mirror of https://github.com/MISP/MISP
chg: [auth] Do not log auth_fail for JSON requests
parent
3025979c1b
commit
1413a13d52
|
@ -230,6 +230,10 @@ class AppController extends Controller
|
|||
$this->Security->csrfCheck = false;
|
||||
$loginByAuthKeyResult = $this->__loginByAuthKey();
|
||||
if ($loginByAuthKeyResult === false || $this->Auth->user() === null) {
|
||||
if ($this->IndexFilter->isXhr()) {
|
||||
throw new ForbiddenException('Authentication failed.');
|
||||
}
|
||||
|
||||
if ($loginByAuthKeyResult === null) {
|
||||
$this->loadModel('Log');
|
||||
$this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed API authentication. No authkey was provided.");
|
||||
|
|
|
@ -8,7 +8,9 @@ class IndexFilterComponent extends Component
|
|||
{
|
||||
/** @var Controller */
|
||||
public $Controller;
|
||||
public $isRest = null;
|
||||
|
||||
/** @var bool|null */
|
||||
private $isRest = null;
|
||||
|
||||
// Used for isApiFunction(), a check that returns true if the controller & action combo matches an action that is a non-xml and non-json automation method
|
||||
// This is used to allow authentication via headers for methods not covered by _isRest() - as that only checks for JSON and XML formats
|
||||
|
@ -93,6 +95,11 @@ class IndexFilterComponent extends Component
|
|||
}
|
||||
}
|
||||
|
||||
public function isXhr()
|
||||
{
|
||||
return $this->Controller->request->header('X-Requested-With') === 'XMLHttpRequest';
|
||||
}
|
||||
|
||||
public function isJson()
|
||||
{
|
||||
return $this->Controller->request->header('Accept') === 'application/json' || $this->Controller->RequestHandler->prefers() === 'json';
|
||||
|
@ -103,11 +110,6 @@ class IndexFilterComponent extends Component
|
|||
return $this->Controller->request->header('Accept') === 'text/csv' || $this->Controller->RequestHandler->prefers() === 'csv';
|
||||
}
|
||||
|
||||
public function isXml()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $controller
|
||||
* @param string $action
|
||||
|
|
Loading…
Reference in New Issue