mirror of https://github.com/MISP/MISP
fix: New way of checking for API access
- meant to resolve some issues such as being redirected to the news page if a new news item exists while running a CSV export via the APIpull/2264/head
iglocska
parent
a52989c78d
commit
bb20f232f8
|
|
@ -79,6 +79,13 @@ class AppController extends Controller {
|
|||
'RestResponse'
|
||||
);
|
||||
|
||||
private function __isApiFunction($controller, $action) {
|
||||
if (isset($this->automationArray[$controller]) && in_array($action, $this->automationArray[$controller])) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function beforeFilter() {
|
||||
// check for a supported datasource configuration
|
||||
$dataSourceConfig = ConnectionManager::getDataSource('default')->config;
|
||||
|
|
@ -162,7 +169,9 @@ class AppController extends Controller {
|
|||
if (preg_match('/^[a-zA-Z0-9]{40}$/', trim($auth_key))) {
|
||||
$found_misp_auth_key = true;
|
||||
$temp = $this->checkAuthUser(trim($auth_key));
|
||||
if ($temp) $user['User'] = $this->checkAuthUser(trim($auth_key));
|
||||
if ($temp) {
|
||||
$user['User'] = $this->checkAuthUser(trim($auth_key));
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($found_misp_auth_key) {
|
||||
|
|
@ -394,7 +403,8 @@ class AppController extends Controller {
|
|||
}
|
||||
|
||||
protected function _isRest() {
|
||||
return (isset($this->RequestHandler) && ($this->RequestHandler->isXml() || $this->_isJson()));
|
||||
$api = $this->__isApiFunction($this->request->params['controller'], $this->request->params['action']);
|
||||
return (isset($this->RequestHandler) && ($api || $this->RequestHandler->isXml() || $this->_isJson()));
|
||||
}
|
||||
|
||||
protected function _isAutomation() {
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ class RestResponseComponent extends Component {
|
|||
return $this->__sendResponse($response, 200, $format);
|
||||
}
|
||||
|
||||
private function __sendResponse($response, $code, $format = false, $raw = false) {
|
||||
private function __sendResponse($response, $code, $format = false, $raw = false, $download = false) {
|
||||
if (strtolower($format) === 'application/xml') {
|
||||
if (!$raw) $response = Xml::build($response);
|
||||
$type = 'xml';
|
||||
|
|
@ -75,7 +75,9 @@ class RestResponseComponent extends Component {
|
|||
if (!$raw) $response = json_encode($response, JSON_PRETTY_PRINT);
|
||||
$type = 'json';
|
||||
}
|
||||
return new CakeResponse(array('body'=> $response,'status' => $code, 'type' => $type));
|
||||
$cakeResponse = new CakeResponse(array('body'=> $response,'status' => $code, 'type' => $type));
|
||||
if ($download) $cakeResponse->download($download);
|
||||
return $cakeResponse;
|
||||
}
|
||||
|
||||
private function __generateURL($action, $controller, $id) {
|
||||
|
|
@ -91,11 +93,15 @@ class RestResponseComponent extends Component {
|
|||
return array('action' => $action, 'admin' => $admin);
|
||||
}
|
||||
|
||||
public function viewData($data, $format = false, $errors = false, $raw = false) {
|
||||
public function viewData($data, $format = false, $errors = false, $raw = false, $download = false) {
|
||||
if (!empty($errors)) {
|
||||
$data['errors'] = $errors;
|
||||
}
|
||||
return $this->__sendResponse($data, 200, $format, $raw);
|
||||
return $this->__sendResponse($data, 200, $format, $raw, $download);
|
||||
}
|
||||
|
||||
public function throwException($code, $message, $format, $raw) {
|
||||
return $this->__sendResponse($message, $code, $format, $raw);
|
||||
}
|
||||
|
||||
public function describe($controller, $action, $id = false, $format = false) {
|
||||
|
|
|
|||
|
|
@ -2054,7 +2054,7 @@ class EventsController extends AppController {
|
|||
$paramArray = array('eventid', 'ignore', 'tags', 'category', 'type', 'includeContext', 'from', 'to', 'last', 'headerless', 'enforceWarninglist');
|
||||
if ($this->request->is('post')) {
|
||||
if (empty($this->request->data)) {
|
||||
throw new BadRequestException('Either specify the search terms in the url, or POST a json or xml with the filter parameters.');
|
||||
return $this->RestResponse->throwException(400, 'Either specify the search terms in the url, or POST a json or xml with the filter parameters.', 'csv', true);
|
||||
} else {
|
||||
$data = $this->request->data;
|
||||
}
|
||||
|
|
@ -2143,18 +2143,20 @@ class EventsController extends AppController {
|
|||
}
|
||||
$this->response->type('csv'); // set the content type
|
||||
if (!$exportType) {
|
||||
$this->header('Content-Disposition: download; filename="misp.all_attributes.csv"');
|
||||
$filename = "misp.all_attributes.csv";
|
||||
} else if ($exportType === 'search') {
|
||||
$this->header('Content-Disposition: download; filename="misp.search_result.csv"');
|
||||
$filename = "misp.search_result.csv";
|
||||
} else {
|
||||
$this->header('Content-Disposition: download; filename="misp.event_' . $exportType . '.csv"');
|
||||
$filename = "misp.event_' . $exportType . '.csv";
|
||||
}
|
||||
$this->layout = 'text/default';
|
||||
$headers = array('uuid', 'event_id', 'category', 'type', 'value', 'comment', 'to_ids', 'date');
|
||||
if ($includeContext) $headers = array_merge($headers, array_keys($this->Event->csv_event_context_fields_to_fetch));
|
||||
$this->set('headers', $headers);
|
||||
$this->set('final', $final);
|
||||
$this->set('headerless', $headerless);
|
||||
$headers = implode(',', $headers);
|
||||
$final = array_merge(array($headers), $final);
|
||||
$final = implode (PHP_EOL, $final);
|
||||
$final .= PHP_EOL;
|
||||
return $this->RestResponse->viewData($final, 'csv', false, true, $filename);
|
||||
}
|
||||
|
||||
public function _addGfiZip($id) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue