Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-03 07:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [FIX] Prevent login process when user/password are not provided.

Browse Source 
* [FIX] Use null when clientId or categoryId are not set when searching account.
* [FIX] Minor fixes.

Signed-off-by: Rubén D <nuxsmin@syspass.org>
This commit is contained in:
Rubén D
2021-10-17 22:56:21 +02:00
parent ebe58282f6
commit 6f2f1ec5e2
14 changed files with 262 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
app/modules/web/Controllers/Helpers/Account/AccountActionsDto.php
View File

@@ -37,13 +37,6 @@ final class AccountActionsDto
private ?int $publicLinkId = null;
private ?int $publicLinkCreatorId = null;
/**
* AccountActionsDto constructor.
*
* @param int|null $accountId
* @param int|null $accountHistoryId
* @param int|null $accountParentId
*/
public function __construct(
?int $accountId,
?int $accountHistoryId = null,
@@ -54,73 +47,46 @@ final class AccountActionsDto
$this->accountParentId = $accountParentId;
}
/**
* @return int|null
*/
public function getAccountId(): ?int
{
return $this->accountId;
}
/**
* @return int|null
*/
public function getAccountHistoryId(): ?int
{
return $this->accountHistoryId;
}
/**
* @return int|null
*/
public function getAccountParentId(): ?int
{
return $this->accountParentId;
}
/**
* @return bool
*/
public function isHistory(): bool
{
return $this->accountHistoryId !== null && $this->accountHistoryId > 0;
}
/**
* @return bool
*/
public function isLinked(): bool
{
return $this->accountParentId !== null && $this->accountParentId > 0;
}
/**
* @return int
*/
public function getPublicLinkId(): int
public function getPublicLinkId(): ?int
{
return $this->publicLinkId;
}
/**
* @param int $publicLinkId
*/
public function setPublicLinkId(int $publicLinkId): void
{
$this->publicLinkId = $publicLinkId;
}
/**
* @return int|null
*/
public function getPublicLinkCreatorId(): ?int
{
return $this->publicLinkCreatorId;
}
/**
* @param int $publicLinkCreatorId
*/
public function setPublicLinkCreatorId(int $publicLinkCreatorId): void
{
$this->publicLinkCreatorId = $publicLinkCreatorId;

6
app/modules/web/Controllers/Helpers/Account/AccountSearchHelper.php
View File

@@ -207,7 +207,7 @@ final class AccountSearchHelper extends HelperBase
$dataGrid = new DataGrid($this->view->getTheme());
$dataGrid->setId('gridSearch');
$dataGrid->setDataHeaderTemplate('search-header');
$dataGrid->setDataHeaderTemplate('account/search-header');
$dataGrid->setDataRowTemplate(
'search-rows',
$this->view->getBase()
@@ -386,8 +386,8 @@ final class AccountSearchHelper extends HelperBase
$accountSearchFilter->setLimitStart($this->request->analyzeInt('start', 0));
$accountSearchFilter->setLimitCount($this->request->analyzeInt('rpp', $limitCount));
$accountSearchFilter->setGlobalSearch($this->request->analyzeBool('gsearch', false));
$accountSearchFilter->setClientId($this->request->analyzeInt('client', 0));
$accountSearchFilter->setCategoryId($this->request->analyzeInt('category', 0));
$accountSearchFilter->setClientId($this->request->analyzeInt('client'));
$accountSearchFilter->setCategoryId($this->request->analyzeInt('category'));
$accountSearchFilter->setTagsId($this->request->analyzeArray('tags', null, []));
$accountSearchFilter->setSearchFavorites($this->request->analyzeBool('searchfav', false));
$accountSearchFilter->setTxtSearch($this->request->analyzeString('search'));

2
app/modules/web/themes/material-blue/views/grid/datagrid-rows.inc
View File

@@ -34,7 +34,7 @@ if (!isset($data)) {
$value = $rowSrc['filter']($value);
endif;
if ($value !== ''):
if (!empty($value)):
if ($rowSrc['truncate'] === true):
$value = Html::truncate($value, 150 / $numFields);
endif;

8
composer.json
View File

@@ -42,11 +42,12 @@
"ext-mbstring": "*",
"league/fractal": "^0.19.2",
"symfony/console": "^v5.1.2",
"symfony/lock": "^v5.0"
"symfony/lock": "^v5.0",
"ocramius/proxy-manager": "~2.0"
},
"require-dev": {
"phpunit/phpunit": "^9",
"fzaninotto/faker": "^v1.8",
"fzaninotto/faker": "1.9.x-dev",
"fabpot/goutte": "^v3.2",
"nikic/php-parser": "^v4.1"
},
@@ -66,6 +67,7 @@
}
},
"config": {
"classmap-authoritative": false
"classmap-authoritative": false,
"platform-check": false
}
}

