mirror of https://github.com/MISP/MISP
add: tests and finish EventBlocklistsController migration
parent
11c7a76fcb
commit
db0bbd74c8
|
@ -218,6 +218,38 @@ class ACLComponent extends Component
|
|||
'saveMyBookmark' => ['*'],
|
||||
'deleteMyBookmark' => ['*']
|
||||
],
|
||||
'EventBlocklists' => [
|
||||
'add' => [
|
||||
'AND' => [
|
||||
'host_org_user',
|
||||
'perm_add'
|
||||
]
|
||||
],
|
||||
'delete' => [
|
||||
'AND' => [
|
||||
'host_org_user',
|
||||
'perm_add'
|
||||
]
|
||||
],
|
||||
'edit' => [
|
||||
'AND' => [
|
||||
'host_org_user',
|
||||
'perm_add'
|
||||
]
|
||||
],
|
||||
'index' => [
|
||||
'AND' => [
|
||||
'host_org_user',
|
||||
'perm_add'
|
||||
]
|
||||
],
|
||||
'massDelete' => [
|
||||
'AND' => [
|
||||
'host_org_user',
|
||||
'perm_add'
|
||||
]
|
||||
]
|
||||
],
|
||||
'Api' => [
|
||||
'index' => ['*']
|
||||
]
|
||||
|
@ -281,13 +313,13 @@ class ACLComponent extends Component
|
|||
$this->Log = TableRegistry::get('Log');
|
||||
$this->Log->create();
|
||||
$this->Log->save(array(
|
||||
'org' => 'SYSTEM',
|
||||
'model' => 'User',
|
||||
'model_id' => $user['id'],
|
||||
'email' => $user['email'],
|
||||
'action' => 'security',
|
||||
'user_id' => $user['id'],
|
||||
'title' => __('User triggered security alert by attempting to access /%s/%s. Reason why this endpoint is of interest: %s', $controller, $action, $message),
|
||||
'org' => 'SYSTEM',
|
||||
'model' => 'User',
|
||||
'model_id' => $user['id'],
|
||||
'email' => $user['email'],
|
||||
'action' => 'security',
|
||||
'user_id' => $user['id'],
|
||||
'title' => __('User triggered security alert by attempting to access /%s/%s. Reason why this endpoint is of interest: %s', $controller, $action, $message),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
@ -477,8 +509,10 @@ class ACLComponent extends Component
|
|||
if (in_array($function, ['beforeFilter', 'beforeRender', 'initialize', 'afterFilter'])) {
|
||||
continue;
|
||||
}
|
||||
if (!isset($this->aclList[$controller])
|
||||
|| !in_array($function, array_keys($this->aclList[$controller]))) {
|
||||
if (
|
||||
!isset($this->aclList[$controller])
|
||||
|| !in_array($function, array_keys($this->aclList[$controller]))
|
||||
) {
|
||||
$missing[$controller][] = $function;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
namespace App\Controller\Component;
|
||||
|
||||
use Cake\Controller\Component;
|
||||
use Cake\Validation\Validation;
|
||||
|
||||
class BlocklistComponent extends Component
|
||||
{
|
||||
|
@ -35,7 +36,7 @@ class BlocklistComponent extends Component
|
|||
{
|
||||
if ($this->controller->getRequest()->is('post')) {
|
||||
if ($rest) {
|
||||
if ($this->controller->getResponse()->type() === 'application/json') {
|
||||
if ($this->controller->getResponse()->getType() === 'application/json') {
|
||||
$isJson = true;
|
||||
$data = $this->controller->getRequest()->input('json_decode', true);
|
||||
} else {
|
||||
|
@ -100,13 +101,13 @@ class BlocklistComponent extends Component
|
|||
public function edit($id, $rest = false)
|
||||
{
|
||||
if (Validation::uuid($id)) {
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('first', [
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('all', [
|
||||
'conditions' => array(
|
||||
$this->controller->{$this->defaultModel}->blocklistTarget . '_uuid' => $id
