From 80fdf360164bf875ed2216f4375380824055b249 Mon Sep 17 00:00:00 2001 From: eldadfux Date: Fri, 29 Nov 2019 20:26:06 +0200 Subject: [PATCH] Added project ID validation --- app/controllers/account.php | 2 ++ app/controllers/auth.php | 2 ++ app/controllers/avatars.php | 2 ++ app/controllers/database.php | 2 ++ app/controllers/locale.php | 2 ++ app/controllers/projects.php | 2 ++ app/controllers/storage.php | 2 ++ app/controllers/teams.php | 2 ++ app/controllers/users.php | 2 ++ app/init.php | 4 ---- app/sdks/dart/.packages | 2 +- tests/e2e/BaseConsole.php | 6 +++++- tests/e2e/ConsoleProjectsTest.php | 4 ++++ tests/e2e/ConsoleTest.php | 4 ++++ tests/e2e/ProjectLocaleTest.php | 4 +++- 15 files changed, 35 insertions(+), 7 deletions(-) diff --git a/app/controllers/account.php b/app/controllers/account.php index d5fbb5c93..d8e3dab35 100644 --- a/app/controllers/account.php +++ b/app/controllers/account.php @@ -13,6 +13,8 @@ use Database\Validator\Authorization; use DeviceDetector\DeviceDetector; use GeoIp2\Database\Reader; +include_once 'shared/api.php'; + $utopia->get('/v1/account') ->desc('Get Account') ->label('scope', 'account') diff --git a/app/controllers/auth.php b/app/controllers/auth.php index c08062640..70a83c5b8 100644 --- a/app/controllers/auth.php +++ b/app/controllers/auth.php @@ -18,6 +18,8 @@ use Database\Validator\UID; use Template\Template; use OpenSSL\OpenSSL; +include_once 'shared/api.php'; + $utopia->post('/v1/auth/register') ->desc('Register') ->label('webhook', 'auth.register') diff --git a/app/controllers/avatars.php b/app/controllers/avatars.php index be5986f89..88d9aab0f 100644 --- a/app/controllers/avatars.php +++ b/app/controllers/avatars.php @@ -15,6 +15,8 @@ use BaconQrCode\Renderer\Image\ImagickImageBackEnd; use BaconQrCode\Renderer\RendererStyle\RendererStyle; use BaconQrCode\Writer; +include_once 'shared/api.php'; + $types = [ 'browsers' => include __DIR__.'/../config/avatars/browsers.php', 'credit-cards' => include __DIR__.'/../config/avatars/credit-cards.php', diff --git a/app/controllers/database.php b/app/controllers/database.php index 2788392a7..2cf404cd7 100644 --- a/app/controllers/database.php +++ b/app/controllers/database.php @@ -19,6 +19,8 @@ use Database\Validator\Authorization; use Database\Exception\Authorization as AuthorizationException; use Database\Exception\Structure as StructureException; +include_once 'shared/api.php'; + $isDev = (App::ENV_TYPE_PRODUCTION !== $utopia->getEnv()); $utopia->get('/v1/database') diff --git a/app/controllers/locale.php b/app/controllers/locale.php index 89516826f..9e67a7404 100644 --- a/app/controllers/locale.php +++ b/app/controllers/locale.php @@ -6,6 +6,8 @@ use Utopia\App; use Utopia\Locale\Locale; use GeoIp2\Database\Reader; +include_once 'shared/api.php'; + $utopia->get('/v1/locale') ->desc('Get User Locale') ->label('scope', 'locale.read') diff --git a/app/controllers/projects.php b/app/controllers/projects.php index b06e602d5..10f07e603 100644 --- a/app/controllers/projects.php +++ b/app/controllers/projects.php @@ -16,6 +16,8 @@ use Database\Validator\UID; use OpenSSL\OpenSSL; use Cron\CronExpression; +include_once 'shared/api.php'; + $scopes = [ // TODO sync with console UI list 'users.read', 'users.write', diff --git a/app/controllers/storage.php b/app/controllers/storage.php index f2ff2b24d..b918e59b1 100644 --- a/app/controllers/storage.php +++ b/app/controllers/storage.php @@ -22,6 +22,8 @@ use Storage\Compression\Algorithms\GZIP; use Resize\Resize; use OpenSSL\OpenSSL; +include_once 'shared/api.php'; + Storage::addDevice('local', new Local('app-'.