271
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "76501720109bd95fc02587f2d4dac0ce",
"content-hash": "22630a369f7370167b71f9122705982e",
"packages": [
{
"name": "ademarre/binary-to-text-php",
@@ -1243,6 +1243,73 @@
},
"time": "2017-02-01T23:08:58+00:00"
},
{
"name": "laminas/laminas-code",
"version": "4.4.3",
"source": {
"type": "git",
"url": "https://github.com/laminas/laminas-code.git",
"reference": "bb324850d09dd437b6acb142c13e64fdc725b0e1"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laminas/laminas-code/zipball/bb324850d09dd437b6acb142c13e64fdc725b0e1",
"reference": "bb324850d09dd437b6acb142c13e64fdc725b0e1",
"shasum": ""
},
"require": {
"php": "^7.4 || ~8.0.0"
},
"conflict": {
"phpspec/prophecy": "<1.9.0"
},
"require-dev": {
"doctrine/annotations": "^1.10.4",
"ext-phar": "*",
"laminas/laminas-coding-standard": "^2.1.4",
"laminas/laminas-stdlib": "^3.3.0",
"phpunit/phpunit": "^9.4.2",
"psalm/plugin-phpunit": "^0.14.0",
"vimeo/psalm": "^4.3.1"
},
"suggest": {
"doctrine/annotations": "Doctrine\\Common\\Annotations >=1.0 for annotation features",
"laminas/laminas-stdlib": "Laminas\\Stdlib component",
"laminas/laminas-zendframework-bridge": "A bridge with Zend Framework"
},
"type": "library",
"autoload": {
"psr-4": {
"Laminas\\Code\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"description": "Extensions to the PHP Reflection API, static code scanning, and code generation",
"homepage": "https://laminas.dev",
"keywords": [
"code",
"laminas",
"laminasframework"
],
"support": {
"chat": "https://laminas.dev/chat",
"docs": "https://docs.laminas.dev/laminas-code/",
"forum": "https://discourse.laminas.dev",
"issues": "https://github.com/laminas/laminas-code/issues",
"rss": "https://github.com/laminas/laminas-code/releases.atom",
"source": "https://github.com/laminas/laminas-code"
},
"funding": [
{
"url": "https://funding.communitybridge.org/projects/laminas-project",
"type": "community_bridge"
}
],
"time": "2021-09-21T13:40:23+00:00"
},
{
"name": "league/fractal",
"version": "0.19.2",
@@ -1397,6 +1464,97 @@
],
"time": "2021-05-28T08:32:12+00:00"
},
{
"name": "ocramius/proxy-manager",
"version": "2.13.0",
"source": {
"type": "git",
"url": "https://github.com/Ocramius/ProxyManager.git",
"reference": "21e2b4aa7d7661e7641cc6362fc8635ddcfa8464"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Ocramius/ProxyManager/zipball/21e2b4aa7d7661e7641cc6362fc8635ddcfa8464",
"reference": "21e2b4aa7d7661e7641cc6362fc8635ddcfa8464",
"shasum": ""
},
"require": {
"composer-runtime-api": "^2.1.0",
"laminas/laminas-code": "^4.3.0",
"php": "~7.4.1 || ~8.0.0",
"webimpress/safe-writer": "^2.2.0"
},
"conflict": {
"doctrine/annotations": "<1.6.1",
"laminas/laminas-stdlib": "<3.2.1",
"thecodingmachine/safe": "<1.3.3",
"zendframework/zend-stdlib": "<3.2.1"
},
"require-dev": {
"codelicia/xulieta": "^0.1.6",
"doctrine/coding-standard": "^8.2.1",
"ext-phar": "*",
"infection/infection": "^0.21.5",
"nikic/php-parser": "^4.10.5",
"phpbench/phpbench": "^0.17.1 || 1.0.0-alpha2",
"phpunit/phpunit": "^9.5.4",
"slevomat/coding-standard": "^6.3.10",
"squizlabs/php_codesniffer": "^3.6.0",
"vimeo/psalm": "^4.4.1"
},
"suggest": {
"laminas/laminas-json": "To have the JsonRpc adapter (Remote Object feature)",
"laminas/laminas-soap": "To have the Soap adapter (Remote Object feature)",
"laminas/laminas-xmlrpc": "To have the XmlRpc adapter (Remote Object feature)",
"ocramius/generated-hydrator": "To have very fast object to array to object conversion for ghost objects"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.0.x-dev"
}
},
"autoload": {
"psr-4": {
"ProxyManager\\": "src/ProxyManager"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Marco Pivetta",
"email": "ocramius@gmail.com",
"homepage": "http://ocramius.github.io/"
}
],
"description": "A library providing utilities to generate, instantiate and generally operate with Object Proxies",
"homepage": "https://github.com/Ocramius/ProxyManager",
"keywords": [
"aop",
"lazy loading",
"proxy",
"proxy pattern",
"service proxies"
],
"support": {
"issues": "https://github.com/Ocramius/ProxyManager/issues",
"source": "https://github.com/Ocramius/ProxyManager/tree/2.13.0"
},
"funding": [
{
"url": "https://github.com/Ocramius",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/ocramius/proxy-manager",
"type": "tidelift"
}
],
"time": "2021-06-09T10:16:06+00:00"
},
{
"name": "opis/closure",
"version": "3.6.2",
@@ -1943,20 +2101,20 @@
},
{
"name": "psr/cache",
"version": "1.0.1",
"version": "3.0.0",
"source": {
"type": "git",
"url": "https://github.com/php-fig/cache.git",
"reference": "d11b50ad223250cf17b86e38383413f5a6764bf8"
"reference": "aa5030cfa5405eccfdcb1083ce040c2cb8d253bf"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/cache/zipball/d11b50ad223250cf17b86e38383413f5a6764bf8",
"reference": "d11b50ad223250cf17b86e38383413f5a6764bf8",
"url": "https://api.github.com/repos/php-fig/cache/zipball/aa5030cfa5405eccfdcb1083ce040c2cb8d253bf",
"reference": "aa5030cfa5405eccfdcb1083ce040c2cb8d253bf",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
"php": ">=8.0.0"
},
"type": "library",
"extra": {
@@ -1976,7 +2134,7 @@
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
"homepage": "https://www.php-fig.org/"
}
],
"description": "Common interface for caching libraries",
@@ -1986,9 +2144,9 @@
"psr-6"
],
"support": {
"source": "https://github.com/php-fig/cache/tree/master"
"source": "https://github.com/php-fig/cache/tree/3.0.0"
},
"time": "2016-08-06T20:24:11+00:00"
"time": "2021-02-03T23:26:27+00:00"
},
{
"name": "psr/container",
@@ -3790,62 +3948,68 @@
}
],
"time": "2021-10-02T19:17:08+00:00"
}
],
"packages-dev": [
},
{
"name": "dg/bypass-finals",
"version": "v1.3.1",
"name": "webimpress/safe-writer",
"version": "2.2.0",
"source": {
"type": "git",
"url": "https://github.com/dg/bypass-finals.git",
"reference": "495f5bc762e7bf30a13ed8253f44bb3a701767bb"
"url": "https://github.com/webimpress/safe-writer.git",
"reference": "9d37cc8bee20f7cb2f58f6e23e05097eab5072e6"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dg/bypass-finals/zipball/495f5bc762e7bf30a13ed8253f44bb3a701767bb",
"reference": "495f5bc762e7bf30a13ed8253f44bb3a701767bb",
"url": "https://api.github.com/repos/webimpress/safe-writer/zipball/9d37cc8bee20f7cb2f58f6e23e05097eab5072e6",
"reference": "9d37cc8bee20f7cb2f58f6e23e05097eab5072e6",
"shasum": ""
},
"require": {
"php": ">=7.1"
"php": "^7.3 || ^8.0"
},
"require-dev": {
"nette/tester": "^2.3",
"phpstan/phpstan": "^0.12"
"phpunit/phpunit": "^9.5.4",
"vimeo/psalm": "^4.7",
"webimpress/coding-standard": "^1.2.2"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.2.x-dev",
"dev-develop": "2.3.x-dev",
"dev-release-1.0": "1.0.x-dev"
}
},
"autoload": {
"classmap": [
"src/"
]
"psr-4": {
"Webimpress\\SafeWriter\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause",
"GPL-2.0",
"GPL-3.0"
"BSD-2-Clause"
],
"authors": [
{
"name": "David Grudl",
"homepage": "https://davidgrudl.com"
}
],
"description": "Removes final keyword from source code on-the-fly and allows mocking of final methods and classes",
"description": "Tool to write files safely, to avoid race conditions",
"keywords": [
"finals",
"mocking",
"phpunit",
"testing",
"unit"
"concurrent write",
"file writer",
"race condition",
"safe writer",
"webimpress"
],
"support": {
"issues": "https://github.com/dg/bypass-finals/issues",
"source": "https://github.com/dg/bypass-finals/tree/v1.3.1"
"issues": "https://github.com/webimpress/safe-writer/issues",
"source": "https://github.com/webimpress/safe-writer/tree/2.2.0"
},
"time": "2021-04-09T10:42:55+00:00"
},
"funding": [
{
"url": "https://github.com/michalbundyra",
"type": "github"
}
],
"time": "2021-04-19T16:34:45+00:00"
}
],
"packages-dev": [
{
"name": "doctrine/instantiator",
"version": "1.4.0",
@@ -3976,26 +4140,27 @@
},
{
"name": "fzaninotto/faker",
"version": "v1.9.2",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://github.com/fzaninotto/Faker.git",
"reference": "848d8125239d7dbf8ab25cb7f054f1a630e68c2e"
"reference": "5ffe7db6c80f441f150fc88008d64e64af66634b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/fzaninotto/Faker/zipball/848d8125239d7dbf8ab25cb7f054f1a630e68c2e",
"reference": "848d8125239d7dbf8ab25cb7f054f1a630e68c2e",
"url": "https://api.github.com/repos/fzaninotto/Faker/zipball/5ffe7db6c80f441f150fc88008d64e64af66634b",
"reference": "5ffe7db6c80f441f150fc88008d64e64af66634b",
"shasum": ""
},
"require": {
"php": "^5.3.3 || ^7.0"
"php": "^5.3.3 || ^7.0 || ^8.0"
},
"require-dev": {
"ext-intl": "*",
"phpunit/phpunit": "^4.8.35 || ^5.7",
"squizlabs/php_codesniffer": "^2.9.2"
},
"default-branch": true,
"type": "library",
"extra": {
"branch-alias": {
@@ -4024,10 +4189,10 @@
],
"support": {
"issues": "https://github.com/fzaninotto/Faker/issues",
"source": "https://github.com/fzaninotto/Faker/tree/v1.9.2"
"source": "https://github.com/fzaninotto/Faker/tree/master"
},
"abandoned": true,
"time": "2020-12-11T09:56:16+00:00"
"time": "2020-12-11T09:59:14+00:00"
},
{
"name": "myclabs/deep-copy",
@@ -5754,6 +5919,7 @@
"type": "github"
}
],
"abandoned": true,
"time": "2020-09-28T06:45:17+00:00"
},
{
@@ -6191,7 +6357,8 @@
"minimum-stability": "stable",
"stability-flags": {
"roave/security-advisories": 20,
"ademarre/binary-to-text-php": 20
"ademarre/binary-to-text-php": 20,
"fzaninotto/faker": 20
},
"prefer-stable": false,
"prefer-lowest": false,
@@ -6208,5 +6375,5 @@
"ext-mbstring": "*"
},
"platform-dev": [],
"plugin-api-version": "2.0.0"
"plugin-api-version": "2.1.0"
}

4
lib/Definitions.php
View File

@@ -37,6 +37,7 @@ use SP\Core\UI\Theme;
use SP\Core\UI\ThemeInterface;
use SP\Http\Client;
use SP\Http\Request;
use SP\Providers\Auth\AuthProvider;
use SP\Services\Account\AccountAclService;
use SP\Storage\Database\DatabaseConnectionData;
use SP\Storage\Database\DBStorageInterface;
@@ -95,5 +96,6 @@ return [
AccountAclService::class => autowire(AccountAclService::class),
\GuzzleHttp\Client::class => create(GuzzleHttp\Client::class)
->constructor(factory([Client::class, 'getOptions'])),
CSRF::class => autowire(CSRF::class)
CSRF::class => autowire(CSRF::class),
AuthProvider::class => autowire(AuthProvider::class)->lazy()
];

1
lib/SP/Bootstrap.php
View File

@@ -232,7 +232,6 @@ final class Bootstrap
* @throws \SP\Core\Exceptions\ConfigException
* @throws \SP\Core\Exceptions\InitializationException
* @throws \SP\Services\Upgrade\UpgradeException
* @throws \SP\Storage\File\FileException
*/
protected function initializeCommon(): void
{

5
lib/SP/Html/DataGrid/DataGridBase.php
View File

@@ -290,7 +290,10 @@ abstract class DataGridBase implements DataGridInterface
*/
protected function checkTemplate(string $template, ?string $base = null): string
{
$template = null === $base ? $template . '.inc' : $base . DIRECTORY_SEPARATOR . $template . '.inc';
$template = null === $base
? $template . '.inc'
: $base . DIRECTORY_SEPARATOR . $template . '.inc';
$file = $this->theme->getViewsPath() . DIRECTORY_SEPARATOR . $template;
if (!is_readable($file)) {

4
lib/SP/Html/DataGrid/Layout/DataGridHeaderSort.php
View File

@@ -50,7 +50,7 @@ final class DataGridHeaderSort extends DataGridHeaderBase
/**
* @return DataGridSortInterface[]|null
*/
public function getSortFields(): ?array
public function getSortFields(): ?object
{
return $this->sortFields;
}
@@ -58,7 +58,7 @@ final class DataGridHeaderSort extends DataGridHeaderBase
/**
* @return DataGridActionInterface[]|null
*/
public function getActions(): ?array
public function getActions(): ?object
{
return $this->actions;
}

2
lib/SP/Providers/Auth/AuthProvider.php
View File

@@ -45,7 +45,7 @@ defined('APP_ROOT') || die();
*
* @package SP\Providers\Auth
*/
final class AuthProvider extends Provider
class AuthProvider extends Provider
{
/**
* @var callable[]

23
lib/SP/Services/Auth/LoginService.php
View File

@@ -81,6 +81,7 @@ final class LoginService extends Service
private const STATUS_PASS = 0;
private const STATUS_NONE = 100;
private ?AuthProvider $authProvider = null;
private ?UserLoginData $userLoginData = null;
private ?ConfigDataInterface $configData = null;
private ?ThemeInterface $theme = null;
@@ -110,8 +111,22 @@ final class LoginService extends Service
*/
public function doLogin(): LoginResponse
{
$this->userLoginData->setLoginUser($this->request->analyzeString('user'));
$this->userLoginData->setLoginPass($this->request->analyzeEncrypted('pass'));
$user = $this->request->analyzeString('user');
$pass = $this->request->analyzeEncrypted('pass');
if (empty($user) || empty($pass)) {
$this->addTracking();
throw new AuthException(
__u('Wrong login'),
SPException::INFO,
__FUNCTION__,
self::STATUS_INVALID_LOGIN
);
}
$this->userLoginData->setLoginUser($user);
$this->userLoginData->setLoginPass($pass);
if ($this->trackService->checkTracking($this->trackRequest)) {
$this->addTracking();
@@ -124,8 +139,7 @@ final class LoginService extends Service
);
}
$result = $this->dic->get(AuthProvider::class)
->doAuth($this->userLoginData);
$result = $this->authProvider->doAuth($this->userLoginData);
if ($result !== false) {
// Ejecutar la acción asociada al tipo de autentificación
@@ -451,6 +465,7 @@ final class LoginService extends Service
$this->request = $this->dic->get(Request::class);
$this->userLoginData = new UserLoginData();
$this->trackRequest = $this->trackService->getTrackRequest(__CLASS__);
$this->authProvider = $this->dic->get(AuthProvider::class);
}
/**

2
lib/SP/Util/Checks.php
View File

@@ -45,6 +45,6 @@ final class Checks
public static function checkPhpVersion(): bool
{
return PHP_VERSION_ID >= 70400
&& PHP_VERSION_ID <= 80000;
&& PHP_VERSION_ID < 81000;
}
}

3
tests/SP/Modules/Api/ApiTestCase.php
View File

@@ -160,7 +160,8 @@ abstract class ApiTestCase extends TestCase
->setDbHost($databaseConnectionData->getDbHost())
->setDbName($databaseConnectionData->getDbName())
->setDbUser($databaseConnectionData->getDbUser())
->setDbPass($databaseConnectionData->getDbPass());
->setDbPass($databaseConnectionData->getDbPass())
->setInstalled(true);
// Update ConfigData instance
$config->updateConfig($configData);

2
tests/SP/Util/UtilTest.php
View File

@@ -67,7 +67,7 @@ class UtilTest extends TestCase
{
$upload = ini_set('upload_max_filesize', '30M');
$post = ini_set('post_max_size', '10M');
$memory = ini_set('memory_limit', 15728640);
$memory = ini_set('memory_limit', 52428800);
if ($upload !== false
&& $post !== false