CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-30 09:18:14 +13:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2728 from appwrite/fix-acme-path

Browse source 
Path validator + tests
This commit is contained in:
Eldad A. Fux 2022-02-14 08:12:03 +02:00 committed by GitHub
commit 9780861e25
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 155 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
app/controllers/general.php
View file

@ -19,6 +19,7 @@ use Utopia\Database\Document;
use Utopia\Database\Query;
use Utopia\Database\Validator\Authorization;
use Appwrite\Utopia\Request\Filters\V12;
use Utopia\Validator\Text;
Config::setParam('domainVerification', false);
Config::setParam('cookieDomain', 'localhost');
@ -513,8 +514,25 @@ App::get('/.well-known/acme-challenge')
->inject('request')
->inject('response')
->action(function ($request, $response) {
$uriChunks = \explode('/', $request->getURI());
$token = $uriChunks[\count($uriChunks) - 1];
$validator = new Text(100, [
...Text::NUMBERS,
...Text::ALPHABET_LOWER,
...Text::ALPHABET_UPPER,
'-',
'_'
]);
if (!$validator->isValid($token) || \count($uriChunks) !== 4) {
throw new Exception('Invalid challenge token.', 400);
}
$filePath = '/.well-known/acme-challenge' . $token;
$base = \realpath(APP_STORAGE_CERTIFICATES);
$path = \str_replace('/.well-known/acme-challenge/', '', $request->getURI());
$path = \str_replace('/.well-known/acme-challenge/', '', $filePath);
$absolute = \realpath($base.'/.well-known/acme-challenge/'.$path);
if (!$base) {

190
composer.lock generated
View file

@ -1033,12 +1033,12 @@
}
},
"autoload": {
"psr-4": {
"MongoDB\\": "src/"
},
"files": [
"src/functions.php"
]
],
"psr-4": {
"MongoDB\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
@ -1766,12 +1766,12 @@
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Php80\\": ""
},
"files": [
"bootstrap.php"
],
"psr-4": {
"Symfony\\Polyfill\\Php80\\": ""
},
"classmap": [
"Resources/stubs"
]
@ -2141,16 +2141,16 @@
},
{
"name": "utopia-php/database",
"version": "0.14.0",
"version": "0.14.1",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/database.git",
"reference": "2f2527bb080cf578fba327ea2ec637064561d403"
"reference": "ecc143f2cfe16b23675407035c6b5375ba263285"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/database/zipball/2f2527bb080cf578fba327ea2ec637064561d403",
"reference": "2f2527bb080cf578fba327ea2ec637064561d403",
"url": "https://api.github.com/repos/utopia-php/database/zipball/ecc143f2cfe16b23675407035c6b5375ba263285",
"reference": "ecc143f2cfe16b23675407035c6b5375ba263285",
"shasum": ""
},
"require": {
@ -2198,9 +2198,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/database/issues",
"source": "https://github.com/utopia-php/database/tree/0.14.0"
"source": "https://github.com/utopia-php/database/tree/0.14.1"
},
"time": "2022-01-21T16:34:34+00:00"
"time": "2022-01-25T13:01:20+00:00"
},
{
"name": "utopia-php/domains",
@ -2258,16 +2258,16 @@
},
{
"name": "utopia-php/framework",
"version": "0.19.5",
"version": "0.19.6",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/framework.git",
"reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623"
"reference": "7d9b28365fb794001cb34dd028659452d4e71b7d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/framework/zipball/1c28ba9a5b491cf7c90c535fefee5832c7133623",
"reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623",
"url": "https://api.github.com/repos/utopia-php/framework/zipball/7d9b28365fb794001cb34dd028659452d4e71b7d",
"reference": "7d9b28365fb794001cb34dd028659452d4e71b7d",
"shasum": ""
},
"require": {
@ -2301,9 +2301,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/framework/issues",
"source": "https://github.com/utopia-php/framework/tree/0.19.5"
"source": "https://github.com/utopia-php/framework/tree/0.19.6"
},
"time": "2022-01-04T14:40:23+00:00"
"time": "2022-02-10T17:05:22+00:00"
},
{
"name": "utopia-php/image",
@ -2688,16 +2688,16 @@
},
{
"name": "utopia-php/swoole",
"version": "0.3.2",
"version": "0.3.3",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/swoole.git",
"reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73"
"reference": "8312df69233b5dcd3992de88f131f238002749de"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/swoole/zipball/2b714eddf77cd5eda1889219c9656d7c0a63ce73",
"reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73",
"url": "https://api.github.com/repos/utopia-php/swoole/zipball/8312df69233b5dcd3992de88f131f238002749de",
"reference": "8312df69233b5dcd3992de88f131f238002749de",
"shasum": ""
},
"require": {
@ -2738,9 +2738,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/swoole/issues",
"source": "https://github.com/utopia-php/swoole/tree/0.3.2"
"source": "https://github.com/utopia-php/swoole/tree/0.3.3"
},
"time": "2021-12-13T15:37:41+00:00"
"time": "2022-01-20T09:58:43+00:00"
},
{
"name": "utopia-php/system",
@ -3037,12 +3037,12 @@
}
},
"autoload": {
"psr-4": {
"Amp\\ByteStream\\": "lib"
},
"files": [
"lib/functions.php"
]
],
"psr-4": {
"Amp\\ByteStream\\": "lib"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
@ -3132,23 +3132,23 @@
},
{
"name": "composer/pcre",
"version": "1.0.0",
"version": "1.0.1",
"source": {
"type": "git",
"url": "https://github.com/composer/pcre.git",
"reference": "3d322d715c43a1ac36c7fe215fa59336265500f2"
"reference": "67a32d7d6f9f560b726ab25a061b38ff3a80c560"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/pcre/zipball/3d322d715c43a1ac36c7fe215fa59336265500f2",
"reference": "3d322d715c43a1ac36c7fe215fa59336265500f2",
"url": "https://api.github.com/repos/composer/pcre/zipball/67a32d7d6f9f560b726ab25a061b38ff3a80c560",
"reference": "67a32d7d6f9f560b726ab25a061b38ff3a80c560",
"shasum": ""
},
"require": {
"php": "^5.3.2 || ^7.0 || ^8.0"
},
"require-dev": {
"phpstan/phpstan": "^1",
"phpstan/phpstan": "^1.3",
"phpstan/phpstan-strict-rules": "^1.1",
"symfony/phpunit-bridge": "^4.2 || ^5"
},
@ -3183,7 +3183,7 @@
],
"support": {
"issues": "https://github.com/composer/pcre/issues",
"source": "https://github.com/composer/pcre/tree/1.0.0"
"source": "https://github.com/composer/pcre/tree/1.0.1"
},
"funding": [
{
@ -3199,27 +3199,27 @@
"type": "tidelift"
}
],
"time": "2021-12-06T15:17:27+00:00"
"time": "2022-01-21T20:24:37+00:00"
},
{
"name": "composer/semver",
"version": "3.2.7",
"version": "3.2.9",
"source": {
"type": "git",
"url": "https://github.com/composer/semver.git",
"reference": "deac27056b57e46faf136fae7b449eeaa71661ee"
"reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/semver/zipball/deac27056b57e46faf136fae7b449eeaa71661ee",
"reference": "deac27056b57e46faf136fae7b449eeaa71661ee",
"url": "https://api.github.com/repos/composer/semver/zipball/a951f614bd64dcd26137bc9b7b2637ddcfc57649",
"reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649",
"shasum": ""
},
"require": {
"php": "^5.3.2 || ^7.0 || ^8.0"
},
"require-dev": {
"phpstan/phpstan": "^0.12.54",
"phpstan/phpstan": "^1.4",
"symfony/phpunit-bridge": "^4.2 || ^5"
},
"type": "library",
@ -3264,7 +3264,7 @@
"support": {
"irc": "irc://irc.freenode.org/composer",
"issues": "https://github.com/composer/semver/issues",
"source": "https://github.com/composer/semver/tree/3.2.7"
"source": "https://github.com/composer/semver/tree/3.2.9"
},
"funding": [
{
@ -3280,7 +3280,7 @@
"type": "tidelift"
}
],
"time": "2022-01-04T09:57:54+00:00"
"time": "2022-02-04T13:58:43+00:00"
},
{
"name": "composer/xdebug-handler",
@ -3710,12 +3710,12 @@
},
"type": "library",
"autoload": {
"psr-4": {
"DeepCopy\\": "src/DeepCopy/"
},
"files": [
"src/DeepCopy/deep_copy.php"
]
],
"psr-4": {
"DeepCopy\\": "src/DeepCopy/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
@ -3963,16 +3963,16 @@
},
{
"name": "phar-io/version",
"version": "3.1.0",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/phar-io/version.git",
"reference": "bae7c545bef187884426f042434e561ab1ddb182"
"reference": "15a90844ad40f127afd244c0cad228de2a80052a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phar-io/version/zipball/bae7c545bef187884426f042434e561ab1ddb182",
"reference": "bae7c545bef187884426f042434e561ab1ddb182",
"url": "https://api.github.com/repos/phar-io/version/zipball/15a90844ad40f127afd244c0cad228de2a80052a",
"reference": "15a90844ad40f127afd244c0cad228de2a80052a",
"shasum": ""
},
"require": {
@ -4008,9 +4008,9 @@
"description": "Library for handling version information and constraints",
"support": {
"issues": "https://github.com/phar-io/version/issues",
"source": "https://github.com/phar-io/version/tree/3.1.0"
"source": "https://github.com/phar-io/version/tree/3.1.1"
},
"time": "2021-02-23T14:00:09+00:00"
"time": "2022-02-07T21:56:48+00:00"
},
{
"name": "phpdocumentor/reflection-common",
@ -4619,11 +4619,11 @@
}
},
"autoload": {
"classmap": [
"src/"
],
"files": [
"src/Framework/Assert/Functions.php"
],
"classmap": [
"src/"
]
},
"notification-url": "https://packagist.org/downloads/",
@ -5219,16 +5219,16 @@
},
{
"name": "sebastian/global-state",
"version": "5.0.3",
"version": "5.0.4",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/global-state.git",
"reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49"
"reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/23bd5951f7ff26f12d4e3242864df3e08dec4e49",
"reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49",
"url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/19c519631c5a511b7ed0ad64a6713fdb3fd25fe4",
"reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4",
"shasum": ""
},
"require": {
@ -5271,7 +5271,7 @@
],
"support": {
"issues": "https://github.com/sebastianbergmann/global-state/issues",
"source": "https://github.com/sebastianbergmann/global-state/tree/5.0.3"
"source": "https://github.com/sebastianbergmann/global-state/tree/5.0.4"
},
"funding": [
{
@ -5279,7 +5279,7 @@
"type": "github"
}
],
"time": "2021-06-11T13:31:12+00:00"
"time": "2022-02-10T07:01:19+00:00"
},
{
"name": "sebastian/lines-of-code",
@ -5721,16 +5721,16 @@
},
{
"name": "symfony/console",
"version": "v6.0.2",
"version": "v6.0.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
"reference": "dd434fa8d69325e5d210f63070014d889511fcb3"
"reference": "22e8efd019c3270c4f79376234a3f8752cd25490"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/dd434fa8d69325e5d210f63070014d889511fcb3",
"reference": "dd434fa8d69325e5d210f63070014d889511fcb3",
"url": "https://api.github.com/repos/symfony/console/zipball/22e8efd019c3270c4f79376234a3f8752cd25490",
"reference": "22e8efd019c3270c4f79376234a3f8752cd25490",
"shasum": ""
},
"require": {
@ -5796,7 +5796,7 @@
"terminal"
],
"support": {
"source": "https://github.com/symfony/console/tree/v6.0.2"
"source": "https://github.com/symfony/console/tree/v6.0.3"
},
"funding": [
{
@ -5812,7 +5812,7 @@
"type": "tidelift"
}
],
"time": "2021-12-27T21:05:08+00:00"
"time": "2022-01-26T17:23:29+00:00"
},
{
"name": "symfony/polyfill-intl-grapheme",
@ -5845,12 +5845,12 @@
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Intl\\Grapheme\\": ""
},
"files": [
"bootstrap.php"
]
],
"psr-4": {
"Symfony\\Polyfill\\Intl\\Grapheme\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
@ -5926,12 +5926,12 @@
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Intl\\Normalizer\\": ""
},
"files": [
"bootstrap.php"
],
"psr-4": {
"Symfony\\Polyfill\\Intl\\Normalizer\\": ""
},
"classmap": [
"Resources/stubs"
]
@ -6090,12 +6090,12 @@
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Php72\\": ""
},
"files": [
"bootstrap.php"
]
],
"psr-4": {
"Symfony\\Polyfill\\Php72\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
@ -6222,16 +6222,16 @@
},
{
"name": "symfony/string",
"version": "v6.0.2",
"version": "v6.0.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/string.git",
"reference": "bae261d0c3ac38a1f802b4dfed42094296100631"
"reference": "522144f0c4c004c80d56fa47e40e17028e2eefc2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/string/zipball/bae261d0c3ac38a1f802b4dfed42094296100631",
"reference": "bae261d0c3ac38a1f802b4dfed42094296100631",
"url": "https://api.github.com/repos/symfony/string/zipball/522144f0c4c004c80d56fa47e40e17028e2eefc2",
"reference": "522144f0c4c004c80d56fa47e40e17028e2eefc2",
"shasum": ""
},
"require": {
@ -6287,7 +6287,7 @@
"utf8"
],
"support": {
"source": "https://github.com/symfony/string/tree/v6.0.2"
"source": "https://github.com/symfony/string/tree/v6.0.3"
},
"funding": [
{
@ -6303,7 +6303,7 @@
"type": "tidelift"
}
],
"time": "2021-12-16T22:13:01+00:00"
"time": "2022-01-02T09:55:41+00:00"
},
{
"name": "textalk/websocket",
@ -6406,16 +6406,16 @@
},
{
"name": "twig/twig",
"version": "v2.14.10",
"version": "v2.14.11",
"source": {
"type": "git",
"url": "https://github.com/twigphp/Twig.git",
"reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba"
"reference": "66baa66f29ee30e487e05f1679903e36eb01d727"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/twigphp/Twig/zipball/95fb194cd4dd6ac373a27af2bde2bad5d3f27aba",
"reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba",
"url": "https://api.github.com/repos/twigphp/Twig/zipball/66baa66f29ee30e487e05f1679903e36eb01d727",
"reference": "66baa66f29ee30e487e05f1679903e36eb01d727",
"shasum": ""
},
"require": {
@ -6470,7 +6470,7 @@
],
"support": {
"issues": "https://github.com/twigphp/Twig/issues",
"source": "https://github.com/twigphp/Twig/tree/v2.14.10"
"source": "https://github.com/twigphp/Twig/tree/v2.14.11"
},
"funding": [
{
@ -6482,7 +6482,7 @@
"type": "tidelift"
}
],
"time": "2022-01-03T21:13:26+00:00"
"time": "2022-02-04T06:57:25+00:00"
},
{
"name": "vimeo/psalm",
@ -6561,13 +6561,13 @@
}
},
"autoload": {
"psr-4": {
"Psalm\\": "src/Psalm/"
},
"files": [
"src/functions.php",
"src/spl_object_id.php"
]
],
"psr-4": {
"Psalm\\": "src/Psalm/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [

15
tests/e2e/Client.php
View file

@ -119,16 +119,24 @@ class Client
}
/**
* @param mixed $endpoint
* @param string $endpoint
* @return self $this
*/
public function setEndpoint($endpoint): self
public function setEndpoint(string $endpoint): self
{
$this->endpoint = $endpoint;
return $this;
}
/**
* @return string
*/
public function getEndpoint(): string
{
return $this->endpoint;
}
/**
* @param string $key
* @param string $value
@ -183,12 +191,13 @@ class Client
unset($headers[$i]);
}
curl_setopt($ch, CURLOPT_PATH_AS_IS, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, function ($curl, $header) use (&$responseHeaders) {
$len = strlen($header);

29
tests/e2e/General/HTTPTest.php
View file

@ -94,6 +94,35 @@ class HTTPTest extends Scope
$this->assertStringContainsString('# robotstxt.org/', $response['body']);
}
public function testAcmeChallenge()
{
// Preparation
$previousEndpoint = $this->client->getEndpoint();
$this->client->setEndpoint("http://localhost");
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIg', \array_merge([
'origin' => 'http://localhost',
]), []);
$this->assertEquals(404, $response['headers']['status-code']);
// 'Unknown path', but validation passed
/**
* Test for FAILURE
*/
$response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/../../../../../../../etc/passwd', \array_merge([
'origin' => 'http://localhost',
]), []);
$this->assertEquals(400, $response['headers']['status-code']);
// Cleanup
$this->client->setEndpoint($previousEndpoint);
}
// public function testSpecSwagger2()
// {
// $response = $this->client->call(Client::METHOD_GET, '/specs/swagger2?platform=client', [