MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

REST POST of event and signatures works (basics, no error-handling)

pull/61/head
Christophe Vandeplas 2012-04-10 15:47:42 +02:00
parent 87e12448ab
commit a2d073b7b9
5 changed files with 79 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/AppController.php
View File

@ -59,12 +59,12 @@ class AppController extends Controller {
function beforeFilter() {
// REST things
if (isset($this->RequestHandler) && $this->RequestHandler->isXml()) {
if ($this->_isRest()) {
// disable CSRF for REST access
$this->Security->csrfCheck = false;
// Authenticate user with authkey in Authorization HTTP header
if ($this->RequestHandler->isXml() && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
$authkey = $_SERVER['HTTP_AUTHORIZATION'];
$this->loadModel('User');
$params = array(
@ -91,6 +91,10 @@ class AppController extends Controller {
$this->set('isAdmin', $this->_isAdmin());
}
protected function _isRest() {
return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
}
/**
* Convert an array to the same array but with the values also as index instead of an interface_exists

2
app/Controller/AttributesController.php
View File

@ -96,7 +96,6 @@ class AttributesController extends AppController {
$this->Attribute->create();
$this->request->data['Attribute']['value'] = $attribute; // set the value as the content of the single line
$this->request->data['Attribute']['uuid'] = String::uuid();
if ($this->Attribute->save($this->request->data)) {
$successes .= " ".($key+1);
} else {
@ -124,7 +123,6 @@ class AttributesController extends AppController {
//
// create the attribute
$this->Attribute->create();
$this->request->data['Attribute']['uuid'] = String::uuid();
if ($this->Attribute->save($this->request->data)) {
// inform the user and redirect

49
app/Controller/EventsController.php
View File

@ -121,13 +121,30 @@ class EventsController extends AppController {
// force check userid and orgname to be from yourself
$this->request->data['Event']['user_id'] = $this->Auth->user('id');
$this->request->data['Event']['org'] = $this->Auth->user('org');
$this->request->data['Event']['uuid'] = String::uuid();
$this->Event->create();
if ($this->Event->save($this->request->data)) {
$this->Session->setFlash(__('The event has been saved'));
$this->redirect(array('action' => 'view', $this->Event->getId()));
if ($this->_isRest()) {
// Workaround for different structure in XML than what CakePHP expects
$this->request->data['Attribute'] = $this->request->data['Event']['Attribute'];
unset($this->request->data['Event']['Attribute']);
// the event_id field is not set (normal) so make sure no validation errors are thrown
unset($this->Event->Attribute->validate['event_id']);
unset($this->Event->Attribute->validate['value']['unique']); // otherwise gives bugs because event_id is not set
}
if ($this->Event->saveAssociated($this->request->data)) {
if ($this->_isRest()) {
// REST users want to see the newly created event
$this->view($this->Event->getId());
$this->render('view');
} else {
// redirect to the view of the newly created event
$this->Session->setFlash(__('The event has been saved'));
$this->redirect(array('action' => 'view', $this->Event->getId()));
}
} else {
$this->Session->setFlash(__('The event could not be saved. Please, try again.'), 'default', array(), 'error');
// TODO return error if REST
}
}
// combobox for risks
@ -181,6 +198,7 @@ class EventsController extends AppController {
$this->set('risks',compact('risks'));
}
/**
* delete method
*
@ -206,6 +224,7 @@ class EventsController extends AppController {
}
/**
* Publishes the event without sending an alert email
*/
@ -231,6 +250,7 @@ class EventsController extends AppController {
$this->redirect(array('action' => 'view', $id));
}
}
/**
* Send out an alert email to all the users that wanted to be notified.
* Users with a GPG key will get the mail encrypted, other users will get the mail unencrypted
@ -371,6 +391,7 @@ class EventsController extends AppController {
}
/**
* Send out an contact email to the person who posted the event.
* Users with a GPG key will get the mail encrypted, other users will get the mail unencrypted
@ -398,7 +419,8 @@ class EventsController extends AppController {
if (empty($this->data)) {
$this->data = $this->Event->read(null, $id);
}
}
}
/**
@ -515,7 +537,8 @@ class EventsController extends AppController {
unlink($tmpfname);
return $result;
}
}
public function export() {
@ -852,21 +875,7 @@ class EventsController extends AppController {
// and append |00| to terminate the name
return $rawName;
}
/**
* Shortcut so you can check in your Controllers wether
* REST Component is currently active.
*
* Use it in your ->flash() methods
* to forward errors to REST with e.g. $this->Rest->error()
*
* @return boolean
*/
protected function _isRest() {
return !empty($this->Rest) && is_object($this->Rest) && $this->Rest->isActive();
}
}

57
app/Model/Attribute.php
View File

@ -99,6 +99,14 @@ class Attribute extends AppModel {
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
'unique' => array(
'rule' => array('valueIsUnique'),
'message' => 'A similar attribute already exists for this event.',
//'allowEmpty' => false,
//'required' => true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'to_ids' => array(
'boolean' => array(
@ -198,31 +206,42 @@ class Attribute extends AppModel {
break;
}
// generate UUID if it doesn't exist
if (empty($this->data['Attribute']['uuid']))
$this->data['Attribute']['uuid']= String::uuid();
// always return true, otherwise the object cannot be saved
return true;
}
function valueIsUnique ($fields) {
$value = $fields['value'];
$event_id = $this->data['Attribute']['event_id'];
$type = $this->data['Attribute']['type'];
$to_ids = $this->data['Attribute']['to_ids'];
$category = $this->data['Attribute']['category'];
// check if the attribute already exists in the same event
$conditions = array('Attribute.event_id' => $event_id,
'Attribute.type' => $type,
'Attribute.category' => $category,
'Attribute.value' => $value
);
if (isset($this->data['Attribute']['id']))
$conditions['Attribute.id !='] = $this->data['Attribute']['id'];
$params = array('recursive' => 0,
'conditions' => $conditions,
);
if (0 != $this->find('count', $params) )
return false;
// Say everything is fine
return true;
}
function validateAttributeValue ($fields) {
$value = $fields['value'];
$event_id = $this->data['Attribute']['event_id'];
$type = $this->data['Attribute']['type'];
$to_ids = $this->data['Attribute']['to_ids'];
$category = $this->data['Attribute']['category'];
// check if the attribute already exists in the same event
$conditions = array('Attribute.event_id' => $event_id,
'Attribute.type' => $type,
'Attribute.category' => $category,
'Attribute.value' => $value
);
if (isset($this->data['Attribute']['id']))
$conditions['Attribute.id !='] = $this->data['Attribute']['id'];
$params = array('recursive' => 0,
'conditions' => $conditions,
);
if (0 != $this->find('count', $params) )
return 'Attribute already exists for this event.';
// check data validation
switch($this->data['Attribute']['type']) {

6
app/Model/Event.php
View File

@ -138,6 +138,12 @@ class Event extends AppModel {
);
function beforeValidate() {
// generate UUID if it doesn't exist
if (empty($this->data['Event']['uuid']))
$this->data['Event']['uuid']= String::uuid();
}
public function isOwnedByOrg($eventid, $org) {
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
}