mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-24 02:58:43 +02:00
WIP
This commit is contained in:
jf-cbd
@@ -112,11 +112,6 @@ interface iAttributeNoGroupBy
|
|||||||
//no method, just a contract on implement
|
//no method, just a contract on implement
|
||||||
}
|
}
|
||||||
|
|
||||||
interface iAttributeSensitive
|
|
||||||
{
|
|
||||||
//no method, just a contract on implement
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Attribute definition API, implemented in and many flavours (Int, String, Enum, etc.)
|
* Attribute definition API, implemented in and many flavours (Int, String, Enum, etc.)
|
||||||
*
|
*
|
||||||
@@ -3778,7 +3773,7 @@ class AttributeFinalClass extends AttributeString
|
|||||||
*
|
*
|
||||||
* @package iTopORM
|
* @package iTopORM
|
||||||
*/
|
*/
|
||||||
class AttributePassword extends AttributeString implements iAttributeNoGroupBy, iAttributeSensitive
|
class AttributePassword extends AttributeString implements iAttributeNoGroupBy
|
||||||
{
|
{
|
||||||
const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
|
const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
|
||||||
|
|
||||||
@@ -3854,7 +3849,7 @@ class AttributePassword extends AttributeString implements iAttributeNoGroupBy,
|
|||||||
*
|
*
|
||||||
* @package iTopORM
|
* @package iTopORM
|
||||||
*/
|
*/
|
||||||
class AttributeEncryptedString extends AttributeString implements iAttributeNoGroupBy, iAttributeSensitive
|
class AttributeEncryptedString extends AttributeString implements iAttributeNoGroupBy
|
||||||
{
|
{
|
||||||
const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
|
const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
|
||||||
|
|
||||||
@@ -9246,7 +9241,7 @@ class AttributeSubItem extends AttributeDefinition
|
|||||||
/**
|
/**
|
||||||
* One way encrypted (hashed) password
|
* One way encrypted (hashed) password
|
||||||
*/
|
*/
|
||||||
class AttributeOneWayPassword extends AttributeDefinition implements iAttributeNoGroupBy, iAttributeSensitive
|
class AttributeOneWayPassword extends AttributeDefinition implements iAttributeNoGroupBy
|
||||||
{
|
{
|
||||||
const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
|
const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
|
||||||
|
|
||||||
|
|||||||
@@ -132,7 +132,7 @@ public function SanitizeContent()
|
|||||||
} catch (Exception $e) { // for special cases like ID
|
} catch (Exception $e) { // for special cases like ID
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if ($oAttDef instanceof iAttributeSensitive)
|
if ($oAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute
|
||||||
{
|
{
|
||||||
$this->fields[$sAttCode] = '******';
|
$this->fields[$sAttCode] = '******';
|
||||||
}
|
}
|
||||||
@@ -201,7 +201,7 @@ class RestResultWithObjects extends RestResult
|
|||||||
$this->objects[$sObjKey] = $oObjRes;
|
$this->objects[$sObjKey] = $oObjRes;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* public function SanitizeContent()
|
public function SanitizeContent()
|
||||||
{
|
{
|
||||||
parent::SanitizeContent();
|
parent::SanitizeContent();
|
||||||
|
|
||||||
@@ -209,7 +209,7 @@ class RestResultWithObjects extends RestResult
|
|||||||
{
|
{
|
||||||
$oObjRes->SanitizeContent();
|
$oObjRes->SanitizeContent();
|
||||||
}
|
}
|
||||||
}*/
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class RestResultWithRelations extends RestResultWithObjects
|
class RestResultWithRelations extends RestResultWithObjects
|
||||||
@@ -710,15 +710,14 @@ class CoreServices implements iRestServiceProvider, iRestInputSanitizer
|
|||||||
default :
|
default :
|
||||||
$sClass = $aJsonData['class'];
|
$sClass = $aJsonData['class'];
|
||||||
foreach ($aJsonData['fields'] as $sAttCode => $value) {
|
foreach ($aJsonData['fields'] as $sAttCode => $value) {
|
||||||
$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
|
$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
|
||||||
var_dump($oAttDef);
|
var_dump($oAttDef);
|
||||||
if ($oAttDef instanceof iAttributeSensitive) {
|
if ($oAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute
|
||||||
$aJsonData['fields'][$sAttCode] = '*****';
|
{
|
||||||
}
|
$aJsonData['fields'][$sAttCode] = '*****';
|
||||||
}
|
}
|
||||||
// TODO : fields type relations avec champs sensible dedans
|
}
|
||||||
// TODO refacto
|
break;
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
return json_encode($aJsonData, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
|
return json_encode($aJsonData, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,12 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.7">
|
||||||
|
<classes>
|
||||||
|
<class id="Group">
|
||||||
|
<fields>
|
||||||
|
<field id="encrypted_string" xsi:type="AttributeEncryptedString" _delta="define">
|
||||||
|
<sql>encrypted_string</sql>
|
||||||
|
</field>
|
||||||
|
</fields>
|
||||||
|
</class>
|
||||||
|
</classes>
|
||||||
|
</itop_design>
|
||||||
@@ -0,0 +1,54 @@
|
|||||||
|
<?php
|
||||||
|
// Copyright (c) 2010-2018 Combodo SARL
|
||||||
|
//
|
||||||
|
// This file is part of iTop.
