openinfra/openstackid
Code Issues Proposed changes

updated CORS logic

Browse Source 
Change-Id: I44006d34dfeedeb16022ae4609afb0c303ab9bb0
Signed-off-by: smarcet <smarcet@gmail.com>
This commit is contained in:
smarcet
2020-10-27 18:20:40 -03:00
parent 5f250bb89a
commit f9e3208d6e
6 changed files with 23 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php
View File

@@ -17,6 +17,7 @@ use App\Http\Controllers\UserValidationRulesFactory;
use App\Http\Utils\HTMLCleaner; use App\Http\Utils\HTMLCleaner;
use App\ModelSerializers\SerializerRegistry; use App\ModelSerializers\SerializerRegistry;
use Auth\Repositories\IUserRepository; use Auth\Repositories\IUserRepository;
use Illuminate\Http\Request as LaravelRequest;
use Illuminate\Support\Facades\Input; use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Request; use Illuminate\Support\Facades\Request;
@@ -194,17 +195,18 @@ final class OAuth2UserApiController extends OAuth2ProtectedController
} }
} }
public function UpdateMyPic(){ public function UpdateMyPic(LaravelRequest $request){
try { try {
if (!$this->resource_server_context->getCurrentUserId()) { if (!$this->resource_server_context->getCurrentUserId()) {
return $this->error403(); return $this->error403();
} }
$file = request()->file('pic'); $file = $request->hasFile('file') ? $request->file('file'):null;
if(is_null($file)){
if (!is_null($file)) { throw new ValidationException('file is not present');
$user = $this->openid_user_service->updateProfilePhoto($this->resource_server_context->getCurrentUserId(), $file);
} }
$user = $this->openid_user_service->updateProfilePhoto($this->resource_server_context->getCurrentUserId(), $file);
return $this->updated(SerializerRegistry::getInstance()->getSerializer($user, SerializerRegistry::SerializerType_Private)->serialize()); return $this->updated(SerializerRegistry::getInstance()->getSerializer($user, SerializerRegistry::SerializerType_Private)->serialize());
} }
catch (ValidationException $ex1) catch (ValidationException $ex1)

4
app/Http/Kernel.php
View File

@@ -66,18 +66,16 @@ class Kernel extends HttpKernel
'auth' => \App\Http\Middleware\Authenticate::class, 'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'ssl' => \App\Http\Middleware\SSLMiddleware::class, 'ssl' => \App\Http\Middleware\SSLMiddleware::class,
'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'csrf' => \App\Http\Middleware\VerifyCsrfToken::class, 'csrf' => \App\Http\Middleware\VerifyCsrfToken::class,
'oauth2.endpoint' => \App\Http\Middleware\OAuth2BearerAccessTokenRequestValidator::class,
'cors' => \Spatie\Cors\Cors::class, 'cors' => \Spatie\Cors\Cors::class,
'oauth2.endpoint' => \App\Http\Middleware\OAuth2BearerAccessTokenRequestValidator::class,
'oauth2.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdmin::class, 'oauth2.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdmin::class,
'oauth2.currentuser.serveradmin.json' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdminJson::class, 'oauth2.currentuser.serveradmin.json' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdminJson::class,
'openstackid.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOpenIdServerAdmin::class, 'openstackid.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOpenIdServerAdmin::class,
'openstackid.currentuser.serveradmin.json' => \App\Http\Middleware\CurrentUserIsOpenIdServerAdminJson::class, 'openstackid.currentuser.serveradmin.json' => \App\Http\Middleware\CurrentUserIsOpenIdServerAdminJson::class,
'oauth2.currentuser.allow.client.edition' => \App\Http\Middleware\CurrentUserCanEditOAuth2Client::class, 'oauth2.currentuser.allow.client.edition' => \App\Http\Middleware\CurrentUserCanEditOAuth2Client::class,
'oauth2.currentuser.owns.client' => \App\Http\Middleware\CurrentUserOwnsOAuth2Client::class, 'oauth2.currentuser.owns.client' => \App\Http\Middleware\CurrentUserOwnsOAuth2Client::class,
'currentuser.checkroute' => \App\Http\Middleware\CurrentUserCheckRouteParams::class,
]; ];
} }

3
app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php
View File

@@ -29,7 +29,6 @@ use OAuth2\Services\ITokenService;
use OAuth2\IResourceServerContext; use OAuth2\IResourceServerContext;
use OAuth2\Repositories\IApiEndpointRepository; use OAuth2\Repositories\IApiEndpointRepository;
use URL\Normalizer; use URL\Normalizer;
use Illuminate\Support\Facades\Route;
use Exception; use Exception;
use Utils\Services\ICheckPointService; use Utils\Services\ICheckPointService;
use Utils\Services\ILogService; use Utils\Services\ILogService;
@@ -111,6 +110,8 @@ final class OAuth2BearerAccessTokenRequestValidator
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
Log::debug(sprintf("OAuth2BearerAccessTokenRequestValidator::handle %s %s", $request->getMethod(), $request->getRequestUri()));
$url = $request->getRequestUri(); $url = $request->getRequestUri();
$method = $request->getMethod(); $method = $request->getMethod();
$realm = $request->getHost(); $realm = $request->getHost();

