diff --git a/composer.lock b/composer.lock index 6a9610751..8f7349d0c 100644 --- a/composer.lock +++ b/composer.lock @@ -613,16 +613,16 @@ }, { "name": "psr/log", - "version": "1.1.1", + "version": "1.1.2", "source": { "type": "git", "url": "https://github.com/php-fig/log.git", - "reference": "bf73deb2b3b896a9d9c75f3f0d88185d2faa27e2" + "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-fig/log/zipball/bf73deb2b3b896a9d9c75f3f0d88185d2faa27e2", - "reference": "bf73deb2b3b896a9d9c75f3f0d88185d2faa27e2", + "url": "https://api.github.com/repos/php-fig/log/zipball/446d54b4cb6bf489fc9d75f55843658e6f25d801", + "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801", "shasum": "" }, "require": { @@ -656,7 +656,7 @@ "psr", "psr-3" ], - "time": "2019-10-25T08:06:51+00:00" + "time": "2019-11-01T11:05:21+00:00" }, { "name": "psr/simple-cache", @@ -785,16 +785,16 @@ }, { "name": "symfony/config", - "version": "v4.3.5", + "version": "v4.3.6", "source": { "type": "git", "url": "https://github.com/symfony/config.git", - "reference": "0acb26407a9e1a64a275142f0ae5e36436342720" + "reference": "f4ee0ebb91b16ca1ac105aa39f9284f3cac19a15" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/config/zipball/0acb26407a9e1a64a275142f0ae5e36436342720", - "reference": "0acb26407a9e1a64a275142f0ae5e36436342720", + "url": "https://api.github.com/repos/symfony/config/zipball/f4ee0ebb91b16ca1ac105aa39f9284f3cac19a15", + "reference": "f4ee0ebb91b16ca1ac105aa39f9284f3cac19a15", "shasum": "" }, "require": { @@ -845,20 +845,20 @@ ], "description": "Symfony Config Component", "homepage": "https://symfony.com", - "time": "2019-09-19T15:51:53+00:00" + "time": "2019-10-30T13:18:51+00:00" }, { "name": "symfony/console", - "version": "v4.3.5", + "version": "v4.3.6", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "929ddf360d401b958f611d44e726094ab46a7369" + "reference": "136c4bd62ea871d00843d1bc0316de4c4a84bb78" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/929ddf360d401b958f611d44e726094ab46a7369", - "reference": "929ddf360d401b958f611d44e726094ab46a7369", + "url": "https://api.github.com/repos/symfony/console/zipball/136c4bd62ea871d00843d1bc0316de4c4a84bb78", + "reference": "136c4bd62ea871d00843d1bc0316de4c4a84bb78", "shasum": "" }, "require": { @@ -920,11 +920,11 @@ ], "description": "Symfony Console Component", "homepage": "https://symfony.com", - "time": "2019-10-07T12:36:49+00:00" + "time": "2019-10-30T12:58:49+00:00" }, { "name": "symfony/filesystem", - "version": "v4.3.5", + "version": "v4.3.6", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", @@ -1207,16 +1207,16 @@ }, { "name": "symfony/yaml", - "version": "v4.3.5", + "version": "v4.3.6", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "41e16350a2a1c7383c4735aa2f9fce74cf3d1178" + "reference": "324cf4b19c345465fad14f3602050519e09e361d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/41e16350a2a1c7383c4735aa2f9fce74cf3d1178", - "reference": "41e16350a2a1c7383c4735aa2f9fce74cf3d1178", + "url": "https://api.github.com/repos/symfony/yaml/zipball/324cf4b19c345465fad14f3602050519e09e361d", + "reference": "324cf4b19c345465fad14f3602050519e09e361d", "shasum": "" }, "require": { @@ -1262,7 +1262,7 @@ ], "description": "Symfony Yaml Component", "homepage": "https://symfony.com", - "time": "2019-09-11T15:41:19+00:00" + "time": "2019-10-30T12:58:49+00:00" }, { "name": "zendframework/zend-diactoros", @@ -1594,16 +1594,16 @@ }, { "name": "cakephp/debug_kit", - "version": "3.20.3", + "version": "3.20.5", "source": { "type": "git", "url": "https://github.com/cakephp/debug_kit.git", - "reference": "2ebc6b61fdb4741e890c564ab4d55a9b1d29c47f" + "reference": "7c399398fc31db2cfad93400c0986a160ddc3834" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/cakephp/debug_kit/zipball/2ebc6b61fdb4741e890c564ab4d55a9b1d29c47f", - "reference": "2ebc6b61fdb4741e890c564ab4d55a9b1d29c47f", + "url": "https://api.github.com/repos/cakephp/debug_kit/zipball/7c399398fc31db2cfad93400c0986a160ddc3834", + "reference": "7c399398fc31db2cfad93400c0986a160ddc3834", "shasum": "" }, "require": { @@ -1650,7 +1650,7 @@ "debug", "kit" ], - "time": "2019-10-09T01:55:34+00:00" + "time": "2019-11-01T01:21:14+00:00" }, { "name": "composer/ca-bundle", @@ -1710,16 +1710,16 @@ }, { "name": "composer/composer", - "version": "1.9.0", + "version": "1.9.1", "source": { "type": "git", "url": "https://github.com/composer/composer.git", - "reference": "314aa57fdcfc942065996f59fb73a8b3f74f3fa5" + "reference": "bb01f2180df87ce7992b8331a68904f80439dd2f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/composer/zipball/314aa57fdcfc942065996f59fb73a8b3f74f3fa5", - "reference": "314aa57fdcfc942065996f59fb73a8b3f74f3fa5", + "url": "https://api.github.com/repos/composer/composer/zipball/bb01f2180df87ce7992b8331a68904f80439dd2f", + "reference": "bb01f2180df87ce7992b8331a68904f80439dd2f", "shasum": "" }, "require": { @@ -1786,7 +1786,7 @@ "dependency", "package" ], - "time": "2019-08-02T18:55:33+00:00" + "time": "2019-11-01T16:20:17+00:00" }, { "name": "composer/semver", @@ -4005,16 +4005,16 @@ }, { "name": "symfony/finder", - "version": "v4.3.5", + "version": "v4.3.6", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "5e575faa95548d0586f6bedaeabec259714e44d1" + "reference": "72a068f77e317ae77c0a0495236ad292cfb5ce6f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/5e575faa95548d0586f6bedaeabec259714e44d1", - "reference": "5e575faa95548d0586f6bedaeabec259714e44d1", + "url": "https://api.github.com/repos/symfony/finder/zipball/72a068f77e317ae77c0a0495236ad292cfb5ce6f", + "reference": "72a068f77e317ae77c0a0495236ad292cfb5ce6f", "shasum": "" }, "require": { @@ -4050,7 +4050,7 @@ ], "description": "Symfony Finder Component", "homepage": "https://symfony.com", - "time": "2019-09-16T11:29:48+00:00" + "time": "2019-10-30T12:53:54+00:00" }, { "name": "symfony/polyfill-php72", @@ -4109,16 +4109,16 @@ }, { "name": "symfony/process", - "version": "v4.3.5", + "version": "v4.3.6", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "50556892f3cc47d4200bfd1075314139c4c9ff4b" + "reference": "3b2e0cb029afbb0395034509291f21191d1a4db0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/50556892f3cc47d4200bfd1075314139c4c9ff4b", - "reference": "50556892f3cc47d4200bfd1075314139c4c9ff4b", + "url": "https://api.github.com/repos/symfony/process/zipball/3b2e0cb029afbb0395034509291f21191d1a4db0", + "reference": "3b2e0cb029afbb0395034509291f21191d1a4db0", "shasum": "" }, "require": { @@ -4154,20 +4154,20 @@ ], "description": "Symfony Process Component", "homepage": "https://symfony.com", - "time": "2019-09-26T21:17:10+00:00" + "time": "2019-10-28T17:07:32+00:00" }, { "name": "symfony/var-dumper", - "version": "v4.3.5", + "version": "v4.3.6", "source": { "type": "git", "url": "https://github.com/symfony/var-dumper.git", - "reference": "bde8957fc415fdc6964f33916a3755737744ff05" + "reference": "ea4940845535c85ff5c505e13b3205b0076d07bf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/var-dumper/zipball/bde8957fc415fdc6964f33916a3755737744ff05", - "reference": "bde8957fc415fdc6964f33916a3755737744ff05", + "url": "https://api.github.com/repos/symfony/var-dumper/zipball/ea4940845535c85ff5c505e13b3205b0076d07bf", + "reference": "ea4940845535c85ff5c505e13b3205b0076d07bf", "shasum": "" }, "require": { @@ -4230,7 +4230,7 @@ "debug", "dump" ], - "time": "2019-10-04T19:48:13+00:00" + "time": "2019-10-13T12:02:04+00:00" }, { "name": "theseer/tokenizer", diff --git a/config/app.default.php b/config/app.default.php index 01f3b88c9..6e53da67e 100644 --- a/config/app.default.php +++ b/config/app.default.php @@ -396,5 +396,7 @@ return [ 'LoginServer' => [ 'host' => 'http://127.0.0.1', 'port' => 1201 - ] + ], + + 'GroupNode' => false ]; diff --git a/config/routes.php b/config/routes.php index 807510cff..4f7b5c609 100644 --- a/config/routes.php +++ b/config/routes.php @@ -46,10 +46,22 @@ use Cake\Routing\Route\DashedRoute; Router::defaultRouteClass(DashedRoute::class); Router::scope('/', function (RouteBuilder $routes) { - // Register scoped middleware for in scopes. - $routes->registerMiddleware('csrf', new CsrfProtectionMiddleware([ + + $csrf = new