refactor: Move hasAnnotationOrAttribute to MiddlewareUtils

Signed-off-by: Carl Schwan <carlschwan@kde.org>

Author: CarlSchwan

build/psalm-baseline.xml

@@ -3210,13 +3210,6 @@
     </DeprecatedMethod>
   </file>
   <file src="core/Middleware/TwoFactorMiddleware.php">
-    <DeprecatedInterface>
-      <code><![CDATA[private]]></code>
-    </DeprecatedInterface>
-    <DeprecatedMethod>
-      <code><![CDATA[hasAnnotation]]></code>
-      <code><![CDATA[hasAnnotation]]></code>
-    </DeprecatedMethod>
     <NoInterfaceProperties>
       <code><![CDATA[$this->request->server]]></code>
     </NoInterfaceProperties>

core/Middleware/TwoFactorMiddleware.php

@@ -11,6 +11,7 @@
 
 use Exception;
 use OC\AppFramework\Http\Attributes\TwoFactorSetUpDoneRequired;
+use OC\AppFramework\Middleware\MiddlewareUtils;
 use OC\Authentication\Exceptions\TwoFactorAuthRequiredException;
 use OC\Authentication\Exceptions\UserAlreadyLoggedInException;
 use OC\Authentication\TwoFactorAuth\Manager;
@@ -22,13 +23,11 @@
 use OCP\AppFramework\Http\Attribute\NoTwoFactorRequired;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Middleware;
-use OCP\AppFramework\Utility\IControllerMethodReflector;
 use OCP\Authentication\TwoFactorAuth\ALoginSetupController;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
 use OCP\IUser;
-use Psr\Log\LoggerInterface;
 use ReflectionMethod;
 
 class TwoFactorMiddleware extends Middleware {
@@ -37,9 +36,8 @@ public function __construct(
 		private Session $userSession,
 		private ISession $session,
 		private IURLGenerator $urlGenerator,
-		private IControllerMethodReflector $reflector,
+		private MiddlewareUtils $middlewareUtils,
 		private IRequest $request,
-		private LoggerInterface $logger,
 	) {
 	}
 
@@ -50,7 +48,7 @@ public function __construct(
 	public function beforeController($controller, $methodName) {
 		$reflectionMethod = new ReflectionMethod($controller, $methodName);
 
-		if ($this->hasAnnotationOrAttribute($reflectionMethod, 'NoTwoFactorRequired', NoTwoFactorRequired::class)) {
+		if ($this->middlewareUtils->hasAnnotationOrAttribute($reflectionMethod, 'NoTwoFactorRequired', NoTwoFactorRequired::class)) {
 			// Route handler explicitly marked to work without finished 2FA are
 			// not blocked
 			return;
@@ -137,26 +135,4 @@ public function afterException($controller, $methodName, Exception $exception) {
 
 		throw $exception;
 	}
-
-
-	/**
-	 * @template T
-	 *
-	 * @param ReflectionMethod $reflectionMethod
-	 * @param ?string $annotationName
-	 * @param class-string<T> $attributeClass
-	 * @return boolean
-	 */
-	protected function hasAnnotationOrAttribute(ReflectionMethod $reflectionMethod, ?string $annotationName, string $attributeClass): bool {
-		if (!empty($reflectionMethod->getAttributes($attributeClass))) {
-			return true;
-		}
-
-		if ($annotationName && $this->reflector->hasAnnotation($annotationName)) {
-			$this->logger->debug($reflectionMethod->getDeclaringClass()->getName() . '::' . $reflectionMethod->getName() . ' uses the @' . $annotationName . ' annotation and should use the #[' . $attributeClass . '] attribute instead');
-			return true;
-		}
-
-		return false;
-	}
 }

lib/composer/composer/autoload_classmap.php

@@ -1103,6 +1103,7 @@
     'OC\\AppFramework\\Middleware\\CompressionMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/CompressionMiddleware.php',
     'OC\\AppFramework\\Middleware\\FlowV2EphemeralSessionsMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php',
     'OC\\AppFramework\\Middleware\\MiddlewareDispatcher' => $baseDir . '/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php',
+    'OC\\AppFramework\\Middleware\\MiddlewareUtils' => $baseDir . '/lib/private/AppFramework/Middleware/MiddlewareUtils.php',
     'OC\\AppFramework\\Middleware\\NotModifiedMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/NotModifiedMiddleware.php',
     'OC\\AppFramework\\Middleware\\OCSMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/OCSMiddleware.php',
     'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => $baseDir . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php',

lib/composer/composer/autoload_static.php

@@ -1144,6 +1144,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\AppFramework\\Middleware\\CompressionMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/CompressionMiddleware.php',
         'OC\\AppFramework\\Middleware\\FlowV2EphemeralSessionsMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php',
         'OC\\AppFramework\\Middleware\\MiddlewareDispatcher' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php',
+        'OC\\AppFramework\\Middleware\\MiddlewareUtils' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/MiddlewareUtils.php',
         'OC\\AppFramework\\Middleware\\NotModifiedMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/NotModifiedMiddleware.php',
         'OC\\AppFramework\\Middleware\\OCSMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/OCSMiddleware.php',
         'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php',

lib/private/AppFramework/DependencyInjection/DIContainer.php

@@ -17,6 +17,7 @@
 use OC\AppFramework\Middleware\CompressionMiddleware;
 use OC\AppFramework\Middleware\FlowV2EphemeralSessionsMiddleware;
 use OC\AppFramework\Middleware\MiddlewareDispatcher;
+use OC\AppFramework\Middleware\MiddlewareUtils;
 use OC\AppFramework\Middleware\NotModifiedMiddleware;
 use OC\AppFramework\Middleware\OCSMiddleware;
 use OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware;
@@ -31,6 +32,7 @@
 use OC\AppFramework\Middleware\Security\SecurityMiddleware;
 use OC\AppFramework\Middleware\SessionMiddleware;
 use OC\AppFramework\ScopedPsrLogger;
+use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\AppFramework\Utility\SimpleContainer;
 use OC\Core\Middleware\TwoFactorMiddleware;
 use OC\Diagnostics\EventLogger;
@@ -44,7 +46,6 @@
 use OCP\AppFramework\QueryException;
 use OCP\AppFramework\Services\IAppConfig;
 use OCP\AppFramework\Services\IInitialState;
-use OCP\AppFramework\Utility\IControllerMethodReflector;
 use OCP\Files\AppData\IAppDataFactory;
 use OCP\Files\Folder;
 use OCP\Files\IAppData;
@@ -155,7 +156,7 @@ public function __construct(string $appName, array $urlParams = [], ?ServerConta
 			return new Dispatcher(
 				$c->get(Http::class),
 				$c->get(MiddlewareDispatcher::class),
-				$c->get(IControllerMethodReflector::class),
+				$c->get(ControllerMethodReflector::class),
 				$c->get(IRequest::class),
 				$c->get(IConfig::class),
 				$c->get(IDBConnection::class),
@@ -193,7 +194,7 @@ public function __construct(string $appName, array $urlParams = [], ?ServerConta
 
 			$securityMiddleware = new SecurityMiddleware(
 				$c->get(IRequest::class),
-				$c->get(IControllerMethodReflector::class),
+				$c->get(MiddlewareUtils::class),
 				$c->get(INavigationManager::class),
 				$c->get(IURLGenerator::class),
 				$c->get(LoggerInterface::class),

lib/private/AppFramework/Http/Dispatcher.php

@@ -26,64 +26,22 @@
  * Class to dispatch the request to the middleware dispatcher
  */
 class Dispatcher {
-	/** @var MiddlewareDispatcher */
-	private $middlewareDispatcher;
-
-	/** @var Http */
-	private $protocol;
-
-	/** @var ControllerMethodReflector */
-	private $reflector;
-
-	/** @var IRequest */
-	private $request;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var ConnectionAdapter */
-	private $connection;
-
-	/** @var LoggerInterface */
-	private $logger;
-
-	/** @var IEventLogger */
-	private $eventLogger;
-
-	private ContainerInterface $appContainer;
-
 	/**
 	 * @param Http $protocol the http protocol with contains all status headers
 	 * @param MiddlewareDispatcher $middlewareDispatcher the dispatcher which
 	 *                                                   runs the middleware
-	 * @param ControllerMethodReflector $reflector the reflector that is used to inject
-	 *                                             the arguments for the controller
-	 * @param IRequest $request the incoming request
-	 * @param IConfig $config
-	 * @param ConnectionAdapter $connection
-	 * @param LoggerInterface $logger
-	 * @param IEventLogger $eventLogger
 	 */
 	public function __construct(
-		Http $protocol,
-		MiddlewareDispatcher $middlewareDispatcher,
-		ControllerMethodReflector $reflector,
-		IRequest $request,
-		IConfig $config,
-		ConnectionAdapter $connection,
-		LoggerInterface $logger,
-		IEventLogger $eventLogger,
-		ContainerInterface $appContainer,
+		private readonly Http $protocol,
+		private readonly MiddlewareDispatcher $middlewareDispatcher,
+		private readonly ControllerMethodReflector $reflector,
+		private readonly IRequest $request,
+		private readonly IConfig $config,
+		private readonly ConnectionAdapter $connection,
+		private readonly LoggerInterface $logger,
+		private readonly IEventLogger $eventLogger,
+		private readonly ContainerInterface $appContainer,
 	) {
-		$this->protocol = $protocol;
-		$this->middlewareDispatcher = $middlewareDispatcher;
-		$this->reflector = $reflector;
-		$this->request = $request;
-		$this->config = $config;
-		$this->connection = $connection;
-		$this->logger = $logger;
-		$this->eventLogger = $eventLogger;
-		$this->appContainer = $appContainer;
 	}
 
 
@@ -92,16 +50,15 @@ public function __construct(
 	 * @param Controller $controller the controller which will be called
 	 * @param string $methodName the method name which will be called on
 	 *                           the controller
-	 * @return array $array[0] contains the http status header as a string,
-	 *               $array[1] contains response headers as an array,
-	 *               $array[2] contains response cookies as an array,
-	 *               $array[3] contains the response output as a string,
-	 *               $array[4] contains the response object
+	 * @return array{0: string, 1: array, 2: array, 3: string, 4: Response}
+	 *                                                                      $array[0] contains the http status header as a string,
+	 *                                                                      $array[1] contains response headers as an array,
+	 *                                                                      $array[2] contains response cookies as an array,
+	 *                                                                      $array[3] contains the response output as a string,
+	 *                                                                      $array[4] contains the response object
 	 * @throws \Exception
 	 */
 	public function dispatch(Controller $controller, string $methodName): array {
-		$out = [null, [], null];
-
 		try {
 			// prefill reflector with everything that's needed for the
 			// middlewares
@@ -156,15 +113,15 @@ public function dispatch(Controller $controller, string $methodName): array {
 			$controller, $methodName, $response);
 
 		// depending on the cache object the headers need to be changed
-		$out[0] = $this->protocol->getStatusHeader($response->getStatus());
-		$out[1] = array_merge($response->getHeaders());
-		$out[2] = $response->getCookies();
-		$out[3] = $this->middlewareDispatcher->beforeOutput(
-			$controller, $methodName, $response->render()
-		);
-		$out[4] = $response;
-
-		return $out;
+		return [
+			$this->protocol->getStatusHeader($response->getStatus()),
+			array_merge($response->getHeaders()),
+			$response->getCookies(),
+			$this->middlewareDispatcher->beforeOutput(
+				$controller, $methodName, $response->render()
+			),
+			$response,
+		];
 	}
 
 

lib/private/AppFramework/Middleware/MiddlewareUtils.php

@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH
+ * SPDX-FileContributor: Carl Schwan
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OC\AppFramework\Middleware;
+
+use OC\AppFramework\Utility\ControllerMethodReflector;
+use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
+use Psr\Log\LoggerInterface;
+use ReflectionMethod;
+
+/**
+ * Temporary helper to abstract IControllerMethodReflector and ReflectionMethod
+ */
+class MiddlewareUtils {
+	public function __construct(
+		private readonly ControllerMethodReflector $reflector,
+		private readonly LoggerInterface $logger,
+	) {
+	}
+
+	/**
+	 * @template T
+	 *
+	 * @param ReflectionMethod $reflectionMethod
+	 * @param ?string $annotationName
+	 * @param class-string<T> $attributeClass
+	 * @return boolean
+	 */
+	public function hasAnnotationOrAttribute(ReflectionMethod $reflectionMethod, ?string $annotationName, string $attributeClass): bool {
+		if (!empty($reflectionMethod->getAttributes($attributeClass))) {
+			return true;
+		}
+
+		if ($annotationName && $this->reflector->hasAnnotation($annotationName)) {
+			$this->logger->debug($reflectionMethod->getDeclaringClass()->getName() . '::' . $reflectionMethod->getName() . ' uses the @' . $annotationName . ' annotation and should use the #[' . $attributeClass . '] attribute instead');
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	 * @param ReflectionMethod $reflectionMethod
+	 * @return string[]
+	 */
+	public function getAuthorizedAdminSettingClasses(ReflectionMethod $reflectionMethod): array {
+		$classes = [];
+		if ($this->reflector->hasAnnotation('AuthorizedAdminSetting')) {
+			$classes = explode(';', $this->reflector->getAnnotationParameter('AuthorizedAdminSetting', 'settings'));
+		}
+
+		$attributes = $reflectionMethod->getAttributes(AuthorizedAdminSetting::class);
+		if (!empty($attributes)) {
+			foreach ($attributes as $attribute) {
+				/** @var AuthorizedAdminSetting $setting */
+				$setting = $attribute->newInstance();
+				$classes[] = $setting->getSettings();
+			}
+		}
+
+		return $classes;
+	}
+}