MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [internal] Remove old way for putting API key to rest search

pull/8464/head
Jakub Onderka 2022-06-28 17:12:07 +02:00
parent 9f3e6ce20e
commit fa02aed60c
1 changed files with 7 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
app/Controller/AppController.php
View File

@ -991,31 +991,6 @@ class AppController extends Controller
return $this->userRole['perm_site_admin'];
}
protected function _getApiAuthUser($key, &$exception)
{
if (strlen($key) === 40) {
// check if the key is valid -> search for users based on key
$user = $this->_checkAuthUser($key);
if (!$user) {
$exception = $this->RestResponse->throwException(
401,
__('This authentication key is not authorized to be used for exports. Contact your administrator.')
);
return false;
}
} else {
$user = $this->Auth->user();
if (!$user) {
$exception = $this->RestResponse->throwException(
401,
__('You have to be logged in to do that.')
);
return false;
}
}
return $user;
}
private function __captureParam($data, $param, $value)
{
if ($this->modelClass->checkParam($param)) {
@ -1369,13 +1344,8 @@ class AppController extends Controller
if ($filters === false) {
return $exception;
}
$key = empty($filters['key']) ? $filters['returnFormat'] : $filters['key'];
$user = $this->_getApiAuthUser($key, $exception);
if ($user === false) {
return $exception;
}
session_write_close(); // Rest search can be longer, so close session to allow concurrent requests
$user = $this->_closeSession();
if (isset($filters['returnFormat'])) {
$returnFormat = $filters['returnFormat'];
@ -1565,6 +1535,12 @@ class AppController extends Controller
protected function _closeSession()
{
$user = $this->Auth->user();
// Hack to store user info in static AuthComponent::$_user variable to avoid starting session again by calling
// $this->Auth->user()
AuthComponent::$sessionKey = null;
$this->Auth->login($user);
session_abort();
return $user;
}