4
app/Http/Middleware/SingleAccessPoint.php
View File

@@ -18,7 +18,7 @@ use Illuminate\Support\Facades\Log;
use Utils\Services\ICheckPointService; use Utils\Services\ICheckPointService;
use Utils\Services\ServiceLocator; use Utils\Services\ServiceLocator;
use Utils\Services\UtilsServiceCatalog; use Utils\Services\UtilsServiceCatalog;
use Exception;
/** /**
* Class SingleAccessPoint * Class SingleAccessPoint
* @package App\Http\Middleware * @package App\Http\Middleware
@@ -28,7 +28,7 @@ final class SingleAccessPoint
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
// Perform action // Perform action
if(Config::get('server.Banning_Enable', true)) if(Config::get('server.banning_enable', true))
{ {
try { try {
//checkpoint security pattern entry point //checkpoint security pattern entry point

14
app/Http/Utils/ParseMultiPartFormDataInputStream.php
View File

@@ -243,12 +243,8 @@ final class ParseMultiPartFormDataInputStream
$val = self::boolVal($val); $val = self::boolVal($val);
if(!empty($val) && is_int($val)) if(!empty($val) && is_int($val))
$val = intval($val); $val = intval($val);
if(!empty($val) && is_numeric($val))
$val = intval($val);
if(!empty($val) && is_double($val)) if(!empty($val) && is_double($val))
$val = doubleval($val); $val = doubleval($val);
if(!empty($val) && is_string($val))
$val = strval($val);
if (preg_match('/^(.*)\[\]$/i', $match[1], $tmp)) { if (preg_match('/^(.*)\[\]$/i', $match[1], $tmp)) {
$data[$tmp[1]][] = $val; $data[$tmp[1]][] = $val;
} else { } else {
@@ -321,7 +317,7 @@ final class ParseMultiPartFormDataInputStream
function parse_parameter( &$params, $parameter, $value ) { function parse_parameter( &$params, $parameter, $value ) {
if ( strpos($parameter, '[') !== FALSE ) { if ( strpos($parameter, '[') !== FALSE ) {
$matches = []; $matches = array();
if ( preg_match( '/^([^[]*)\[([^]]*)\](.*)$/', $parameter, $match ) ) { if ( preg_match( '/^([^[]*)\[([^]]*)\](.*)$/', $parameter, $match ) ) {
$name = $match[1]; $name = $match[1];
$key = $match[2]; $key = $match[2];
@@ -329,17 +325,17 @@ final class ParseMultiPartFormDataInputStream
if ( $name !== '' && $name !== NULL ) { if ( $name !== '' && $name !== NULL ) {
if ( ! isset($params[$name]) || ! is_array($params[$name]) ) { if ( ! isset($params[$name]) || ! is_array($params[$name]) ) {
$params[$name] = []; $params[$name] = array();
} else { } else {
} }
if ( strlen($rem) > 0 ) { if ( strlen($rem) > 0 ) {
if ( $key === '' || $key === NULL ) { if ( $key === '' || $key === NULL ) {
$arr = []; $arr = array();
$this->parse_parameter( $arr, $rem, $value ); $this->parse_parameter( $arr, $rem, $value );
$params[$name][] = $arr; $params[$name][] = $arr;
} else { } else {
if ( !isset($params[$name][$key]) || !is_array($params[$name][$key]) ) { if ( !isset($params[$name][$key]) || !is_array($params[$name][$key]) ) {
$params[$name][$key] = []; $params[$name][$key] = array();
} }
$this->parse_parameter( $params[$name][$key], $rem, $value ); $this->parse_parameter( $params[$name][$key], $rem, $value );
} }
@@ -357,7 +353,7 @@ final class ParseMultiPartFormDataInputStream
$this->parse_parameter( $params, $rem, $value ); $this->parse_parameter( $params, $rem, $value );
} else { } else {
if ( ! isset($params[$key]) || ! is_array($params[$key]) ) { if ( ! isset($params[$key]) || ! is_array($params[$key]) ) {
$params[$key] = []; $params[$key] = array();
} }
$this->parse_parameter( $params[$key], $rem, $value ); $this->parse_parameter( $params[$key], $rem, $value );
} }

8
app/Http/routes.php
View File

@@ -373,7 +373,11 @@ Route::group(
[ [
'namespace' => 'App\Http\Controllers\Api\OAuth2', 'namespace' => 'App\Http\Controllers\Api\OAuth2',
'prefix' => 'api/v1', 'prefix' => 'api/v1',
'middleware' => ['api'] 'middleware' => [
'ssl',
'cors',
'oauth2.endpoint',
]
], function () { ], function () {
Route::group(['prefix' => 'users'], function () { Route::group(['prefix' => 'users'], function () {
@@ -382,7 +386,7 @@ Route::group(
Route::group(['prefix' => 'me'], function () { Route::group(['prefix' => 'me'], function () {
Route::get('', 'OAuth2UserApiController@me'); Route::get('', 'OAuth2UserApiController@me');
Route::put('','OAuth2UserApiController@UpdateMe'); Route::match(['options','put'],'','OAuth2UserApiController@UpdateMe');
Route::group(['prefix' => 'pic'], function () { Route::group(['prefix' => 'pic'], function () {
Route::put('','OAuth2UserApiController@UpdateMyPic'); Route::put('','OAuth2UserApiController@UpdateMyPic');
}); });