mirror of https://github.com/MISP/MISP
pull/61/head
parent
03ad7d3acd
commit
fa167bc2c8
|
@ -61,7 +61,8 @@ class AppController extends Controller {
|
||||||
// REST things
|
// REST things
|
||||||
if ($this->_isRest()) {
|
if ($this->_isRest()) {
|
||||||
// disable CSRF for REST access
|
// disable CSRF for REST access
|
||||||
$this->Security->csrfCheck = false;
|
if (array_key_exists('Security', $this->components))
|
||||||
|
$this->Security->csrfCheck = false;
|
||||||
|
|
||||||
// Authenticate user with authkey in Authorization HTTP header
|
// Authenticate user with authkey in Authorization HTTP header
|
||||||
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||||
|
|
|
@ -128,7 +128,7 @@ class EventsController extends AppController {
|
||||||
// check if the uuid already exists
|
// check if the uuid already exists
|
||||||
$existingEventCount = $this->Event->find('count', array('conditions' => array('Event.uuid'=>$this->request->data['Event']['uuid'])));
|
$existingEventCount = $this->Event->find('count', array('conditions' => array('Event.uuid'=>$this->request->data['Event']['uuid'])));
|
||||||
if ($existingEventCount > 0) {
|
if ($existingEventCount > 0) {
|
||||||
throw new InternalErrorException('Event already exists'); // TODO throw errors a clean way using XML
|
throw new MethodNotAllowedException('Event already exists'); // TODO throw errors a clean way using XML
|
||||||
}
|
}
|
||||||
|
|
||||||
// Workaround for different structure in XML/array than what CakePHP expects
|
// Workaround for different structure in XML/array than what CakePHP expects
|
||||||
|
|
|
@ -175,29 +175,41 @@ class ServersController extends AppController {
|
||||||
|
|
||||||
$this->Server->read(null, $id);
|
$this->Server->read(null, $id);
|
||||||
|
|
||||||
if ("full"==$full) {
|
if ("full"==$full) {
|
||||||
// TODO full push
|
$lastpushedid = 0;
|
||||||
throw new NotFoundException('Sorry, this is not yet implemented');
|
|
||||||
} else {
|
} else {
|
||||||
$find_params = array(
|
$lastpushedid = $this->Server->data['Server']['lastpushedid'];
|
||||||
'conditions' => array(
|
}
|
||||||
'Event.id >' => $this->Server->data['Server']['lastpushedid'],
|
$find_params = array(
|
||||||
'Event.private' => 0,
|
'conditions' => array(
|
||||||
'Event.published' =>1
|
'Event.id >' => $lastpushedid,
|
||||||
), //array of conditions
|
'Event.private' => 0,
|
||||||
'recursive' => 1, //int
|
'Event.published' =>1
|
||||||
'fields' => array('Event.*'), //array of field names
|
), //array of conditions
|
||||||
// 'order' => array('Event.id ASC'), //string or array defining order
|
'recursive' => 1, //int
|
||||||
);
|
'fields' => array('Event.*'), //array of field names
|
||||||
$events = $this->Event->find('all', $find_params);
|
);
|
||||||
|
$events = $this->Event->find('all', $find_params);
|
||||||
|
|
||||||
// FIXME now all events are uploaded, even if they exist on the remote server. No merging is done
|
// FIXME now all events are uploaded, even if they exist on the remote server. No merging is done
|
||||||
// FIXME file attachments are not synced
|
// FIXME file attachments are not synced
|
||||||
$lastpushedid = $this->Server->data['Server']['lastpushedid'];
|
$successes = array();
|
||||||
$successes = array();
|
$fails = array();
|
||||||
$fails = array();
|
|
||||||
|
|
||||||
foreach ($events as $event) {
|
$HttpSocket = new HttpSocket();
|
||||||
|
$uri = $this->Server->data['Server']['url'].'/events';
|
||||||
|
$request = array(
|
||||||
|
'header' => array(
|
||||||
|
'Authorization' => $this->Server->data['Server']['authkey'],
|
||||||
|
'Accept' => 'application/xml',
|
||||||
|
'Content-Type' => 'application/xml',
|
||||||
|
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
|
||||||
|
foreach ($events as $event) {
|
||||||
// TODO try to do this using a separate EventsController
|
// TODO try to do this using a separate EventsController
|
||||||
// $eventsController = new EventsController();
|
// $eventsController = new EventsController();
|
||||||
// $this->RequestHandler->renderAs($eventsController, 'xml');
|
// $this->RequestHandler->renderAs($eventsController, 'xml');
|
||||||
|
@ -215,57 +227,45 @@ class ServersController extends AppController {
|
||||||
// $this->set('isAdmin', $this->_isAdmin());
|
// $this->set('isAdmin', $this->_isAdmin());
|
||||||
// $eventsXml = $this->render('view');
|
// $eventsXml = $this->render('view');
|
||||||
|
|
||||||
$xmlArray = array();
|
$xmlArray = array();
|
||||||
// rearrange things to be compatible with the Xml::fromArray()
|
// rearrange things to be compatible with the Xml::fromArray()
|
||||||
$event['Event']['Attribute'] = $event['Attribute'];
|
$event['Event']['Attribute'] = $event['Attribute'];
|
||||||
unset($event['Attribute']);
|
unset($event['Attribute']);
|
||||||
|
|
||||||
// cleanup the array from things we do not want to expose
|
// cleanup the array from things we do not want to expose
|
||||||
unset($event['Event']['user_id']);
|
unset($event['Event']['user_id']);
|
||||||
unset($event['Event']['org']);
|
unset($event['Event']['org']);
|
||||||
// remove value1 and value2 from the output
|
// remove value1 and value2 from the output
|
||||||
foreach($event['Event']['Attribute'] as $key => $value) {
|
foreach($event['Event']['Attribute'] as $key => $value) {
|
||||||
unset($event['Event']['Attribute'][$key]['value1']);
|
unset($event['Event']['Attribute'][$key]['value1']);
|
||||||
unset($event['Event']['Attribute'][$key]['value2']);
|
unset($event['Event']['Attribute'][$key]['value2']);
|
||||||
// do not keep attributes that are private
|
// do not keep attributes that are private
|
||||||
if ($event['Event']['Attribute'][$key]['private']) {
|
if ($event['Event']['Attribute'][$key]['private']) {
|
||||||
unset($event['Event']['Attribute'][$key]);
|
unset($event['Event']['Attribute'][$key]);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// display the XML to the user
|
// display the XML to the user
|
||||||
$xmlArray['Event'][] = $event['Event'];
|
$xmlArray['Event'][] = $event['Event'];
|
||||||
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
|
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
|
||||||
$eventsXml = $xmlObject->asXML();
|
$eventsXml = $xmlObject->asXML();
|
||||||
// do a REST POST request with the server
|
// do a REST POST request with the server
|
||||||
$HttpSocket = new HttpSocket();
|
$data = $eventsXml;
|
||||||
$uri = $this->Server->data['Server']['url'].'/events';
|
// LATER validate HTTPS SSL certificate
|
||||||
$request = array(
|
$response = $HttpSocket->post($uri, $data, $request);
|
||||||
'header' => array(
|
if ($response->isOk()) {
|
||||||
'Authorization' => $this->Server->data['Server']['authkey'],
|
$successes[] = $event['Event']['id'];
|
||||||
'Accept' => 'application/xml',
|
|
||||||
'Content-Type' => 'application/xml'
|
|
||||||
)
|
|
||||||
);
|
|
||||||
$data = $eventsXml;
|
|
||||||
// LATER validate HTTPS SSL certificate
|
|
||||||
$response = $HttpSocket->post($uri, $data, $request);
|
|
||||||
if ($response->isOk()) {
|
|
||||||
debug('OK for event '.$event['Event']['id']);
|
|
||||||
$successes[] = $event['Event']['id'];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$fails[$event['Event']['id']] = $response->body;
|
|
||||||
}
|
|
||||||
$lastpushedid = max($lastpushedid, $event['Event']['id']);
|
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$fails[$event['Event']['id']] = $response->body;
|
||||||
|
}
|
||||||
|
$lastpushedid = max($lastpushedid, $event['Event']['id']);
|
||||||
|
}
|
||||||
|
|
||||||
$this->set('successes', $successes);
|
$this->set('successes', $successes);
|
||||||
$this->set('fails', $fails);
|
$this->set('fails', $fails);
|
||||||
// increment lastid based on the highest ID seen
|
// increment lastid based on the highest ID seen
|
||||||
$this->Server->saveField('lastpushedid', $lastpushedid);
|
$this->Server->saveField('lastpushedid', $lastpushedid);
|
||||||
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function _testXmlArrayProblem() {
|
private function _testXmlArrayProblem() {
|
||||||
|
|
Loading…
Reference in New Issue