composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/support/2.7' into support/3.0

Browse Source 
# Conflicts:
#	datamodels/2.x/itop-hub-connector/launch.php
This commit is contained in:
jf-cbd
2024-04-23 14:03:15 +02:00
parent 514e0b80a5 eeec57536b
commit e5a8bd61b0
4 changed files with 93 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
datamodels/2.x/itop-hub-connector/TokenValidation.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
class TokenValidation
{
// construct function
public function __construct()
{
}
public function isSetupTokenValid($sParamToken) : bool
{
if (!file_exists(APPROOT.'data/.setup')) {
return false;
}
$sSetupToken = trim(file_get_contents(APPROOT.'data/.setup'));
unlink(APPROOT.'data/.setup');
return $sParamToken === $sSetupToken;
}
}

41
datamodels/2.x/itop-hub-connector/launch.php
View File

@@ -257,13 +257,15 @@ function MakeDataToPost($sTargetRoute)
return $aDataToPost; return $aDataToPost;
} }
try { try
require_once(APPROOT.'/application/application.inc.php'); {
require_once(APPROOT.'/application/itopwebpage.class.inc.php'); require_once (APPROOT.'/application/application.inc.php');
require_once(APPROOT.'/setup/extensionsmap.class.inc.php'); require_once (APPROOT.'/application/itopwebpage.class.inc.php');
require_once('hubconnectorpage.class.inc.php'); require_once (APPROOT.'/setup/extensionsmap.class.inc.php');
require_once ('hubconnectorpage.class.inc.php');
require_once(APPROOT.'/application/startup.inc.php');
require_once (APPROOT.'/application/startup.inc.php');
require_once('TokenValidation.php');
$sTargetRoute = utils::ReadParam('target', ''); // ||browse_extensions|deploy_extensions| $sTargetRoute = utils::ReadParam('target', ''); // ||browse_extensions|deploy_extensions|
@@ -279,15 +281,24 @@ try {
switch ($sTargetRoute) { switch ($sTargetRoute) {
case 'inform_after_setup': case 'inform_after_setup':
// Hidden IFRAME at the end of the setup // Hidden IFRAME at the end of the setup
require_once(APPROOT.'/application/ajaxwebpage.class.inc.php'); require_once (APPROOT.'/application/ajaxwebpage.class.inc.php');
$oPage = new NiceWebPage('');
$aDataToPost = MakeDataToPost($sTargetRoute);
$oPage->add('<form id="hub_launch_form" action="'.$sHubUrlStateless.'" method="post">');
$oPage->add('<input type="hidden" name="json" value="'.htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8').'">');
$oPage->add_ready_script('$("#hub_launch_form").submit();');
break;
$sParamToken = utils::ReadParam('setup_token');
$oTokenValidation = new TokenValidation();
$bIsTokenValid = $oTokenValidation->isSetupTokenValid($sParamToken);
if (UserRights::IsAdministrator() || $bIsTokenValid) {
$oPage = new NiceWebPage('');
$aDataToPost = MakeDataToPost($sTargetRoute);
$oPage->add('<form id="hub_launch_form" action="' . $sHubUrlStateless . '" method="post">');
$oPage->add('<input type="hidden" name="json" value="' . htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8') . '">');
$oPage->add_ready_script('$("#hub_launch_form").submit();');
} else {
IssueLog::Error('TokenValidation failed on inform_after_setup page');
throw new Exception("Not allowed");
}
break;
default: default:
// All other cases, special "Hub like" web page // All other cases, special "Hub like" web page
if ($sTargetRoute == 'view_dashboard') { if ($sTargetRoute == 'view_dashboard') {

5
setup/wizardsteps.class.inc.php
View File

@@ -2616,6 +2616,11 @@ class WizStepDone extends WizardStep
$oProductionEnv->InitDataModel($oConfig, true); $oProductionEnv->InitDataModel($oConfig, true);
$sIframeUrl = $oConfig->GetModuleSetting('itop-hub-connector', 'setup_url', ''); $sIframeUrl = $oConfig->GetModuleSetting('itop-hub-connector', 'setup_url', '');
$sSetupTokenFile = APPROOT.'data/.setup';
$sSetupToken = bin2hex(random_bytes(12));
file_put_contents($sSetupTokenFile, $sSetupToken);
$sIframeUrl.= "&setup_token=$sSetupToken";
if ($sIframeUrl != '') if ($sIframeUrl != '')
{ {
$oPage->add('<iframe id="fresh_content" frameborder="0" scrolling="auto" src="'.$sIframeUrl.'"></iframe>'); $oPage->add('<iframe id="fresh_content" frameborder="0" scrolling="auto" src="'.$sIframeUrl.'"></iframe>');

43
tests/php-unit-tests/unitary-tests/datamodels/2.x/itop-hub-connector/TokenValidationTest.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
declare(strict_types=1);
namespace Combodo\iTop\Test\UnitTest\Module\LaunchTest;
use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
use TokenValidation;
class TokenValidationTest extends ItopDataTestCase
{
/**
* @param string $sSetupToken
*
* @return string
*/
public function createSetupTokenFile(string $sSetupToken): string
{
$sSetupTokenFile = APPROOT.'data/.setup';
file_put_contents($sSetupTokenFile, $sSetupToken);
return $sSetupTokenFile;
}protected function setUp(): void
{
parent::setUp();
$this->RequireOnceItopFile('datamodels/2.x/itop-hub-connector/TokenValidation.php');
}
public function testLaunch()
{
$oTokenValidation = new TokenValidation();
$sSetupToken = bin2hex(random_bytes(12));
$this->assertFalse($oTokenValidation->isSetupTokenValid('lol'));
$this->assertFalse($oTokenValidation->isSetupTokenValid(''));
$this->assertFalse($oTokenValidation->isSetupTokenValid($sSetupToken));
$this->createSetupTokenFile($sSetupToken);
$this->assertFalse($oTokenValidation->isSetupTokenValid('lol'));
$this->createSetupTokenFile($sSetupToken);
$this->assertFalse($oTokenValidation->isSetupTokenValid(''));
$this->createSetupTokenFile($sSetupToken);
$this->assertTrue($oTokenValidation->isSetupTokenValid($sSetupToken));
}
}