composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 02:28:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
jf-cbd
2025-02-27 17:56:46 +01:00
parent a9e10742ec
commit c9f32311b4
2 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
core/restservices.class.inc.php
View File

@@ -127,8 +127,12 @@ class ObjectResult
{
foreach($this->fields as $sAttCode => $value)
{
try{
$oAttDef = MetaModel::GetAttributeDef($this->class, $sAttCode);
if ($oAttDef instanceof AttributeEncryptedString || $oAttDef instanceof AttributePassword)
} catch (Exception $e) { // for special cases like ID
continue;
}
if ($oAttDef instanceof AttributeEncryptedString || $oAttDef instanceof AttributePassword || $oAttDef instanceof AttributeOneWayPassword)
{
$this->fields[$sAttCode] = '******';
}
@@ -704,14 +708,15 @@ class CoreServices implements iRestServiceProvider, iRestInputSanitizer
$sClass = $aJsonData['class'];
foreach ($aJsonData['fields'] as $sAttCode => $value) {
$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
if ($oAttDef instanceof AttributePassword || $oAttDef instanceof AttributeEncryptedPassword) {
if ($oAttDef instanceof AttributeEncryptedString || $oAttDef instanceof AttributePassword || $oAttDef instanceof AttributeOneWayPassword) {
$aJsonData['fields'][$sAttCode] = '*****';
}
}
// TODO : fields type relations avec champs sensible dedans
// TODO refacto
break;
}
return json_encode($aJsonData);
return json_encode($aJsonData, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
}
/**

23
tests/php-unit-tests/unitary-tests/core/RestServicesTest.php
View File

@@ -20,12 +20,11 @@
namespace Combodo\iTop\Test\UnitTest\Core;
use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
use Combodo\iTop\Test\UnitTest\ItopTestCase;
use CoreException;
use CoreServices;
use CoreUnexpectedValue;
use RestResultListOperations;
use SimpleGraphException;
use UserLocal;
class RestServicesTest extends ItopDataTestCase
@@ -104,10 +103,12 @@ JSON;
public function testSanitizeJsonOutput($sOperation, $aJsonData, $sExpectedJsonDataSanitized)
{
$oRS = new CoreServices();
$oResult = $oRS->ExecOperation('1.3', $sOperation, $aJsonData);
$oResult->SanitizeContent();
$this->assertEquals($sExpectedJsonDataSanitized, json_encode($oResult));
$oUser = new UserLocal();
$oUser->Set('password', "123456");
$oRestResultWithObject = new \RestResultWithObjects();
$oRestResultWithObject->AddObject(0, "ok", $oUser, ['UserLocal' => ['login', 'password']]);
$oRestResultWithObject->SanitizeContent();
$this->assertEquals($sExpectedJsonDataSanitized, json_encode($oRestResultWithObject));
}
public function providerTestSanitizeJsonInput()
@@ -115,11 +116,15 @@ JSON;
return [
'core/check_credentials' => [
'{"operation": "core/check_credentials", "user": "admin", "password": "admin"}',
'{"operation": "core/check_credentials", "user": "admin", "password": "*****"}'
'{
"operation": "core/check_credentials",
"user": "admin",
"password": "*****"
}'
],
'core/update' => [
'{"operation": "core/update", "comment": "Update user", "class": "UserLocal", "key": {"description": "My description"}, "output_fields": "first_name, password", "fields": {"id": "1", "password" : "123456"}}',
'{"operation": "core/update", "comment": "Update user", "class": "UserLocal", "key": {"description": "My description"}, "output_fields": "first_name, password", "fields": {"id": "1", "password" : "*****"}}'
'{"operation": "core/update", "comment": "Update user", "class": "UserLocal", "key": {"id":1}, "output_fields": "first_name, password", "fields": {"password" : "123456"}}',
'{"operation": "core/update", "comment": "Update user", "class": "UserLocal", "key": {"id":1}, "output_fields": "first_name, password", "fields": {"password" : "*****"}}'
],
'core/create' => [
'{"operation": "core/create", "comment": "Create user", "class": "UserLocal", "fields": {"first_name": "John", "last_name": "Doe", "email": "jd@example/com", "password" : "123456"}}',