mirror of https://github.com/MISP/MISP
chg: [internal] Remove old way for putting API key to rest search
parent
9f3e6ce20e
commit
fa02aed60c
|
@ -991,31 +991,6 @@ class AppController extends Controller
|
||||||
return $this->userRole['perm_site_admin'];
|
return $this->userRole['perm_site_admin'];
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function _getApiAuthUser($key, &$exception)
|
|
||||||
{
|
|
||||||
if (strlen($key) === 40) {
|
|
||||||
// check if the key is valid -> search for users based on key
|
|
||||||
$user = $this->_checkAuthUser($key);
|
|
||||||
if (!$user) {
|
|
||||||
$exception = $this->RestResponse->throwException(
|
|
||||||
401,
|
|
||||||
__('This authentication key is not authorized to be used for exports. Contact your administrator.')
|
|
||||||
);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$user = $this->Auth->user();
|
|
||||||
if (!$user) {
|
|
||||||
$exception = $this->RestResponse->throwException(
|
|
||||||
401,
|
|
||||||
__('You have to be logged in to do that.')
|
|
||||||
);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $user;
|
|
||||||
}
|
|
||||||
|
|
||||||
private function __captureParam($data, $param, $value)
|
private function __captureParam($data, $param, $value)
|
||||||
{
|
{
|
||||||
if ($this->modelClass->checkParam($param)) {
|
if ($this->modelClass->checkParam($param)) {
|
||||||
|
@ -1369,13 +1344,8 @@ class AppController extends Controller
|
||||||
if ($filters === false) {
|
if ($filters === false) {
|
||||||
return $exception;
|
return $exception;
|
||||||
}
|
}
|
||||||
$key = empty($filters['key']) ? $filters['returnFormat'] : $filters['key'];
|
|
||||||
$user = $this->_getApiAuthUser($key, $exception);
|
|
||||||
if ($user === false) {
|
|
||||||
return $exception;
|
|
||||||
}
|
|
||||||
|
|
||||||
session_write_close(); // Rest search can be longer, so close session to allow concurrent requests
|
$user = $this->_closeSession();
|
||||||
|
|
||||||
if (isset($filters['returnFormat'])) {
|
if (isset($filters['returnFormat'])) {
|
||||||
$returnFormat = $filters['returnFormat'];
|
$returnFormat = $filters['returnFormat'];
|
||||||
|
@ -1565,6 +1535,12 @@ class AppController extends Controller
|
||||||
protected function _closeSession()
|
protected function _closeSession()
|
||||||
{
|
{
|
||||||
$user = $this->Auth->user();
|
$user = $this->Auth->user();
|
||||||
|
|
||||||
|
// Hack to store user info in static AuthComponent::$_user variable to avoid starting session again by calling
|
||||||
|
// $this->Auth->user()
|
||||||
|
AuthComponent::$sessionKey = null;
|
||||||
|
$this->Auth->login($user);
|
||||||
|
|
||||||
session_abort();
|
session_abort();
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue