mirror of
https://github.com/elyby/accounts.git
synced 2024-12-23 22:00:06 +05:30
Fixes ACCOUNTS-37R
This commit is contained in:
parent
120057b66c
commit
e3a99f04fe
@ -3,8 +3,8 @@ namespace api\modules\authserver\exceptions;
|
||||
|
||||
class IllegalArgumentException extends AuthserverException {
|
||||
|
||||
public function __construct($status = null, $message = null, $code = 0, \Exception $previous = null) {
|
||||
parent::__construct(400, 'credentials can not be null.', $code, $previous);
|
||||
public function __construct($message = 'credentials can not be null.') {
|
||||
parent::__construct(400, $message);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -5,6 +5,7 @@ use api\models\authentication\LoginForm;
|
||||
use api\models\base\ApiForm;
|
||||
use api\modules\authserver\exceptions\ForbiddenOperationException;
|
||||
use api\modules\authserver\Module as Authserver;
|
||||
use api\modules\authserver\validators\ClientTokenValidator;
|
||||
use api\modules\authserver\validators\RequiredValidator;
|
||||
use common\helpers\Error as E;
|
||||
use common\models\Account;
|
||||
@ -19,6 +20,7 @@ class AuthenticationForm extends ApiForm {
|
||||
public function rules() {
|
||||
return [
|
||||
[['username', 'password', 'clientToken'], RequiredValidator::class],
|
||||
[['clientToken'], ClientTokenValidator::class],
|
||||
];
|
||||
}
|
||||
|
||||
|
25
api/modules/authserver/validators/ClientTokenValidator.php
Normal file
25
api/modules/authserver/validators/ClientTokenValidator.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
namespace api\modules\authserver\validators;
|
||||
|
||||
use api\modules\authserver\exceptions\IllegalArgumentException;
|
||||
|
||||
/**
|
||||
* Максимальная длина clientToken для нашей базы данных составляет 255.
|
||||
* После этого мы не принимаем указанный токен
|
||||
*/
|
||||
class ClientTokenValidator extends \yii\validators\RequiredValidator {
|
||||
|
||||
/**
|
||||
* @param string $value
|
||||
* @return null
|
||||
* @throws \api\modules\authserver\exceptions\AuthserverException
|
||||
*/
|
||||
protected function validateValue($value) {
|
||||
if (mb_strlen($value) > 255) {
|
||||
throw new IllegalArgumentException('clientToken is too long.');
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
use console\db\Migration;
|
||||
|
||||
class m180102_164624_increase_minecraft_access_keys_client_token_length extends Migration {
|
||||
|
||||
public function safeUp() {
|
||||
$this->alterColumn('{{%minecraft_access_keys}}', 'client_token', $this->string()->notNull());
|
||||
}
|
||||
|
||||
public function safeDown() {
|
||||
$this->alterColumn('{{%minecraft_access_keys}}', 'client_token', $this->string(36)->notNull());
|
||||
}
|
||||
|
||||
}
|
@ -75,6 +75,31 @@ class AuthorizationCest {
|
||||
$this->testSuccessResponse($I);
|
||||
}
|
||||
|
||||
public function longClientToken(FunctionalTester $I) {
|
||||
$I->wantTo('send non uuid clientToken, but less then 255 characters');
|
||||
$this->route->authenticate([
|
||||
'username' => 'admin@ely.by',
|
||||
'password' => 'password_0',
|
||||
'clientToken' => str_pad('', 255, 'x'),
|
||||
]);
|
||||
$this->testSuccessResponse($I);
|
||||
}
|
||||
|
||||
public function tooLongClientToken(FunctionalTester $I) {
|
||||
$I->wantTo('send non uuid clientToken with more then 255 characters length');
|
||||
$this->route->authenticate([
|
||||
'username' => 'admin@ely.by',
|
||||
'password' => 'password_0',
|
||||
'clientToken' => str_pad('', 256, 'x'),
|
||||
]);
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'error' => 'IllegalArgumentException',
|
||||
'errorMessage' => 'clientToken is too long.',
|
||||
]);
|
||||
}
|
||||
|
||||
public function wrongArguments(FunctionalTester $I) {
|
||||
$I->wantTo('get error on wrong amount of arguments');
|
||||
$this->route->authenticate([
|
||||
|
Loading…
Reference in New Issue
Block a user