blacklist is now safe

60ce7da0 · Zohten · 309e903b · 60ce7da0 · 60ce7da0
Commit 60ce7da0 authored Dec 03, 2020 by Zohten
Show whitespace changes
Inline Side-by-side

Showing with 21 additions and 1 deletion

BlacklistController.class.php BackEnd/src/controller/BlacklistController.class.php +6 -0

blacklistRequest.http BackEnd/src/testRequests/blacklistRequest.http +15 -1

No files found.
--- a/BackEnd/src/controller/BlacklistController.class.php
+++ b/BackEnd/src/controller/BlacklistController.class.php
@@ -17,6 +17,12 @@ class BlacklistController extends Controller
        $httpMethod=$this->request->getHttpMethod();
        $uriParams=$this->request->getUriParams();

+        // Auth with token phase (id = 0 because not used when checking admin)
+        $authResponse = $this->authUser(-1, 'admin');
+        if($authResponse->getCode()!=200){
+            return $authResponse;
+        }
+
        switch ($httpMethod) {
            case 'GET':
                // If there is a uriParams, it is the /blacklist/{ip} endpoint

--- a/BackEnd/src/testRequests/blacklistRequest.http
+++ b/BackEnd/src/testRequests/blacklistRequest.http
+### Récupérer un token admin
+POST http://localhost/index.php/login
+
+{
+    "login": "admin",
+    "pwd": "hashedadminpwd"
+}
+
 ### Récupérer toutes les ip bannies
 GET http://localhost/index.php/blacklist
-
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDY5OTE1NzQsImV4cCI6MTYwNjk5NTE3NCwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.dALNLjLZyaATmAvUiiB9t3gSxf72-t87mxsAQltIMGo
 ### Vérifie si l'ip appartient à la blacklist (oui)
 GET http://localhost/index.php/blacklist/192.1.1.51
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDY5OTE1NzQsImV4cCI6MTYwNjk5NTE3NCwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.dALNLjLZyaATmAvUiiB9t3gSxf72-t87mxsAQltIMGo

 ### Vérifie si l'ip appartient à la blacklist (non)
 GET http://localhost/index.php/blacklist/192.1.1.5
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDY5OTE1NzQsImV4cCI6MTYwNjk5NTE3NCwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.dALNLjLZyaATmAvUiiB9t3gSxf72-t87mxsAQltIMGo

 ### Ajouter une ip valide à la blacklist
 POST http://localhost/index.php/blacklist
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDY5OTE1NzQsImV4cCI6MTYwNjk5NTE3NCwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.dALNLjLZyaATmAvUiiB9t3gSxf72-t87mxsAQltIMGo

 {
    "ip":"192.1.1.4"
@@ -16,6 +27,7 @@ POST http://localhost/index.php/blacklist

 ### Ajouter une ip non valide à la blacklist
 POST http://localhost/index.php/blacklist
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDY5OTE1NzQsImV4cCI6MTYwNjk5NTE3NCwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.dALNLjLZyaATmAvUiiB9t3gSxf72-t87mxsAQltIMGo

 {
    "ip":"pouet"
@@ -23,9 +35,11 @@ POST http://localhost/index.php/blacklist

 ###
 DELETE http://localhost/index.php/blacklist/192.1.1.4
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDY5OTE1NzQsImV4cCI6MTYwNjk5NTE3NCwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.dALNLjLZyaATmAvUiiB9t3gSxf72-t87mxsAQltIMGo

 ### Ajouter une ip valide à la blacklist
 POST http://localhost/index.php/blacklist
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MDY5OTE1NzQsImV4cCI6MTYwNjk5NTE3NCwiaXNzIjoibG9jYWxob3N0IiwiZGF0YSI6eyJpZCI6IjciLCJyb2xlIjoiMiIsImVtYWlsIjoiYmVsb3ZlZC5hZG1pbkBmcmVlLmZyIn19.dALNLjLZyaATmAvUiiB9t3gSxf72-t87mxsAQltIMGo

 {
    "ip":"127.0.0.1"