$project->getUid())); $fileLogos = [ // Based on this list @see http://stackoverflow.com/a/4212908/2299554 diff --git a/app/controllers/teams.php b/app/controllers/teams.php index bdd65995f..21f6942de 100644 --- a/app/controllers/teams.php +++ b/app/controllers/teams.php @@ -18,6 +18,8 @@ use Database\Validator\Authorization; use Template\Template; use Auth\Auth; +include_once 'shared/api.php'; + $utopia->get('/v1/teams') ->desc('List Teams') ->label('scope', 'teams.read') diff --git a/app/controllers/users.php b/app/controllers/users.php index dbb809016..e2aa8fe0e 100644 --- a/app/controllers/users.php +++ b/app/controllers/users.php @@ -16,6 +16,8 @@ use Database\Validator\UID; use DeviceDetector\DeviceDetector; use GeoIp2\Database\Reader; +include_once 'shared/api.php'; + $utopia->get('/v1/users') ->desc('List Users') ->label('scope', 'users.read') diff --git a/app/init.php b/app/init.php index 1fbaa2e4f..8938aeda4 100644 --- a/app/init.php +++ b/app/init.php @@ -212,10 +212,6 @@ Authorization::enable(); $console = $consoleDB->getDocument('console'); -if (is_null($project->getUid()) || Database::SYSTEM_COLLECTION_PROJECTS !== $project->getCollection()) { - $project = $console; -} - $mode = $request->getParam('mode', $request->getHeader('X-Appwrite-Mode', 'default')); Auth::setCookieName('a_session_'.$project->getUid()); diff --git a/app/sdks/dart/.packages b/app/sdks/dart/.packages index 5356dadb4..9e50efec1 100644 --- a/app/sdks/dart/.packages +++ b/app/sdks/dart/.packages @@ -1,4 +1,4 @@ -# Generated by pub on 2019-11-29 09:30:15.272008. +# Generated by pub on 2019-11-29 19:32:31.271463. charcode:file:///Users/eldadfux/.pub-cache/hosted/pub.dartlang.org/charcode-1.1.2/lib/ collection:file:///Users/eldadfux/.pub-cache/hosted/pub.dartlang.org/collection-1.14.12/lib/ cookie_jar:file:///Users/eldadfux/.pub-cache/hosted/pub.dartlang.org/cookie_jar-1.0.1/lib/ diff --git a/tests/e2e/BaseConsole.php b/tests/e2e/BaseConsole.php index dbac168e3..4c8c36cd5 100644 --- a/tests/e2e/BaseConsole.php +++ b/tests/e2e/BaseConsole.php @@ -37,6 +37,7 @@ class BaseConsole extends TestCase $response = $this->client->call(Client::METHOD_POST, '/auth/register', [ 'origin' => 'http://localhost', 'content-type' => 'application/json', + 'x-appwrite-project' => 'console', ], [ 'email' => $this->demoEmail, 'password' => $this->demoPassword, @@ -45,7 +46,7 @@ class BaseConsole extends TestCase 'failure' => 'http://localhost/failure', 'name' => 'Demo User', ]); - + return $response; } @@ -61,6 +62,7 @@ class BaseConsole extends TestCase 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $session, + 'x-appwrite-project' => 'console', ], [ 'name' => 'Demo Project Team', ]); @@ -73,6 +75,7 @@ class BaseConsole extends TestCase 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $session, + 'x-appwrite-project' => 'console', ], [ 'name' => 'Demo Project', 'teamId' => $team['body']['$uid'], @@ -94,6 +97,7 @@ class BaseConsole extends TestCase 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $session, + 'x-appwrite-project' => 'console', ], [ 'name' => 'Demo Project Key', 'scopes' => $scopes, diff --git a/tests/e2e/ConsoleProjectsTest.php b/tests/e2e/ConsoleProjectsTest.php index 2b80d9580..b31c789db 100644 --- a/tests/e2e/ConsoleProjectsTest.php +++ b/tests/e2e/ConsoleProjectsTest.php @@ -31,6 +31,7 @@ class ConsoleProjectsTest extends BaseConsole 