Fix not hiding tokens for clients via realtime
This commit is contained in:
Jake Barnby
parent
7316a2da0a
commit
d5d45c5076
1 changed files with 28 additions and 50 deletions
|
|
@ -1845,6 +1845,9 @@ App::post('/v1/account/tokens/magic-url')
|
||||||
'team' => '',
|
'team' => '',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// Hide secret for clients
|
||||||
|
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $tokenSecret : '');
|
||||||
|
|
||||||
$queueForMails
|
$queueForMails
|
||||||
->setSubject($subject)
|
->setSubject($subject)
|
||||||
->setBody($body)
|
->setBody($body)
|
||||||
|
|
@ -1853,23 +1856,16 @@ App::post('/v1/account/tokens/magic-url')
|
||||||
->trigger();
|
->trigger();
|
||||||
|
|
||||||
$queueForEvents->setPayload(
|
$queueForEvents->setPayload(
|
||||||
$response->output(
|
$response->output($token, Response::MODEL_TOKEN)
|
||||||
$token->setAttribute('secret', $tokenSecret),
|
|
||||||
Response::MODEL_TOKEN
|
|
||||||
)
|
|
||||||
);
|
);
|
||||||
|
|
||||||
// Hide secret for clients
|
|
||||||
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $tokenSecret : '');
|
|
||||||
|
|
||||||
if (!empty($phrase)) {
|
if (!empty($phrase)) {
|
||||||
$token->setAttribute('phrase', $phrase);
|
$token->setAttribute('phrase', $phrase);
|
||||||
}
|
}
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
->dynamic($token, Response::MODEL_TOKEN)
|
->dynamic($token, Response::MODEL_TOKEN);
|
||||||
;
|
|
||||||
});
|
});
|
||||||
|
|
||||||
App::post('/v1/account/tokens/email')
|
App::post('/v1/account/tokens/email')
|
||||||
|
|
@ -2074,6 +2070,9 @@ App::post('/v1/account/tokens/email')
|
||||||
'team' => '',
|
'team' => '',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// Hide secret for clients
|
||||||
|
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $tokenSecret : '');
|
||||||
|
|
||||||
$queueForMails
|
$queueForMails
|
||||||
->setSubject($subject)
|
->setSubject($subject)
|
||||||
->setBody($body)
|
->setBody($body)
|
||||||
|
|
@ -2082,23 +2081,16 @@ App::post('/v1/account/tokens/email')
|
||||||
->trigger();
|
->trigger();
|
||||||
|
|
||||||
$queueForEvents->setPayload(
|
$queueForEvents->setPayload(
|
||||||
$response->output(
|
$response->output($token, Response::MODEL_TOKEN)
|
||||||
$token->setAttribute('secret', $tokenSecret),
|
|
||||||
Response::MODEL_TOKEN
|
|
||||||
)
|
|
||||||
);
|
);
|
||||||
|
|
||||||
// Hide secret for clients
|
|
||||||
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $tokenSecret : '');
|
|
||||||
|
|
||||||
if (!empty($phrase)) {
|
if (!empty($phrase)) {
|
||||||
$token->setAttribute('phrase', $phrase);
|
$token->setAttribute('phrase', $phrase);
|
||||||
}
|
}
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
->dynamic($token, Response::MODEL_TOKEN)
|
->dynamic($token, Response::MODEL_TOKEN);
|
||||||
;
|
|
||||||
});
|
});
|
||||||
|
|
||||||
App::put('/v1/account/sessions/magic-url')
|
App::put('/v1/account/sessions/magic-url')
|
||||||
|
|
@ -2309,6 +2301,9 @@ App::post('/v1/account/tokens/phone')
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
// Hide secret for clients
|
||||||
|
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '');
|
||||||
|
|
||||||
$queueForMessaging
|
$queueForMessaging
|
||||||
->setType(MESSAGE_SEND_TYPE_INTERNAL)
|
->setType(MESSAGE_SEND_TYPE_INTERNAL)
|
||||||
->setMessage($messageDoc)
|
->setMessage($messageDoc)
|
||||||
|
|
@ -2316,19 +2311,12 @@ App::post('/v1/account/tokens/phone')
|
||||||
->setProviderType(MESSAGE_TYPE_SMS);
|
->setProviderType(MESSAGE_TYPE_SMS);
|
||||||
|
|
||||||
$queueForEvents->setPayload(
|
$queueForEvents->setPayload(
|
||||||
$response->output(
|
$response->output($token, Response::MODEL_TOKEN)
|
||||||
$token->setAttribute('secret', $secret),
|
|
||||||
Response::MODEL_TOKEN
|
|
||||||
)
|
|
||||||
);
|
);
|
||||||
|
|
||||||
// Hide secret for clients
|
|
||||||
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '');
|
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
->dynamic($token, Response::MODEL_TOKEN)
|
->dynamic($token, Response::MODEL_TOKEN);
|
||||||
;
|
|
||||||
});
|
});
|
||||||
|
|
||||||
App::post('/v1/account/jwt')
|
App::post('/v1/account/jwt')
|
||||||