|
||||
)
|
||||
]);
|
||||
])->first();
|
||||
} else {
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('first', array('conditions' => array('id' => $id)));
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('all', array('conditions' => array('id' => $id)))->first();
|
||||
}
|
||||
if (empty($blockEntry)) {
|
||||
throw new NotFoundException(__('Blocklist item not found.'));
|
||||
|
@ -114,7 +115,7 @@ class BlocklistComponent extends Component
|
|||
$this->controller->set('blockEntry', $blockEntry);
|
||||
if ($this->controller->getRequest()->is('post')) {
|
||||
if ($rest) {
|
||||
if ($this->controller->getResponse()->type() === 'application/json') {
|
||||
if ($this->controller->getResponse()->getType() === 'application/json') {
|
||||
$data = $this->controller->getRequest()->input('json_decode', true);
|
||||
} else {
|
||||
$data = $this->controller->getRequest()->getData();
|
||||
|
@ -134,18 +135,14 @@ class BlocklistComponent extends Component
|
|||
continue;
|
||||
}
|
||||
if (isset($data[$this->defaultModel][$f])) {
|
||||
$blockEntry[$this->defaultModel][$f] = $data[$this->defaultModel][$f];
|
||||
$blockEntry[$f] = $data[$this->defaultModel][$f];
|
||||
}
|
||||
}
|
||||
if ($this->controller->{$this->defaultModel}->save($blockEntry)) {
|
||||
if ($rest) {
|
||||
return $this->RestResponse->viewData(
|
||||
$this->controller->{$this->defaultModel}->find('first', [
|
||||
'recursive' => -1,
|
||||
'conditions' => [
|
||||
'id' => $this->controller->{$this->defaultModel}->id
|
||||
]
|
||||
])
|
||||
$this->controller->{$this->defaultModel}->get($blockEntry->id)
|
||||
|
||||
);
|
||||
} else {
|
||||
$this->controller->Flash->success(__('Blocklist item added.'));
|
||||
|
@ -165,19 +162,19 @@ class BlocklistComponent extends Component
|
|||
public function delete($id, $rest = false)
|
||||
{
|
||||
if (Validation::uuid($id)) {
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('first', [
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('all', [
|
||||
'conditions' => array(
|
||||
$this->controller->{$this->defaultModel}->blocklistTarget . '_uuid' => $id
|
||||
)
|
||||
]);
|
||||
])->first();
|
||||
} else {
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('first', array('conditions' => array('id' => $id)));
|
||||
$blockEntry = $this->controller->{$this->defaultModel}->find('all', array('conditions' => array('id' => $id)))->first();
|
||||
}
|
||||
if (empty($blockEntry)) {
|
||||
throw new NotFoundException(__('Invalid blocklist entry'));
|
||||
}
|
||||
|
||||
if ($this->controller->{$this->defaultModel}->delete($blockEntry[$this->defaultModel]['id'])) {
|
||||
if ($this->controller->{$this->defaultModel}->delete($blockEntry)) {
|
||||
$message = __('Blocklist entry removed');
|
||||
if ($rest) {
|
||||
return $this->RestResponse->saveSuccessResponse($this->defaultModel, 'delete', $id, false, $message);
|
||||
|
|
|
@ -50,18 +50,17 @@ class EventBlocklistsController extends AppController
|
|||
public function massDelete()
|
||||
{
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
if (!isset($this->request->data['EventBlocklist'])) {
|
||||
$this->request->data = array('EventBlocklist' => $this->request->data);
|
||||
$ids = $this->request->getData();
|
||||
if (empty($ids)) {
|
||||
throw new NotFoundException(__('Invalid EventBlocklists IDs.'));
