginAddEvent|Event> */
 class SabrePluginEventListener implements IEventListener {
+	public function __construct(
+		private readonly ISession $session,
+		private readonly IAppConfig $appConfig,
+		private readonly SAMLSettings $settings,
+	) {
+	}
+
 	public function handle(Event $event): void {
 		if (!$event instanceof SabrePluginAddEvent) {
 			return;
 		}
-		$event->getServer()->addPlugin(Server::get(DavPlugin::class));
+		$event->getServer()->addPlugin(new DavPlugin(
+			$this->session,
+			$this->appConfig,
+			$_SERVER,
+			$this->settings,
+		));
 	}
 }

lib/Middleware/OnlyLoggedInMiddleware.php

@@ -12,6 +12,7 @@
 use OCP\AppFramework\Utility\IControllerMethodReflector;
 use OCP\IURLGenerator;
 use OCP\IUserSession;
+use Override;
 
 /**
  * Class OnlyLoggedInMiddleware prevents access to a controller method if the user
@@ -33,7 +34,8 @@ public function __construct(
 	 * @param string $methodName
 	 * @throws \Exception
 	 */
-	public function beforeController($controller, $methodName) {
+	#[Override]
+	public function beforeController($controller, $methodName): void {
 		if ($this->reflector->hasAnnotation('OnlyUnauthenticatedUsers') && $this->userSession->isLoggedIn()) {
 			throw new \Exception('User is already logged-in');
 		}
@@ -43,10 +45,10 @@ public function beforeController($controller, $methodName) {
 	 * @param \OCP\AppFramework\Controller $controller
 	 * @param string $methodName
 	 * @param \Exception $exception
-	 * @return RedirectResponse
 	 * @throws \Exception
 	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
+	#[Override]
+	public function afterException($controller, $methodName, \Exception $exception): RedirectResponse {
 		if ($exception->getMessage() === 'User is already logged-in') {
 			return new RedirectResponse($this->urlGenerator->getAbsoluteURL('/'));
 		}

lib/Settings/Admin.php

@@ -83,11 +83,6 @@ public function getForm(): TemplateResponse {
 				'type' => 'line',
 				'required' => true,
 			],
-			'require_provisioned_account' => [
-				'text' => $this->l10n->t('Only allow authentication if an account exists on some other backend (e.g. LDAP).'),
-				'type' => 'checkbox',
-				'global' => true,
-			],
 		];
 		$attributeMappingSettings = [
 			'displayName_mapping' => [
@@ -188,7 +183,7 @@ public function getForm(): TemplateResponse {
 			$nameIdFormats[Constants::NAMEID_UNSPECIFIED]['selected'] = true;
 		}
 
-		$type = $this->appConfig->getAppValueString( 'type');
+		$type = $this->appConfig->getAppValueString('type');
 
 		$generalSettings['require_provisioned_account'] = [
 			'text' => $this->l10n->t('Only allow authentication if an account exists on some other backend (e.g. LDAP).', [$this->defaults->getName()]),
@@ -213,7 +208,7 @@ public function getForm(): TemplateResponse {
 				'type' => 'checkbox',
 				'hideForEnv' => true,
 				'global' => true,
-				'value' => $this->appConfig->getAppValueInt('general-allow_multiple_user_back_ends' )
+				'value' => $this->appConfig->getAppValueInt('general-allow_multiple_user_back_ends')
 			];
 		}