mirror of https://github.com/MISP/MISP
fix: [internal] Check if setting value is scalar
parent
8a045673c7
commit
5bc7037c45
|
@ -1448,7 +1448,7 @@ class ServersController extends AppController
|
|||
if (!isset($this->request->data['Server'])) {
|
||||
$this->request->data = array('Server' => $this->request->data);
|
||||
}
|
||||
if (!isset($this->request->data['Server']['value'])) {
|
||||
if (!isset($this->request->data['Server']['value']) || !is_scalar($this->request->data['Server']['value'])) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, 'Invalid input. Expected: {"value": "new_setting"}', $this->response->type());
|
||||
}
|
||||
|
@ -1491,7 +1491,7 @@ class ServersController extends AppController
|
|||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Field updated.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
} else {
|
||||
if ($this->_isRest) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $result, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $result)), 'status'=>200, 'type' => 'json'));
|
||||
|
|
|
@ -184,6 +184,11 @@ class TestSecurity(unittest.TestCase):
|
|||
# TODO: Try to reload config cache
|
||||
self.admin_misp_connector.get_server_setting("MISP.live")
|
||||
|
||||
def tearDown(self):
|
||||
# Ensure correct config
|
||||
setting = self.admin_misp_connector.get_server_setting("Security.advanced_authkeys")
|
||||
self.assertEqual(setting["value"], False, "Security.advanced_authkeys should be False after test")
|
||||
|
||||
def test_not_logged_in(self):
|
||||
session = requests.Session()
|
||||
|
||||
|
@ -399,18 +404,22 @@ class TestSecurity(unittest.TestCase):
|
|||
logged_in = PyMISP(url, auth_key["authkey_raw"])
|
||||
self.assertEqual(logged_in._current_user.id, self.test_usr.id)
|
||||
|
||||
self.__delete_advanced_authkey(auth_key["id"])
|
||||
# Wait one second to really know that session will be reloaded
|
||||
time.sleep(1)
|
||||
|
||||
self.__delete_advanced_authkey(auth_key["id"])
|
||||
|
||||
with self.assertRaises(MISPServerError):
|
||||
logged_in.get_user()
|
||||
|
||||
time.sleep(1)
|
||||
|
||||
def test_advanced_authkeys_own_key_not_possible(self):
|
||||
with MISPSetting(self.admin_misp_connector, "Security.advanced_authkeys", True):
|
||||
authkey = ("a" * 40)
|
||||
auth_key = self.__create_advanced_authkey(self.test_usr.id, {"authkey": authkey})
|
||||
self.__delete_advanced_authkey(auth_key["id"])
|
||||
self.assertNotEqual(authkey, auth_key["authkey"])
|
||||
self.assertNotEqual(authkey, auth_key["authkey_raw"])
|
||||
|
||||
def test_advanced_authkeys_reset_own(self):
|
||||
with self.__setting("Security.advanced_authkeys", True):
|
||||
|
|
Loading…
Reference in New Issue