|
||||
}
|
||||
$ids = $this->request->data['EventBlocklist']['ids'];
|
||||
$event_ids = json_decode($ids, true);
|
||||
if (empty($event_ids)) {
|
||||
throw new NotFoundException(__('Invalid event IDs.'));
|
||||
}
|
||||
$result = $this->EventBlocklist->deleteAll(array('EventBlocklist.id' => $event_ids));
|
||||
$eventBlocklists = $this->EventBlocklists->find('all', [
|
||||
'conditions' => ['id IN' => $ids]
|
||||
]);
|
||||
$result = $this->EventBlocklists->deleteMany($eventBlocklists);
|
||||
if ($result) {
|
||||
if ($this->ParamHandler->isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('EventBlocklist', 'Deleted', $ids, $this->response->type());
|
||||
return $this->RestResponse->saveSuccessResponse('EventBlocklist', 'Deleted', implode(',', $ids), $this->response->getType());
|
||||
} else {
|
||||
$this->Flash->success('Blocklist entry removed');
|
||||
$this->redirect(array('controller' => 'eventBlocklists', 'action' => 'index'));
|
||||
|
@ -69,7 +68,7 @@ class EventBlocklistsController extends AppController
|
|||
} else {
|
||||
$error = __('Failed to delete Event from EventBlocklist. Error: ') . PHP_EOL . h($result);
|
||||
if ($this->ParamHandler->isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('EventBlocklist', 'Deleted', false, $error, $this->response->type());
|
||||
return $this->RestResponse->saveFailResponse('EventBlocklist', 'Deleted', false, $error, $this->response->getType());
|
||||
} else {
|
||||
$this->Flash->error($error);
|
||||
$this->redirect(array('controller' => 'eventBlocklists', 'action' => 'index'));
|
||||
|
|
|
@ -3,14 +3,12 @@
|
|||
namespace App\Model\Table;
|
||||
|
||||
use App\Model\Table\AppTable;
|
||||
use Cake\ORM\Table;
|
||||
use Cake\Validation\Validator;
|
||||
use Cake\Datasource\EntityInterface;
|
||||
use Cake\Event\Event;
|
||||
use Cake\Event\EventInterface;
|
||||
use Cake\Auth\DefaultPasswordHasher;
|
||||
use Cake\Utility\Security;
|
||||
use Cake\Http\Exception\MethodNotAllowedException;
|
||||
use ArrayObject;
|
||||
|
||||
class AuthKeysTable extends AppTable
|
||||
|
|
|
@ -40,10 +40,10 @@ class EventBlocklistsTable extends AppTable
|
|||
|
||||
public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
|
||||
{
|
||||
if (empty($data['id'])) {
|
||||
if (empty($entity->id)) {
|
||||
$entity->created = date('Y-m-d H:i:s');
|
||||
}
|
||||
if (empty($data['comment'])) {
|
||||
if (empty($entity->comment)) {
|
||||
$entity->comment = '';
|
||||
}
|
||||
return true;
|
||||
|
|
|
@ -14,11 +14,9 @@ class AuthKeysFixture extends TestFixture
|
|||
public const ADMIN_API_ID = 1;
|
||||
public const ADMIN_API_KEY = 'sL9hrjIyY405RyGQHLx5DoCAM92BNmmGa8P4ck1E';
|
||||
|
||||
|
||||
public const SYNC_API_ID = 2;
|
||||
public const SYNC_API_KEY = '6b387ced110858dcbcda36edb044dc18f91a0894';
|
||||
|
||||
|
||||
public const ORG_ADMIN_API_ID = 3;
|
||||
public const ORG_ADMIN_API_KEY = '1c4685d281d478dbcebd494158024bc3539004d0';
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Test\Fixture;
|
||||
|
||||
use Cake\TestSuite\Fixture\TestFixture;
|
||||
|
||||
class EventBlocklistsFixture extends TestFixture
|
||||
{
|
||||
public $connection = 'test';
|
||||
|
||||
public const EVENT_BLOCK_LIST_1_ID = 1;
|
||||
public const EVENT_BLOCK_LIST_1_EVENT_UUID = '9a9287e4-6b38-4d7b-b957-801746b71892';
|
||||
|
||||
public const EVENT_BLOCK_LIST_2_ID = 2;
|
||||
public const EVENT_BLOCK_LIST_2_EVENT_UUID = '4ca98b8a-5ae5-4c5e-9250-7d2f56e3e6e2';
|
||||
|
||||
public function init(): void
|
||||
{
|
||||
$faker = \Faker\Factory::create();
|
||||
|
||||
$this->records = [
|
||||
[
|
||||
'id' => self::EVENT_BLOCK_LIST_1_ID,
|
||||
'event_uuid' => self::EVENT_BLOCK_LIST_1_EVENT_UUID,
|
||||
'created' => $faker->dateTime()->getTimestamp(),
|
||||
'event_info' => 'Blocked event',
|
||||
'event_orgc' => 'ORGC'
|
||||
],
|
||||
[
|
||||
'id' => self::EVENT_BLOCK_LIST_2_ID,
|
||||
'event_uuid' => self::EVENT_BLOCK_LIST_2_EVENT_UUID,
|
||||
'created' => $faker->dateTime()->getTimestamp(),
|
||||
'event_info' => 'Blocked event',
|
||||
'event_orgc' => 'ORGC'
|
||||
]
|
||||
];
|
||||
parent::init();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Test\TestCase\Api\Users;
|
||||
|
||||
use Cake\TestSuite\TestCase;
|
||||
use App\Test\Fixture\AuthKeysFixture;
|
||||
use App\Test\Helper\ApiTestTrait;
|
||||
|
||||
class AddEventBlocklistApiTest extends TestCase
|
||||
{
|
||||
use ApiTestTrait;
|
||||
|
||||
protected const ENDPOINT = '/event-blocklists/add';
|
||||
|
||||
protected $fixtures = [
|
||||
'app.Organisations',
|
||||
'app.Roles',
|
||||
'app.Users',
|
||||
'app.AuthKeys',
|
||||
'app.EventBlocklists'
|
||||
];
|
||||
|
||||
public function testAddEventBlocklist(): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
|
||||
$faker = \Faker\Factory::create();
|
||||
$event_uuid = $faker->uuid();
|
||||
|
||||
$this->post(
|
||||
self::ENDPOINT,
|
||||
[
|
||||
'uuids' => [$event_uuid],
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertDbRecordExists('EventBlocklists', ['event_uuid' => $event_uuid]);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Test\TestCase\Api\Users;
|
||||
|
||||
use Cake\TestSuite\TestCase;
|
||||
use App\Test\Fixture\AuthKeysFixture;
|
||||
use App\Test\Helper\ApiTestTrait;
|
||||
use App\Test\Fixture\EventBlocklistsFixture;
|
||||
|
||||
class DeleteEventBlocklistApiTest extends TestCase
|
||||
{
|
||||
use ApiTestTrait;
|
||||
|
||||
protected const ENDPOINT = '/event-blocklists/delete';
|
||||
|
||||
protected $fixtures = [
|
||||
'app.Organisations',
|
||||
'app.Roles',
|
||||
'app.Users',
|
||||
'app.AuthKeys',
|
||||
'app.EventBlocklists'
|
||||
];
|
||||
|
||||
public function testDeleteEventBlocklistByUUID(): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
$url = sprintf('%s/%s', self::ENDPOINT, EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID);
|
||||
$this->delete($url);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertDbRecordNotExists('EventBlocklists', ['event_uuid' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID]);
|
||||
}
|
||||
|
||||
public function testDeleteEventBlocklistById(): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
$url = sprintf('%s/%s', self::ENDPOINT, EventBlocklistsFixture::EVENT_BLOCK_LIST_1_ID);
|
||||
$this->delete($url);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertDbRecordNotExists('EventBlocklists', ['event_uuid' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID]);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Test\TestCase\Api\Users;
|
||||
|
||||
use Cake\TestSuite\TestCase;
|
||||
use App\Test\Fixture\AuthKeysFixture;
|
||||
