mirror of https://github.com/MISP/MISP
chg: [internal] Code cleanup
Jakub Onderka
parent
01f4897635
commit
dc05fc1302
|
|
@ -263,6 +263,7 @@ class AppController extends Controller
|
|||
if (!$this->__verifyUser($user)) {
|
||||
$this->_stop(); // just for sure
|
||||
}
|
||||
$user = $this->Auth->user(); // user info in session could change, reload user variable
|
||||
|
||||
if (isset($user['logged_by_authkey']) && $user['logged_by_authkey'] && !($this->_isRest() || $this->_isAutomation())) {
|
||||
throw new ForbiddenException("When user is authenticated by authkey, just REST request can be processed");
|
||||
|
|
@ -331,7 +332,7 @@ class AppController extends Controller
|
|||
$this->set('me', false);
|
||||
}
|
||||
|
||||
if ($this->Auth->user() && $this->_isSiteAdmin()) {
|
||||
if ($user && $this->_isSiteAdmin()) {
|
||||
if (Configure::read('Session.defaults') === 'database') {
|
||||
$db = ConnectionManager::getDataSource('default');
|
||||
$sqlResult = $db->query('SELECT COUNT(id) AS session_count FROM cake_sessions WHERE expires < ' . time() . ';');
|
||||
|
|
@ -345,12 +346,12 @@ class AppController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
$this->ACL->checkAccess($this->Auth->user(), Inflector::variable($this->request->params['controller']), $this->request->action);
|
||||
if ($this->_isRest()) {
|
||||
$this->__rateLimitCheck();
|
||||
$this->ACL->checkAccess($user, Inflector::variable($this->request->params['controller']), $this->request->action);
|
||||
if ($this->_isRest() && $user) {
|
||||
$this->__rateLimitCheck($user);
|
||||
}
|
||||
if ($this->modelClass !== 'CakeError') {
|
||||
$deprecationWarnings = $this->Deprecation->checkDeprecation($this->request->params['controller'], $this->request->action, $this->{$this->modelClass}, $this->Auth->user('id'));
|
||||
$deprecationWarnings = $this->Deprecation->checkDeprecation($this->request->params['controller'], $this->request->action, $this->{$this->modelClass}, $user['id']);
|
||||
if ($deprecationWarnings) {
|
||||
$deprecationWarnings = __('WARNING: This functionality is deprecated and will be removed in the near future. ') . $deprecationWarnings;
|
||||
if ($this->_isRest()) {
|
||||
|
|
@ -363,15 +364,15 @@ class AppController extends Controller
|
|||
}
|
||||
|
||||
// Notifications and homepage is not necessary for AJAX or REST requests
|
||||
if ($this->Auth->user() && !$this->_isRest() && !$this->request->is('ajax')) {
|
||||
if ($user && !$this->_isRest() && !$this->request->is('ajax')) {
|
||||
if ($this->request->params['controller'] === 'users' && $this->request->params['action'] === 'dashboard') {
|
||||
$notifications = $this->User->populateNotifications($this->Auth->user());
|
||||
$notifications = $this->User->populateNotifications($user);
|
||||
} else {
|
||||
$notifications = $this->User->populateNotifications($this->Auth->user(), 'fast');
|
||||
$notifications = $this->User->populateNotifications($user, 'fast');
|
||||
}
|
||||
$this->set('notifications', $notifications);
|
||||
|
||||
$homepage = $this->User->UserSetting->getValueForUser($this->Auth->user('id'), 'homepage');
|
||||
$homepage = $this->User->UserSetting->getValueForUser($user['id'], 'homepage');
|
||||
if (!empty($homepage)) {
|
||||
$this->set('homepage', $homepage);
|
||||
}
|
||||
|
|
@ -756,11 +757,11 @@ class AppController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
private function __rateLimitCheck()
|
||||
private function __rateLimitCheck(array $user)
|
||||
{
|
||||
$info = array();
|
||||
$rateLimitCheck = $this->RateLimit->check(
|
||||
$this->Auth->user(),
|
||||
$user,
|
||||
$this->request->params['controller'],
|
||||
$this->request->action,
|
||||
$this->{$this->modelClass},
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
<?php
|
||||
|
||||
class CRUDComponent extends Component
|
||||
{
|
||||
/** @var AppController */
|
||||
public $Controller = null;
|
||||
public $Controller;
|
||||
|
||||
public function initialize(Controller $controller, $settings=array()) {
|
||||
public function initialize(Controller $controller, $settings=array())
|
||||
{
|
||||
$this->Controller = $controller;
|
||||
}
|
||||
|
||||
|
|
@ -39,12 +39,12 @@ class CRUDComponent extends Component
|
|||
if (!empty($this->Controller->paginate['fields'])) {
|
||||
$query['fields'] = $this->Controller->paginate['fields'];
|
||||
}
|
||||
$data = $this->Controller->{$this->Controller->defaultModel}->find('all', $query);
|
||||
$data = $this->Controller->{$this->Controller->modelClass}->find('all', $query);
|
||||
if (isset($options['afterFind'])) {
|
||||
if (is_callable($options['afterFind'])) {
|
||||
$data = $options['afterFind']($data);
|
||||
} else {
|
||||
$data = $this->Controller->{$this->Controller->defaultModel}->{$options['afterFind']}($data);
|
||||
$data = $this->Controller->{$this->Controller->modelClass}->{$options['afterFind']}($data);
|
||||
}
|
||||
}
|
||||
$this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData($data, 'json');
|
||||
|
|
@ -64,7 +64,7 @@ class CRUDComponent extends Component
|
|||
|
||||
public function add(array $params = [])
|
||||
{
|
||||
$modelName = $this->Controller->defaultModel;
|
||||
$modelName = $this->Controller->modelClass;
|
||||
$data = [];
|
||||
if ($this->Controller->request->is('post')) {
|
||||
$input = $this->Controller->request->data;
|
||||
|
|
@ -154,7 +154,7 @@ class CRUDComponent extends Component
|
|||
|
||||
public function edit(int $id, array $params = [])
|
||||
{
|
||||
$modelName = $this->Controller->defaultModel;
|
||||
$modelName = $this->Controller->modelClass;
|
||||
if (empty($id)) {
|
||||
throw new NotFoundException(__('Invalid %s.', $modelName));
|
||||
}
|
||||
|
|
@ -230,7 +230,7 @@ class CRUDComponent extends Component
|
|||
|
||||
public function view(int $id, array $params = [])
|
||||
{
|
||||
$modelName = $this->Controller->defaultModel;
|
||||
$modelName = $this->Controller->modelClass;
|
||||
if (empty($id)) {
|
||||
throw new NotFoundException(__('Invalid %s.', $modelName));
|
||||
}
|
||||
|
|
@ -259,7 +259,7 @@ class CRUDComponent extends Component
|
|||
public function delete(int $id, array $params = [])
|
||||
{
|
||||
$this->prepareResponse();
|
||||
$modelName = $this->Controller->defaultModel;
|
||||
$modelName = $this->Controller->modelClass;
|
||||
if (empty($id)) {
|
||||
throw new NotFoundException(__('Invalid %s.', $modelName));
|
||||
}
|
||||
|
|
@ -367,7 +367,7 @@ class CRUDComponent extends Component
|
|||
foreach ($params as $param => $paramValue) {
|
||||
if (strpos($param, '.') !== false) {
|
||||
$param = explode('.', $param);
|
||||
if ($param[0] === $this->Controller->{$this->Controller->defaultModel}) {
|
||||
if ($param[0] === $this->Controller->{$this->Controller->modelClass}) {
|
||||
$massagedFilters['simpleFilters'][implode('.', $param)] = $paramValue;
|
||||
} else {
|
||||
$massagedFilters['relatedFilters'][implode('.', $param)] = $paramValue;
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
<?php
|
||||
class DeprecationComponent extends Component
|