CsrfProtectionMiddleware([ 'httpOnly' => true - ])); + ]); + + // Token check will be skipped when callback returns `true`. + $csrf->whitelistCallback(function ($request) { + // Skip token check for API URLs. + //die($request->getParam('controller')); + if($request->getParam('controller') === 'TransactionJsonRequestHandler') { + return true; + } + }); + + // Register scoped middleware for in scopes. + $routes->registerMiddleware('csrf', $csrf); /** * Apply a middleware to the current route scope. diff --git a/mithril_client b/mithril_client index 2e6245c8e..680e56876 160000 --- a/mithril_client +++ b/mithril_client @@ -1 +1 @@ -Subproject commit 2e6245c8eb8d86945f5b251f01e5a1d56c84cce7 +Subproject commit 680e56876d6e7f2778bff4eb49c880063716b391 diff --git a/src/Application.php b/src/Application.php index 4d7529e97..dbc4640c0 100644 --- a/src/Application.php +++ b/src/Application.php @@ -18,9 +18,12 @@ use Cake\Core\Configure; use Cake\Core\Exception\MissingPluginException; use Cake\Error\Middleware\ErrorHandlerMiddleware; use Cake\Http\BaseApplication; +use Cake\Http\Middleware\CsrfProtectionMiddleware; use Cake\Routing\Middleware\AssetMiddleware; use Cake\Routing\Middleware\RoutingMiddleware; + + /** * Application setup class. * @@ -51,6 +54,8 @@ class Application extends BaseApplication // Load more plugins here } + + /** * Setup the middleware queue your application will use. @@ -60,7 +65,22 @@ class Application extends BaseApplication */ public function middleware($middlewareQueue) { + //$csrf = new CsrfProtectionMiddleware(); + + // Token check will be skipped when callback returns `true`. + /*$csrf->whitelistCallback(function ($request) { + // Skip token check for API URLs. + //if ($request->getParam('prefix') === 'api') { + if($request->getAttribute('base') === 'TransactionJsonRequestHandler') { + return true; + } + }); +*/ + // Ensure routing middleware is added to the queue before CSRF protection middleware. + //$middlewareQueue->; + $middlewareQueue + // ->add($csrf) // Catch any exceptions in the lower layers, // and make an error page/response ->add(new ErrorHandlerMiddleware(null, Configure::read('Error'))) diff --git a/src/Model/Transactions/Transaction.php b/src/Model/Transactions/Transaction.php new file mode 100644 index 000000000..d2bf41e69 --- /dev/null +++ b/src/Model/Transactions/Transaction.php @@ -0,0 +1,65 @@ +addError('base64 decode failed'); + } else { + $this->mProtoTransaction = new \Messages\Gradido\Transaction(); + $this->mProtoTransaction->mergeFromString($transactionBin); + + $this->mProtoTransactionBody = new Messages\Gradido\TransactionBody(); + $this->mProtoTransactionBody->mergeFromString($this->mProtoTransaction->getBodyBytes()); + + $data = $this->mProtoTransactionBody->getData(); + var_dump($data); + } + } + + public function validate() { + $sigPairs = $this->mProtoTransaction->getSigMap()->getSigPair(); + $bodyBytes = $this->mProtoTransaction->getBodyBytes(); + + // check signature(s) + foreach($sigPairs as $sigPair) { + $pubkey = $sigPair->getPubKey(); + $signature = $sigPair->getEd25519(); + if (!\Sodium\crypto_sign_verify_detached($signature, $bodyBytes, $pubkey)) { + $this->addError('signature for key ' . bin2hex($pubkey) . ' isn\'t valid ' ); + return false; + } + } + + return true; + } + + public function getErrors() { + return $this->errors; + } + + public function hasErrors() { + return count($this->errors) > 0; + } + + + private function addError($message) { + array_push($this->errors, $message); + } +} \ No newline at end of file diff --git a/src/Model/Transactions/TransactionBase.php b/src/Model/Transactions/TransactionBase.php new file mode 100644 index 000000000..1486c92df --- /dev/null +++ b/src/Model/Transactions/TransactionBase.php @@ -0,0 +1,7 @@ +getRequest()->getSession(); $transactionPendings = $session->read('Transactions.pending'); - +//echo "transactions pending: " . $transactionPendings; ?> @@ -40,7 +40,7 @@ $transactionPendings = $session->read('Transactions.pending');

Community Server in Entwicklung

-

Alpha 0.4.3

+

Alpha 0.4.4