use App\Test\Helper\ApiTestTrait;
|
||||
use App\Test\Fixture\EventBlocklistsFixture;
|
||||
|
||||
class EditEventBlocklistApiTest extends TestCase
|
||||
{
|
||||
use ApiTestTrait;
|
||||
|
||||
protected const ENDPOINT = '/event-blocklists/edit';
|
||||
|
||||
protected $fixtures = [
|
||||
'app.Organisations',
|
||||
'app.Roles',
|
||||
'app.Users',
|
||||
'app.AuthKeys',
|
||||
'app.EventBlocklists'
|
||||
];
|
||||
|
||||
public function testEditEventBlocklist(): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
|
||||
$new_event_info = "NEW EVENT INFO";
|
||||
$new_comment = "NEW COMMENT";
|
||||
$new_event_orgc = "NEW ORGC";
|
||||
$url = sprintf('%s/%s', self::ENDPOINT, EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID);
|
||||
|
||||
$this->post(
|
||||
$url,
|
||||
[
|
||||
'event_info' => $new_event_info,
|
||||
'comment' => $new_comment,
|
||||
'event_orgc' => $new_event_orgc,
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertDbRecordExists('EventBlocklists', [
|
||||
'event_uuid' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID,
|
||||
'event_info' => $new_event_info,
|
||||
'comment' => $new_comment,
|
||||
'event_orgc' => $new_event_orgc
|
||||
]);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Test\TestCase\Api\Users;
|
||||
|
||||
use Cake\TestSuite\TestCase;
|
||||
use App\Test\Fixture\AuthKeysFixture;
|
||||
use App\Test\Fixture\EventBlocklistsFixture;
|
||||
use App\Test\Helper\ApiTestTrait;
|
||||
|
||||
class IndexEventBlocklistsApiTest extends TestCase
|
||||
{
|
||||
use ApiTestTrait;
|
||||
|
||||
protected const ENDPOINT = '/event-blocklists/index';
|
||||
|
||||
protected $fixtures = [
|
||||
'app.Organisations',
|
||||
'app.Roles',
|
||||
'app.Users',
|
||||
'app.AuthKeys',
|
||||
'app.EventBlocklists'
|
||||
];
|
||||
|
||||
public function testIndexEventBlocklists(): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
|
||||
$this->get(self::ENDPOINT);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertResponseContains(sprintf('"event_uuid": "%s"', EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID));
|
||||
}
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Test\TestCase\Api\Users;
|
||||
|
||||
use Cake\TestSuite\TestCase;
|
||||
use App\Test\Fixture\AuthKeysFixture;
|
||||
use App\Test\Helper\ApiTestTrait;
|
||||
use App\Test\Fixture\EventBlocklistsFixture;
|
||||
|
||||
class MassDeleteBlocklistsApiTest extends TestCase
|
||||
{
|
||||
use ApiTestTrait;
|
||||
|
||||
protected const ENDPOINT = '/event-blocklists/massDelete';
|
||||
|
||||
protected $fixtures = [
|
||||
'app.Organisations',
|
||||
'app.Roles',
|
||||
'app.Users',
|
||||
'app.AuthKeys',
|
||||
'app.EventBlocklists'
|
||||
];
|
||||
|
||||
public function testMassDeleteEventBlocklists(): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
|
||||
$this->post(
|
||||
self::ENDPOINT,
|
||||
[
|
||||
EventBlocklistsFixture::EVENT_BLOCK_LIST_1_ID,
|
||||
EventBlocklistsFixture::EVENT_BLOCK_LIST_2_ID
|
||||
]
|
||||
);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertDbRecordNotExists('EventBlocklists', ['id' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_ID]);
|
||||
$this->assertDbRecordNotExists('EventBlocklists', ['id' => EventBlocklistsFixture::EVENT_BLOCK_LIST_2_ID]);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue