fix: [internal] tightened authkey validation

2018-08-03 18:40:46 +02:00 · 2018-08-03 18:40:46 +02:00 · c962e4f863
parent 41f76dd963
commit c962e4f863
2 changed files with 13 additions and 11 deletions
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@ -1193,6 +1193,16 @@ class AppModel extends Model
        return $version_array;
    }

+    public function validateAuthkey($value) {
+        if (empty($value['authkey'])) {
+            return 'Empty authkey found. Make sure you set the 40 character long authkey.';
+        }
+        if (!preg_match('/[a-z0-9]{40}/i', $value['authkey'])) {
+            return 'The authkey has to be exactly 40 characters long and consist of alphanumeric characters.';
+        }
+        return true;
+    }
+
    // alternative to the build in notempty/notblank validation functions, compatible with cakephp <= 2.6 and cakephp and cakephp >= 2.7
    public function valueNotEmpty($value)
    {
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -47,14 +47,7 @@ class Server extends AppModel
            )
        ),
        'authkey' => array(
-            'minlength' => array(
-                'rule' => array('minlength', 40),
-                'message' => 'A authkey of a minimum length of 40 is required.',
-                'required' => true,
-            ),
-            'valueNotEmpty' => array(
-                'rule' => array('valueNotEmpty'),
-            ),
+            'rule' => array('validateAuthkey')
        ),
        'org_id' => array(
            'numeric' => array(
@ -1757,7 +1750,6 @@ class Server extends AppModel
        if ("full" === $technique) {
            // get a list of the event_ids on the server
            $eventIds = $this->getEventIdsFromServer($server);
-            // FIXME this is not clean at all ! needs to be refactored with try catch error handling/communication
            if ($eventIds === 403) {
                return array(1, null);
            } elseif (is_string($eventIds)) {
@ -2910,8 +2902,6 @@ class Server extends AppModel
                $k = $this->Attribute->generateCorrelation();
            }
        } else {
-            $job = ClassRegistry::init('Job');
-            $job->create();
            if ($value == true) {
                $jobType = 'jobPurgeCorrelation';
                $jobTypeText = 'purge correlations';
@ -2919,6 +2909,8 @@ class Server extends AppModel
                $jobType = 'jobGenerateCorrelation';
                $jobTypeText = 'generate correlation';
            }
+            $job = ClassRegistry::init('Job');
+            $job->create();
            $data = array(
                    'worker' => 'default',
                    'job_type' => $jobTypeText,