||||
{
|
||||
public $redis = false;
|
||||
|
||||
/*
|
||||
* Deprecated endpoints
|
||||
* - simple controller->action structure
|
||||
|
|
@ -10,7 +8,8 @@ class DeprecationComponent extends Component
|
|||
*/
|
||||
private $deprecatedEndpoints;
|
||||
|
||||
public function initialize(Controller $controller) {
|
||||
public function initialize(Controller $controller)
|
||||
{
|
||||
$this->deprecatedEndpoints = array(
|
||||
'attributes' => array(
|
||||
'rpz' => __('Use /attributes/restSearch to export RPZ rules.'),
|
||||
|
|
@ -40,7 +39,7 @@ class DeprecationComponent extends Component
|
|||
);
|
||||
}
|
||||
|
||||
public function checkDeprecation($controller, $action, $model, $user_id)
|
||||
public function checkDeprecation($controller, $action, AppModel $model, $user_id)
|
||||
{
|
||||
if (isset($this->deprecatedEndpoints[$controller][$action])) {
|
||||
$this->__logDeprecatedAccess($controller, $action, $model, $user_id);
|
||||
|
|
@ -51,11 +50,11 @@ class DeprecationComponent extends Component
|
|||
return false;
|
||||
}
|
||||
|
||||
private function __logDeprecatedAccess($controller, $action, $model, $user_id)
|
||||
private function __logDeprecatedAccess($controller, $action, AppModel $model, $user_id)
|
||||
{
|
||||
$this->redis = $model->setupRedis();
|
||||
if ($this->redis) {
|
||||
@$this->redis->hincrby(
|
||||
$redis = $model->setupRedis();
|
||||
if ($redis) {
|
||||
@$redis->hincrby(
|
||||
'misp:deprecation',
|
||||
"$controller:$action:$user_id",
|
||||
1
|
||||
|
|
@ -64,12 +63,12 @@ class DeprecationComponent extends Component
|
|||
return false;
|
||||
}
|
||||
|
||||
public function getDeprecatedAccessList($model)
|
||||
public function getDeprecatedAccessList(AppModel $model)
|
||||
{
|
||||
$rearranged = array();
|
||||
$this->redis = $model->setupRedis();
|
||||
if ($this->redis) {
|
||||
@$result = $this->redis->hGetAll('misp:deprecation');
|
||||
$redis = $model->setupRedis();
|
||||
if ($redis) {
|
||||
$result = $redis->hGetAll('misp:deprecation');
|
||||
if (!empty($result)) {
|
||||
foreach ($result as $key => $value) {
|
||||
$key_components = explode(':', $key);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
<?php
|
||||
|
||||
App::uses('RandomTool', 'Tools');
|
||||
App::uses('Component', 'Controller');
|
||||
|
||||
class RateLimitComponent extends Component
|
||||
|
|
@ -16,7 +14,16 @@ class RateLimitComponent extends Component
|
|||
|
||||
public $components = array('RestResponse');
|
||||
|
||||
public function check($user, $controller, $action, $Model, &$info = array(), $responseType)
|
||||
/**
|
||||
* @param array $user
|
||||
* @param string $controller
|
||||
* @param string $action
|
||||
* @param AppModel $Model
|
||||
* @param array $info
|
||||
* @param string $responseType
|
||||
* @return bool
|
||||
*/
|
||||
public function check(array $user, $controller, $action, AppModel $Model, &$info = array(), $responseType)
|
||||
{
|
||||
if (!empty($user['Role']['enforce_rate_limit'])) {
|
||||
$uuid = Configure::read('MISP.uuid');
|
||||
|
|
@ -24,7 +31,7 @@ class RateLimitComponent extends Component
|
|||
$uuid = 'no-uuid';
|
||||
}
|
||||
$keyName = 'misp:' . $uuid . ':rate_limit:' . $user['id'];
|
||||
if (!empty($this->__limitedFunctions[$controller][$action])) {
|
||||
if (isset($this->__limitedFunctions[$controller][$action])) {
|
||||
if ($user['Role']['rate_limit_count'] == 0) {
|
||||
throw new MethodNotAllowedException(__('API searches are not allowed for this user role.'));
|
||||
}
|
||||
|
|
@ -34,7 +41,7 @@ class RateLimitComponent extends Component
|
|||
$info = array(
|
||||
'limit' => $user['Role']['rate_limit_count'],
|
||||
'reset' => $redis->ttl($keyName),
|
||||
'remaining'=> $user['Role']['rate_limit_count'] - $count
|
||||
'remaining' => $user['Role']['rate_limit_count'] - $count,
|
||||
);
|
||||
return $this->RestResponse->throwException(
|
||||
429,
|
||||
|
|
@ -53,7 +60,7 @@ class RateLimitComponent extends Component
|
|||
$info = array(
|
||||
'limit' => $user['Role']['rate_limit_count'],
|
||||
'reset' => $redis->ttl($keyName),
|
||||
'remaining'=> $user['Role']['rate_limit_count'] - $count
|
||||
'remaining' => $user['Role']['rate_limit_count'] - $count
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -442,7 +442,6 @@ class Event extends AppModel
|
|||
|
||||
public function beforeValidate($options = array())
|
||||
{
|
||||
parent::beforeValidate();
|
||||
// analysis - setting correct vars
|
||||
if (isset($this->data['Event']['analysis'])) {
|
||||
switch ($this->data['Event']['analysis']) {
|
||||
|
|
@ -468,7 +467,7 @@ class Event extends AppModel
|
|||
if (empty($this->data['Event']['uuid'])) {
|
||||
$this->data['Event']['uuid'] = CakeText::uuid();
|
||||
} else {
|
||||
$this->data['Event']['uuid'] = strtolower($this->data['Event']['uuid'] );
|
||||
$this->data['Event']['uuid'] = strtolower($this->data['Event']['uuid']);
|
||||
}
|
||||
|
||||
// Convert event ID to uuid if needed
|
||||
|
|
@ -489,8 +488,7 @@ class Event extends AppModel
|
|||
|
||||
// generate timestamp if it doesn't exist
|
||||
if (empty($this->data['Event']['timestamp'])) {
|
||||
$date = new DateTime();
|
||||
$this->data['Event']['timestamp'] = $date->getTimestamp();
|
||||
$this->data['Event']['timestamp'] = time();
|
||||
}
|
||||
|
||||
if (isset($this->data['Event']['publish_timestamp']) && empty($this->data['Event']['publish_timestamp'])) {
|
||||
|
|
@ -517,8 +515,7 @@ class Event extends AppModel
|
|||
$updateCorrelation['Correlation.sharing_group_id'] = (int)$this->data['Event']['sharing_group_id'];
|
||||
}
|
||||
if (!empty($updateCorrelation)) {
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
$this->Correlation->updateAll($updateCorrelation, ['Correlation.event_id' => (int)$this->data['Event']['id']]);
|
||||
$this->Attribute->Correlation->updateAll($updateCorrelation, ['Correlation.event_id' => (int)$this->data['Event']['id']]);
|
||||
}
|
||||
}
|
||||
if (empty($this->data['Event']['unpublishAction']) && empty($this->data['Event']['skip_zmq']) && Configure::read('Plugin.ZeroMQ_enable') && Configure::read('Plugin.ZeroMQ_event_notifications_enable')) {
|
||||
|
|
@ -571,11 +568,10 @@ class Event extends AppModel
|
|||
if (!isset($sgids) || empty($sgids)) {
|
||||
$sgids = array(-1);
|
||||
}
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
$eventIds = array_column(array_column($events, 'Event'), 'id');
|
||||
$conditionsCorrelation = $this->__buildEventConditionsCorrelation($user, $eventIds, $sgids);
|
||||
$this->Correlation->virtualFields['count'] = 'count(distinct(Correlation.event_id))';
|
||||
$correlations = $this->Correlation->find('list', array(
|
||||
$this->Attribute->Correlation->virtualFields['count'] = 'count(distinct(Correlation.event_id))';
|
||||
$correlations = $this->Attribute->Correlation->find('list', array(
|
||||
'fields' => array('Correlation.1_event_id', 'Correlation.count'),
|
||||
'conditions' => $conditionsCorrelation,
|
||||
'group' => array('Correlation.1_event_id'),
|
||||
|
|
|
|||
Loading…
Reference in New Issue