|
|
@ -2968,6 +2956,9 @@ App::post('/v1/account/recovery')
|
||||||
'team' => ''
|
'team' => ''
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// Hide secret for clients
|
||||||
|
$recovery->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
||||||
|
|
||||||
$queueForMails
|
$queueForMails
|
||||||
->setRecipient($profile->getAttribute('email', ''))
|
->setRecipient($profile->getAttribute('email', ''))
|
||||||
->setName($profile->getAttribute('name', ''))
|
->setName($profile->getAttribute('name', ''))
|
||||||
|
|
@ -2980,14 +2971,7 @@ App::post('/v1/account/recovery')
|
||||||
->setParam('userId', $profile->getId())
|
->setParam('userId', $profile->getId())
|
||||||
->setParam('tokenId', $recovery->getId())
|
->setParam('tokenId', $recovery->getId())
|
||||||
->setUser($profile)
|
->setUser($profile)
|
||||||
->setPayload($response->output(
|
->setPayload($response->output($recovery, Response::MODEL_TOKEN));
|
||||||
$recovery->setAttribute('secret', $secret),
|
|
||||||
Response::MODEL_TOKEN
|
|
||||||
))
|
|
||||||
;
|
|
||||||
|
|
||||||
// Hide secret for clients
|
|
||||||
$recovery->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
|
|
@ -3158,6 +3142,7 @@ App::post('/v1/account/verification')
|
||||||
->setParam('{{footer}}', $locale->getText("emails.verification.footer"))
|
->setParam('{{footer}}', $locale->getText("emails.verification.footer"))
|
||||||
->setParam('{{thanks}}', $locale->getText("emails.verification.thanks"))
|
->setParam('{{thanks}}', $locale->getText("emails.verification.thanks"))
|
||||||
->setParam('{{signature}}', $locale->getText("emails.verification.signature"));
|
->setParam('{{signature}}', $locale->getText("emails.verification.signature"));
|
||||||
|
|
||||||
$body = $message->render();
|
$body = $message->render();
|
||||||
|
|
||||||
$smtp = $project->getAttribute('smtp', []);
|
$smtp = $project->getAttribute('smtp', []);
|
||||||
|
|
@ -3216,6 +3201,9 @@ App::post('/v1/account/verification')
|
||||||
'team' => '',
|
'team' => '',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// Hide secret for clients
|
||||||
|
$verification->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $verificationSecret : '');
|
||||||
|
|
||||||
$queueForMails
|
$queueForMails
|
||||||
->setSubject($subject)
|
->setSubject($subject)
|
||||||
->setBody($body)
|
->setBody($body)
|
||||||
|
|
@ -3227,13 +3215,7 @@ App::post('/v1/account/verification')
|
||||||
$queueForEvents
|
$queueForEvents
|
||||||
->setParam('userId', $user->getId())
|
->setParam('userId', $user->getId())
|
||||||
->setParam('tokenId', $verification->getId())
|
->setParam('tokenId', $verification->getId())
|
||||||
->setPayload($response->output(
|
->setPayload($response->output($verification, Response::MODEL_TOKEN));
|
||||||
$verification->setAttribute('secret', $verificationSecret),
|
|
||||||
Response::MODEL_TOKEN
|
|
||||||
));
|
|
||||||
|
|
||||||
// Hide secret for clients
|
|
||||||
$verification->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $verificationSecret : '');
|
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
|
|
@ -3389,6 +3371,9 @@ App::post('/v1/account/verification/phone')
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
// Hide secret for clients
|
||||||
|
$verification->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
||||||
|
|
||||||
$queueForMessaging
|
$queueForMessaging
|
||||||
->setType(MESSAGE_SEND_TYPE_INTERNAL)
|
->setType(MESSAGE_SEND_TYPE_INTERNAL)
|
||||||
->setMessage($messageDoc)
|
->setMessage($messageDoc)
|
||||||
|
|
@ -3398,14 +3383,7 @@ App::post('/v1/account/verification/phone')
|
||||||
$queueForEvents
|
$queueForEvents
|
||||||
->setParam('userId', $user->getId())
|
->setParam('userId', $user->getId())
|
||||||
->setParam('tokenId', $verification->getId())
|
->setParam('tokenId', $verification->getId())
|
||||||
->setPayload($response->output(
|
->setPayload($response->output($verification, Response::MODEL_TOKEN));
|
||||||
$verification->setAttribute('secret', $secret),
|
|
||||||
Response::MODEL_TOKEN
|
|
||||||
))
|
|
||||||
;
|
|
||||||
|
|
||||||
// Hide secret for clients
|
|
||||||
$verification->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue