Merge pull request #143 from nextcloud/fix/142/dont-log-sensitive-args

prevent the Logger from writing sensitive values

Author: blizzz

.github/workflows/integration.yml

@@ -0,0 +1,79 @@
+name: Integration
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/integration.yml'
+      - 'appinfo/**'
+      - 'lib/**'
+      - 'tests/**'
+
+  push:
+    branches:
+      - master
+      - stable*
+
+env:
+  APP_NAME: sharepoint
+
+jobs:
+  sqlite:
+    runs-on: ubuntu-latest
+
+    strategy:
+      # do not stop on another job's failure
+      fail-fast: false
+      matrix:
+        php-versions: ['7.4', '8.0', '8.1']
+        databases: ['sqlite']
+        server-versions: ['master']
+
+    name: integration-php${{ matrix.php-versions }}-${{ matrix.databases }}
+
+    steps:
+      - name: Checkout server
+        uses: actions/checkout@v2
+        with:
+          repository: nextcloud/server
+          ref: ${{ matrix.server-versions }}
+
+      - name: Checkout submodules
+        shell: bash
+        run: |
+          auth_header="$(git config --local --get http.https://github.com/.extraheader)"
+          git submodule sync --recursive
+          git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
+      - name: Checkout app
+        uses: actions/checkout@v2
+        with:
+          path: apps/${{ env.APP_NAME }}
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: mbstring, iconv, fileinfo, intl, sqlite, pdo_sqlite
+          ini-values: zend.exception_ignore_args=Off
+          coverage: none
+
+      - name: Install app dependencies
+        working-directory: apps/${{ env.APP_NAME }}
+        run: composer i
+
+      - name: Install test dependencies
+        working-directory: apps/${{ env.APP_NAME }}/tests/Integration
+        run: composer i
+
+      - name: Set up Nextcloud
+        env:
+          DB_PORT: 4444
+        run: |
+          mkdir data
+          ./occ maintenance:install --verbose --database=${{ matrix.databases }} --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
+          php -f index.php
+          ./occ app:enable files_external
+          ./occ app:enable --force ${{ env.APP_NAME }}
+          php -S localhost:8080 &
+      - name: Integration
+        working-directory: apps/${{ env.APP_NAME }}/tests/Integration
+        run: bash run.sh

.gitignore

@@ -1,2 +1,2 @@
 composer.phar
-/vendor/
+vendor/

lib/AppInfo/Application.php

@@ -30,13 +30,17 @@
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
+use Office365\Runtime\Auth\AuthenticationContext;
+use Office365\Runtime\Auth\SamlTokenProvider;
 
 class Application extends App implements IBootstrap {
 	public function __construct() {
 		parent::__construct('sharepoint');
 	}
 
 	public function register(IRegistrationContext $context): void {
+		$context->registerSensitiveMethods(SamlTokenProvider::class, ['acquireSecurityToken']);
+		$context->registerSensitiveMethods(AuthenticationContext::class, ['acquireToken', 'acquireTokenForUser']);
 		$context->registerEventListener('OCA\\Files_External::loadAdditionalBackends', ExternalStoragesRegistrationListener::class);
 	}
 

tests/Integration/composer.json

@@ -0,0 +1,12 @@
+{
+	"config": {
+		"platform": {
+			"php": "7.4"
+		}
+	},
+	"require-dev": {
+		"behat/behat": "^3.11",
+		"jarnaiz/behat-junit-formatter": "^1.3",
+		"guzzlehttp/guzzle": "^7.4"
+	}
+}