mirror of
https://github.com/Karaka-Management/phpOMS.git
synced 2026-02-12 06:48:41 +00:00
Fix csrf check and unit tests
This commit is contained in:
parent
95869f70c4
commit
eac63202f7
|
|
@ -14,6 +14,10 @@ declare(strict_types=1);
|
||||||
|
|
||||||
namespace phpOMS\Router;
|
namespace phpOMS\Router;
|
||||||
|
|
||||||
|
use phpOMS\Message\RequestAbstract;
|
||||||
|
use phpOMS\Message\Http\Request;
|
||||||
|
use phpOMS\Uri\Http;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Router class.
|
* Router class.
|
||||||
*
|
*
|
||||||
|
|
@ -95,18 +99,21 @@ final class Router
|
||||||
/**
|
/**
|
||||||
* Route request.
|
* Route request.
|
||||||
*
|
*
|
||||||
* @param string $request Request to route
|
* @param RequestAbstract $request Request to route
|
||||||
* @param int $verb Route verb
|
* @param int $verb Route verb
|
||||||
*
|
*
|
||||||
* @return array[]
|
* @return array[]
|
||||||
*
|
*
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
*/
|
*/
|
||||||
public function route(string $request, int $verb = RouteVerb::GET, string $app = null, int $orgId = null, $account = null) : array
|
public function route(RequestAbstract $request, int $verb = RouteVerb::GET, string $app = null, int $orgId = null, $account = null) : array
|
||||||
{
|
{
|
||||||
$bound = [];
|
$bound = [];
|
||||||
|
$uri = $request->getUri()->getRoute();
|
||||||
|
$csrf = $request->getData('CSRF');
|
||||||
|
|
||||||
foreach ($this->routes as $route => $destination) {
|
foreach ($this->routes as $route => $destination) {
|
||||||
if (!((bool) \preg_match('~^' . $route . '$~', $request))) {
|
if (!((bool) \preg_match('~^' . $route . '$~', $uri))) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -116,8 +123,8 @@ final class Router
|
||||||
|| ($verb & $d['verb']) === $verb
|
|| ($verb & $d['verb']) === $verb
|
||||||
) {
|
) {
|
||||||
// if csrf is required but not set
|
// if csrf is required but not set
|
||||||
if (isset($d['csrf']) && !$d['csrf']) {
|
if (isset($d['csrf']) && $csrf === null) {
|
||||||
\array_merge($bound, $this->route('/' . $app . '/e403', $verb));
|
\array_merge($bound, $this->route(new Request(new Http('/' . $app . '/e403')), $verb));
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
@ -127,7 +134,7 @@ final class Router
|
||||||
|| (isset($d['permission'])
|
|| (isset($d['permission'])
|
||||||
&& !$account->hasPermission($d['permission']['type'], $orgId, $app, $d['permission']['module'], $d['permission']['state']))
|
&& !$account->hasPermission($d['permission']['type'], $orgId, $app, $d['permission']['module'], $d['permission']['state']))
|
||||||
) {
|
) {
|
||||||
\array_merge($bound, $this->route('/' . $app . '/e403', $verb));
|
\array_merge($bound, $this->route(new Request(new Http('/' . $app . '/e403')), $verb));
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,6 @@ class RouterTest extends \PHPUnit\Framework\TestCase
|
||||||
{
|
{
|
||||||
$router = new Router();
|
$router = new Router();
|
||||||
self::assertEmpty($router->route(new Request(new Http('http://test.com'))));
|
self::assertEmpty($router->route(new Request(new Http('http://test.com'))));
|
||||||
self::assertEmpty($router->route('http://test.com'));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetSet() : void
|
public function testGetSet() : void
|
||||||
|
|
@ -49,33 +48,33 @@ class RouterTest extends \PHPUnit\Framework\TestCase
|
||||||
|
|
||||||
self::assertEquals(
|
self::assertEquals(
|
||||||
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
||||||
$router->route('http://test.com/backend/admin/settings/general/something?test')
|
$router->route(new Request(new Http('http://test.com/backend/admin/settings/general/something?test')))
|
||||||
);
|
);
|
||||||
|
|
||||||
self::assertNotEquals(
|
self::assertNotEquals(
|
||||||
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
||||||
$router->route('http://test.com/backend/admin/settings/general/something?test', RouteVerb::PUT)
|
$router->route(new Request(new Http('http://test.com/backend/admin/settings/general/something?test')), RouteVerb::PUT)
|
||||||
);
|
);
|
||||||
|
|
||||||
self::assertNotEquals(
|
self::assertNotEquals(
|
||||||
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
||||||
$router->route('http://test.com/backends/admin/settings/general/something?test')
|
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')))
|
||||||
);
|
);
|
||||||
|
|
||||||
$router->add('^.*/backends/admin/settings/general.*$', 'Controller:test', RouteVerb::GET | RouteVerb::SET);
|
$router->add('^.*/backends/admin/settings/general.*$', 'Controller:test', RouteVerb::GET | RouteVerb::SET);
|
||||||
self::assertEquals(
|
self::assertEquals(
|
||||||
[['dest' => 'Controller:test']],
|
[['dest' => 'Controller:test']],
|
||||||
$router->route('http://test.com/backends/admin/settings/general/something?test', RouteVerb::ANY)
|
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')), RouteVerb::ANY)
|
||||||
);
|
);
|
||||||
|
|
||||||
self::assertEquals(
|
self::assertEquals(
|
||||||
[['dest' => 'Controller:test']],
|
[['dest' => 'Controller:test']],
|
||||||
$router->route('http://test.com/backends/admin/settings/general/something?test', RouteVerb::SET)
|
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')), RouteVerb::SET)
|
||||||
);
|
);
|
||||||
|
|
||||||
self::assertEquals(
|
self::assertEquals(
|
||||||
[['dest' => 'Controller:test']],
|
[['dest' => 'Controller:test']],
|
||||||
$router->route('http://test.com/backends/admin/settings/general/something?test', RouteVerb::GET)
|
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')), RouteVerb::GET)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -101,7 +100,7 @@ class RouterTest extends \PHPUnit\Framework\TestCase
|
||||||
self::assertEquals(
|
self::assertEquals(
|
||||||
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
||||||
$router->route(
|
$router->route(
|
||||||
'http://test.com/backend/admin/settings/general/something?test',
|
new Request(new Http('http://test.com/backend/admin/settings/general/something?test')),
|
||||||
RouteVerb::GET,
|
RouteVerb::GET,
|
||||||
null,
|
null,
|
||||||
null,
|
null,
|
||||||
|
|
@ -150,7 +149,7 @@ class RouterTest extends \PHPUnit\Framework\TestCase
|
||||||
self::assertNotEquals(
|
self::assertNotEquals(
|
||||||
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
|
||||||
$router->route(
|
$router->route(
|
||||||
'http://test.com/backend/admin/settings/general/something?test',
|
new Request(new Http('http://test.com/backend/admin/settings/general/something?test')),
|
||||||
RouteVerb::GET,
|
RouteVerb::GET,
|
||||||
null,
|
null,
|
||||||
null,
|
null,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user