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $data['session'], + 'x-appwrite-project' => 'console', ], []); $this->assertEquals(200, $response['headers']['status-code']); @@ -46,6 +47,7 @@ class ConsoleProjectsTest extends BaseConsole 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $data['session'], + 'x-appwrite-project' => 'console', ], [ 'name' => 'Demo Project Team', ]); @@ -58,6 +60,7 @@ class ConsoleProjectsTest extends BaseConsole 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $data['session'], + 'x-appwrite-project' => 'console', ], [ 'name' => 'Demo Project', 'teamId' => $team['body']['$uid'], @@ -89,6 +92,7 @@ class ConsoleProjectsTest extends BaseConsole 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $data['session'], + 'x-appwrite-project' => 'console', ], array_merge($data['project'], [ 'name' => 'New Project Name', 'description' => 'New Demo Project Description', diff --git a/tests/e2e/ConsoleTest.php b/tests/e2e/ConsoleTest.php index 18cfb778b..7b5f7999b 100644 --- a/tests/e2e/ConsoleTest.php +++ b/tests/e2e/ConsoleTest.php @@ -27,6 +27,7 @@ class ConsoleTest extends BaseConsole $response = $this->client->call(Client::METHOD_POST, '/auth/login', [ 'origin' => 'http://localhost', 'content-type' => 'application/json', + 'x-appwrite-project' => 'console', ], [ 'email' => $data['email'], 'password' => $data['password'], @@ -55,6 +56,7 @@ class ConsoleTest extends BaseConsole 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $data['session'], + 'x-appwrite-project' => 'console', ], []); $this->assertEquals('Demo User', $response['body']['name']); @@ -78,6 +80,7 @@ class ConsoleTest extends BaseConsole 'origin' => 'http://localhost', 'content-type' => 'application/json', 'cookie' => 'a_session_console=' . $data['session'], + 'x-appwrite-project' => 'console', ], []); $this->assertEquals(200, $response['headers']['status-code']); @@ -89,6 +92,7 @@ class ConsoleTest extends BaseConsole $response = $this->client->call(Client::METHOD_DELETE, '/auth/logout', [ 'origin' => 'http://localhost', 'content-type' => 'application/json', + 'x-appwrite-project' => 'console', ], []); $this->assertEquals('401', $response['body']['code']); diff --git a/tests/e2e/ProjectLocaleTest.php b/tests/e2e/ProjectLocaleTest.php index afb4fae18..97dd215d9 100644 --- a/tests/e2e/ProjectLocaleTest.php +++ b/tests/e2e/ProjectLocaleTest.php @@ -19,7 +19,6 @@ class ProjectLocaleTest extends BaseProjects $locale = $this->client->call(Client::METHOD_GET, '/locale', [ 'content-type' => 'application/json', 'x-appwrite-project' => $data['projectUid'], - //'x-appwrite-key' => $data['projectAPIKeySecret'], ]); $this->assertArrayHasKey('ip', $locale['body']); @@ -52,6 +51,7 @@ class ProjectLocaleTest extends BaseProjects $countries = $this->client->call(Client::METHOD_GET, '/locale/countries', [ 'content-type' => 'application/json', + 'x-appwrite-project' => $data['projectUid'], 'x-appwrite-locale' => 'es', ]); @@ -82,6 +82,7 @@ class ProjectLocaleTest extends BaseProjects $countries = $this->client->call(Client::METHOD_GET, '/locale/countries/eu', [ 'content-type' => 'application/json', + 'x-appwrite-project' => $data['projectUid'], 'x-appwrite-locale' => 'es', ]); @@ -111,6 +112,7 @@ class ProjectLocaleTest extends BaseProjects // Test locale code change to ES $continents = $this->client->call(Client::METHOD_GET, '/locale/continents', [ 'content-type' => 'application/json', + 'x-appwrite-project' => $data['projectUid'], 'x-appwrite-locale' => 'es', ]);