From f9e3208d6e7152b8b327f4d3da9bcecf530a705c Mon Sep 17 00:00:00 2001 From: smarcet Date: Tue, 27 Oct 2020 18:20:40 -0300 Subject: [PATCH] updated CORS logic Change-Id: I44006d34dfeedeb16022ae4609afb0c303ab9bb0 Signed-off-by: smarcet --- .../Api/OAuth2/OAuth2UserApiController.php | 12 +++++++----- app/Http/Kernel.php | 4 +--- .../OAuth2BearerAccessTokenRequestValidator.php | 3 ++- app/Http/Middleware/SingleAccessPoint.php | 4 ++-- .../Utils/ParseMultiPartFormDataInputStream.php | 14 +++++--------- app/Http/routes.php | 8 ++++++-- 6 files changed, 23 insertions(+), 22 deletions(-) diff --git a/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php b/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php index 074b6025..4e97e0fc 100644 --- a/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php +++ b/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php @@ -17,6 +17,7 @@ use App\Http\Controllers\UserValidationRulesFactory; use App\Http\Utils\HTMLCleaner; use App\ModelSerializers\SerializerRegistry; use Auth\Repositories\IUserRepository; +use Illuminate\Http\Request as LaravelRequest; use Illuminate\Support\Facades\Input; use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Request; @@ -194,17 +195,18 @@ final class OAuth2UserApiController extends OAuth2ProtectedController } } - public function UpdateMyPic(){ + public function UpdateMyPic(LaravelRequest $request){ try { if (!$this->resource_server_context->getCurrentUserId()) { return $this->error403(); } - $file = request()->file('pic'); - - if (!is_null($file)) { - $user = $this->openid_user_service->updateProfilePhoto($this->resource_server_context->getCurrentUserId(), $file); + $file = $request->hasFile('file') ? $request->file('file'):null; + if(is_null($file)){ + throw new ValidationException('file is not present'); } + $user = $this->openid_user_service->updateProfilePhoto($this->resource_server_context->getCurrentUserId(), $file); + return $this->updated(SerializerRegistry::getInstance()->getSerializer($user, SerializerRegistry::SerializerType_Private)->serialize()); } catch (ValidationException $ex1) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 09cf0037..3ab3843b 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -66,18 +66,16 @@ class Kernel extends HttpKernel 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'ssl' => \App\Http\Middleware\SSLMiddleware::class, - 'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'csrf' => \App\Http\Middleware\VerifyCsrfToken::class, - 'oauth2.endpoint' => \App\Http\Middleware\OAuth2BearerAccessTokenRequestValidator::class, 'cors' => \Spatie\Cors\Cors::class, + 'oauth2.endpoint' => \App\Http\Middleware\OAuth2BearerAccessTokenRequestValidator::class, 'oauth2.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdmin::class, 'oauth2.currentuser.serveradmin.json' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdminJson::class, 'openstackid.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOpenIdServerAdmin::class, 'openstackid.currentuser.serveradmin.json' => \App\Http\Middleware\CurrentUserIsOpenIdServerAdminJson::class, 'oauth2.currentuser.allow.client.edition' => \App\Http\Middleware\CurrentUserCanEditOAuth2Client::class, 'oauth2.currentuser.owns.client' => \App\Http\Middleware\CurrentUserOwnsOAuth2Client::class, - 'currentuser.checkroute' => \App\Http\Middleware\CurrentUserCheckRouteParams::class, ]; } diff --git a/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php b/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php index aad184d4..73415929 100644 --- a/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php +++ b/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php @@ -29,7 +29,6 @@ use OAuth2\Services\ITokenService; use OAuth2\IResourceServerContext; use OAuth2\Repositories\IApiEndpointRepository; use URL\Normalizer; -use Illuminate\Support\Facades\Route; use Exception; use Utils\Services\ICheckPointService; use Utils\Services\ILogService; @@ -111,6 +110,8 @@ final class OAuth2BearerAccessTokenRequestValidator */ public function handle($request, Closure $next) { + Log::debug(sprintf("OAuth2BearerAccessTokenRequestValidator::handle %s %s", $request->getMethod(), $request->getRequestUri())); + $url = $request->getRequestUri(); $method = $request->getMethod(); $realm = $request->getHost(); diff --git a/app/Http/Middleware/SingleAccessPoint.php b/app/Http/Middleware/SingleAccessPoint.php index f8753e3a..e9a15184 100644 --- a/app/Http/Middleware/SingleAccessPoint.php +++ b/app/Http/Middleware/SingleAccessPoint.php @@ -18,7 +18,7 @@ use Illuminate\Support\Facades\Log; use Utils\Services\ICheckPointService; use Utils\Services\ServiceLocator; use Utils\Services\UtilsServiceCatalog; - +use Exception; /** * Class SingleAccessPoint * @package App\Http\Middleware @@ -28,7 +28,7 @@ final class SingleAccessPoint public function handle($request, Closure $next) { // Perform action - if(Config::get('server.Banning_Enable', true)) + if(Config::get('server.banning_enable', true)) { try { //checkpoint security pattern entry point diff --git a/app/Http/Utils/ParseMultiPartFormDataInputStream.php b/app/Http/Utils/ParseMultiPartFormDataInputStream.php index 857216ef..a95b3046 100644 --- a/app/Http/Utils/ParseMultiPartFormDataInputStream.php +++ b/app/Http/Utils/ParseMultiPartFormDataInputStream.php @@ -243,12 +243,8 @@ final class ParseMultiPartFormDataInputStream $val = self::boolVal($val); if(!empty($val) && is_int($val)) $val = intval($val); - if(!empty($val) && is_numeric($val)) - $val = intval($val); if(!empty($val) && is_double($val)) $val = doubleval($val); - if(!empty($val) && is_string($val)) - $val = strval($val); if (preg_match('/^(.*)\[\]$/i', $match[1], $tmp)) { $data[$tmp[1]][] = $val; } else { @@ -321,7 +317,7 @@ final class ParseMultiPartFormDataInputStream function parse_parameter( &$params, $parameter, $value ) { if ( strpos($parameter, '[') !== FALSE ) { - $matches = []; + $matches = array(); if ( preg_match( '/^([^[]*)\[([^]]*)\](.*)$/', $parameter, $match ) ) { $name = $match[1]; $key = $match[2]; @@ -329,17 +325,17 @@ final class ParseMultiPartFormDataInputStream if ( $name !== '' && $name !== NULL ) { if ( ! isset($params[$name]) || ! is_array($params[$name]) ) { - $params[$name] = []; + $params[$name] = array(); } else { } if ( strlen($rem) > 0 ) { if ( $key === '' || $key === NULL ) { - $arr = []; + $arr = array(); $this->parse_parameter( $arr, $rem, $value ); $params[$name][] = $arr; } else { if ( !isset($params[$name][$key]) || !is_array($params[$name][$key]) ) { - $params[$name][$key] = []; + $params[$name][$key] = array(); } $this->parse_parameter( $params[$name][$key], $rem, $value ); } @@ -357,7 +353,7 @@ final class ParseMultiPartFormDataInputStream $this->parse_parameter( $params, $rem, $value ); } else { if ( ! isset($params[$key]) || ! is_array($params[$key]) ) { - $params[$key] = []; + $params[$key] = array(); } $this->parse_parameter( $params[$key], $rem, $value ); } diff --git a/app/Http/routes.php b/app/Http/routes.php index 5490f9c1..9ad506a7 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -373,7 +373,11 @@ Route::group( [ 'namespace' => 'App\Http\Controllers\Api\OAuth2', 'prefix' => 'api/v1', - 'middleware' => ['api'] + 'middleware' => [ + 'ssl', + 'cors', + 'oauth2.endpoint', + ] ], function () { Route::group(['prefix' => 'users'], function () { @@ -382,7 +386,7 @@ Route::group( Route::group(['prefix' => 'me'], function () { Route::get('', 'OAuth2UserApiController@me'); - Route::put('','OAuth2UserApiController@UpdateMe'); + Route::match(['options','put'],'','OAuth2UserApiController@UpdateMe'); Route::group(['prefix' => 'pic'], function () { Route::put('','OAuth2UserApiController@UpdateMyPic'); });