From ac3c62355f5b1b68b4e328bd2a82901e50cb6357 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 4 Apr 2023 12:31:09 +0200 Subject: [PATCH 1/3] start new version 5.1.31 --- CHANGELOG | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index abaab0767..94b2c0554 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +-------------------------------------------------------------------------------- + Changes in version 5.1.31 +-------------------------------------------------------------------------------- +- rest api returns error msg and not just http status + -------------------------------------------------------------------------------- Changes in version 5.1.30 -------------------------------------------------------------------------------- From 99fe2244fbfb72efc2573e2524990269f3327bae Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 4 Apr 2023 12:31:20 +0200 Subject: [PATCH 2/3] return message and not just status --- restapi/index.php | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/restapi/index.php b/restapi/index.php index 4ae5efece..3eceae4f0 100644 --- a/restapi/index.php +++ b/restapi/index.php @@ -435,7 +435,7 @@ class RestapiController { /* {{{ */ return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403); } } else { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } } } /* }}} */ @@ -2136,7 +2136,7 @@ class RestapiController { /* {{{ */ } return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200); } else { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such group', 'data'=>''), 404); } } /* }}} */ @@ -2241,7 +2241,7 @@ class RestapiController { /* {{{ */ $success = ($folder->inheritsAccess() == $inherit); return $response->withJson(array('success'=>$success, 'message'=>'', 'data'=>$data), 200); } else { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } } /* }}} */ @@ -2275,7 +2275,7 @@ class RestapiController { /* {{{ */ $folder = $dms->getfolderByName($args['id']); } if (!$folder) { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } $params = $request->getParsedBody(); @@ -2550,7 +2550,7 @@ class RestapiController { /* {{{ */ $folder = $dms->getFolderByName($args['id']); } if (!$folder) { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } if (!$folder->clearAccessList()) { return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. Could not clear access list for this folder.', 'data'=>''), 500); @@ -2645,17 +2645,17 @@ class RestapiAuth { /* {{{ */ $logger->log("Received preflight options request", PEAR_LOG_DEBUG); } elseif(!in_array($request->getUri()->getPath(), array('login')) && substr($request->getUri()->getPath(), 0, 5) != 'echo/' && $request->getUri()->getPath() != 'version') { $userobj = null; - if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) { - $logger->log("Authorization key: ".$this->container->environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG); - if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) { - if(!($userobj = $dms->getUser($settings->_apiUserId))) { - return $response->withStatus(403); - } - } else { - return $response->withStatus(403); - } - $logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); - } else { + if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) { + $logger->log("Authorization key: ".$this->container->environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG); + if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) { + if(!($userobj = $dms->getUser($settings->_apiUserId))) { + return $response->withJson(array('success'=>false, 'message'=>'Invalid user associated with api key', 'data'=>''), 403); + } + } else { + return $response->withJson(array('success'=>false, 'message'=>'Wrong api key', 'data'=>''), 403); + } + $logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); + } else { require_once("../inc/inc.ClassSession.php"); $session = new SeedDMS_Session($dms->getDb()); if (isset($_COOKIE["mydms_session"])) { @@ -2665,7 +2665,7 @@ class RestapiAuth { /* {{{ */ /* Delete Cookie */ setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); $logger->log("Session for id '".$dms_session."' has gone", PEAR_LOG_ERR); - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Session has gone', 'data'=>''), 403); } /* Load user data */ @@ -2675,20 +2675,20 @@ class RestapiAuth { /* {{{ */ setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); if($settings->_enableGuestLogin) { if(!($userobj = $dms->getUser($settings->_guestID))) - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Could not get guest login', 'data'=>''), 403); } else - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Login as guest disabled', 'data'=>''), 403); } if($userobj->isAdmin()) { if($resArr["su"]) { if(!($userobj = $dms->getUser($resArr["su"]))) - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Cannot substitute user', 'data'=>''), 403); } } // $logger->log("Login with user name '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); $dms->setUser($userobj); } else { - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Missing session cookie', 'data'=>''), 403); } } $this->container['userobj'] = $userobj; From d4fbae1a4c21cdc80260aab2d4f271539bdf5a71 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 4 Apr 2023 12:31:52 +0200 Subject: [PATCH 3/3] new version 5.1.31 --- inc/inc.Version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/inc.Version.php b/inc/inc.Version.php index 2003b0c1a..a1876b726 100644 --- a/inc/inc.Version.php +++ b/inc/inc.Version.php @@ -20,7 +20,7 @@ class SeedDMS_Version { /* {{{ */ - const _number = "5.1.30"; + const _number = "5.1.31"; const _string = "SeedDMS"; function __construct() {