|
||||||
|
//
|
||||||
|
// iTop is free software; you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// iTop is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with iTop. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
//
|
||||||
|
|
||||||
|
namespace Combodo\iTop\Test\UnitTest\Core;
|
||||||
|
|
||||||
|
use Combodo\iTop\Test\UnitTest\ItopCustomDatamodelTestCase;
|
||||||
|
use Group;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runTestsInSeparateProcesses
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
* @backupGlobals disabled
|
||||||
|
*/
|
||||||
|
class RestServicesSanitizeOutputTest extends iTopCustomDatamodelTestCase
|
||||||
|
{
|
||||||
|
public function setUp(): void
|
||||||
|
{
|
||||||
|
parent::setUp();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public function testSanitizeJsonOutput()
|
||||||
|
{
|
||||||
|
$oGroup = new Group();
|
||||||
|
$oGroup->Set('encrypted_string', "123456");
|
||||||
|
$oRestResultWithObject = new \RestResultWithObjects();
|
||||||
|
$oRestResultWithObject->AddObject(0, "ok", $oGroup, ['Group' => ['encrypted_string']]);
|
||||||
|
$oRestResultWithObject->SanitizeContent();
|
||||||
|
$this->assertEquals('{"objects":{"Group::-1":{"code":0,"message":"ok","class":"Group","key":-1,"fields":{"encrypted_string":"******"}}},"code":0,"message":null}', json_encode($oRestResultWithObject));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
public function GetDatamodelDeltaAbsPath(): string
|
||||||
|
{
|
||||||
|
return __DIR__ . "/Delta/delta_test_sanitize_output.xml";
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -24,6 +24,7 @@ use CoreException;
|
|||||||
use CoreServices;
|
use CoreServices;
|
||||||
use CoreUnexpectedValue;
|
use CoreUnexpectedValue;
|
||||||
use SimpleGraphException;
|
use SimpleGraphException;
|
||||||
|
use UserLocal;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @runTestsInSeparateProcesses
|
* @runTestsInSeparateProcesses
|
||||||
@@ -103,21 +104,12 @@ class RestServicesTest extends ItopDataTestCase
|
|||||||
*/
|
*/
|
||||||
public function testSanitizeJsonOutput($sOperation, $aJsonData, $sExpectedJsonDataSanitized)
|
public function testSanitizeJsonOutput($sOperation, $aJsonData, $sExpectedJsonDataSanitized)
|
||||||
{
|
{
|
||||||
$this->CreateUser('my_example', '1', 'Azertyuiiop*12', 1);
|
$oUser = new UserLocal();
|
||||||
$oRS = new CoreServices();
|
$oUser->Set('password', "123456");
|
||||||
$oResult = $oRS->ExecOperation(1.3, $sOperation, json_decode(json_encode($aJsonData)));
|
$oRestResultWithObject = new \RestResultWithObjects();
|
||||||
// delete every pattern like "::xxx"
|
$oRestResultWithObject->AddObject(0, "ok", $oUser, ['UserLocal' => ['login', 'password']]);
|
||||||
$actualResult = json_encode($oResult);
|
$oRestResultWithObject->SanitizeContent();
|
||||||
$sExpectedJsonDataSanitized = preg_replace('/::[0-9]+/', '', $sExpectedJsonDataSanitized);
|
$this->assertEquals($sExpectedJsonDataSanitized, json_encode($oRestResultWithObject));
|
||||||
$actualResult = preg_replace('/::[0-9]+/', '', $actualResult);
|
|
||||||
// convert both to arrays
|
|
||||||
$actualResult = json_decode($actualResult, true);
|
|
||||||
$sExpectedJsonDataSanitized = json_decode($sExpectedJsonDataSanitized, true);
|
|
||||||
$this->recursive_unset($actualResult, 'key');
|
|
||||||
$this->recursive_unset($sExpectedJsonDataSanitized, 'key');
|
|
||||||
|
|
||||||
|
|
||||||
$this->assertEquals($sExpectedJsonDataSanitized, $actualResult);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function providerTestSanitizeJsonOutput()
|
public function providerTestSanitizeJsonOutput()
|
||||||
@@ -127,22 +119,22 @@ class RestServicesTest extends ItopDataTestCase
|
|||||||
'core/update' => [
|
'core/update' => [
|
||||||
'core/update',
|
'core/update',
|
||||||
['comment' => 'Update user', 'class' => 'UserLocal', 'key' => ['login' => 'my_example'], 'output_fields' => 'password', 'fields' => ['password' => 'opkB!req57']],
|
['comment' => 'Update user', 'class' => 'UserLocal', 'key' => ['login' => 'my_example'], 'output_fields' => 'password', 'fields' => ['password' => 'opkB!req57']],
|
||||||
'{"objects":{"UserLocal::78":{"code":0,"message":"updated","class":"UserLocal","key":"78","fields":{"password":"*****"}}},"code":0,"message":null}'],
|
'{"objects":{"UserLocal::-1":{"code":0,"message":"ok","class":"UserLocal","key":-1,"fields":{"login":"******","password":"******"}}},"code":0,"message":null}'
|
||||||
|
],
|
||||||
'core/create' => [
|
'core/create' => [
|
||||||
'core/create',
|
'core/create',
|
||||||
['comment' => 'Create user', 'class' => 'UserLocal', 'fields' => ['password' => 'Azertyuiiop*12', 'login' => 'toto', 'profile_list' => [1]]],
|
['comment' => 'Create user', 'class' => 'UserLocal', 'fields' => ['password' => 'Azertyuiiop*12', 'login' => 'toto', 'profile_list' => [1]]],
|
||||||
'{"operation":"core/create","comment":"Create user","class":"UserLocal","fields":{"first_name":"John","last_name":"Doe","email":"jd@example/com","password":"*****"}}'
|
'{"objects":{"UserLocal::-1":{"code":0,"message":"ok","class":"UserLocal","key":-1,"fields":{"login":"******","password":"******"}}},"code":0,"message":null}'
|
||||||
],
|
],
|
||||||
'core/get' => [
|
'core/get' => [
|
||||||
'core/get',
|
'core/get',
|
||||||
['comment' => 'Get user', 'class' => 'UserLocal', 'key' => ['login' => 'my_example'], 'output_fields' => 'first_name, password'],
|
['comment' => 'Get user', 'class' => 'UserLocal', 'key' => ['login' => 'my_example'], 'output_fields' => 'first_name, password'],
|
||||||
'{"objects":{"UserLocal":{"code":0,"message":"","class":"UserLocal","key":"148","fields":{"first_name":"My first name","password":"*****"}}},"code":0,"message":"Found: 1"}'
|
'{"objects":{"UserLocal::-1":{"code":0,"message":"ok","class":"UserLocal","key":-1,"fields":{"login":"******","password":"******"}}},"code":0,"message":null}'
|
||||||
],
|
],
|
||||||
'core/check_credentials' => [
|
'core/check_credentials' => [
|
||||||
'core/check_credentials',
|
'core/check_credentials',
|
||||||
['user' => 'admin', 'password' => 'admin'],
|
['user' => 'admin', 'password' => 'admin'],
|
||||||
'{"code":0,"message":null,"authorized":true}'
|
'{"objects":{"UserLocal::-1":{"code":0,"message":"ok","class":"UserLocal","key":-1,"fields":{"login":"******","password":"******"}}},"code":0,"message":null}' ],
|
||||||
],
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user