From 99fe2244fbfb72efc2573e2524990269f3327bae Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 4 Apr 2023 12:31:20 +0200 Subject: [PATCH] return message and not just status --- restapi/index.php | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/restapi/index.php b/restapi/index.php index 4ae5efece..3eceae4f0 100644 --- a/restapi/index.php +++ b/restapi/index.php @@ -435,7 +435,7 @@ class RestapiController { /* {{{ */ return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403); } } else { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } } } /* }}} */ @@ -2136,7 +2136,7 @@ class RestapiController { /* {{{ */ } return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$data), 200); } else { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such group', 'data'=>''), 404); } } /* }}} */ @@ -2241,7 +2241,7 @@ class RestapiController { /* {{{ */ $success = ($folder->inheritsAccess() == $inherit); return $response->withJson(array('success'=>$success, 'message'=>'', 'data'=>$data), 200); } else { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } } /* }}} */ @@ -2275,7 +2275,7 @@ class RestapiController { /* {{{ */ $folder = $dms->getfolderByName($args['id']); } if (!$folder) { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } $params = $request->getParsedBody(); @@ -2550,7 +2550,7 @@ class RestapiController { /* {{{ */ $folder = $dms->getFolderByName($args['id']); } if (!$folder) { - return $response->withStatus(404); + return $response->withJson(array('success'=>false, 'message'=>'No such folder', 'data'=>''), 404); } if (!$folder->clearAccessList()) { return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. Could not clear access list for this folder.', 'data'=>''), 500); @@ -2645,17 +2645,17 @@ class RestapiAuth { /* {{{ */ $logger->log("Received preflight options request", PEAR_LOG_DEBUG); } elseif(!in_array($request->getUri()->getPath(), array('login')) && substr($request->getUri()->getPath(), 0, 5) != 'echo/' && $request->getUri()->getPath() != 'version') { $userobj = null; - if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) { - $logger->log("Authorization key: ".$this->container->environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG); - if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) { - if(!($userobj = $dms->getUser($settings->_apiUserId))) { - return $response->withStatus(403); - } - } else { - return $response->withStatus(403); - } - $logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); - } else { + if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) { + $logger->log("Authorization key: ".$this->container->environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG); + if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) { + if(!($userobj = $dms->getUser($settings->_apiUserId))) { + return $response->withJson(array('success'=>false, 'message'=>'Invalid user associated with api key', 'data'=>''), 403); + } + } else { + return $response->withJson(array('success'=>false, 'message'=>'Wrong api key', 'data'=>''), 403); + } + $logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); + } else { require_once("../inc/inc.ClassSession.php"); $session = new SeedDMS_Session($dms->getDb()); if (isset($_COOKIE["mydms_session"])) { @@ -2665,7 +2665,7 @@ class RestapiAuth { /* {{{ */ /* Delete Cookie */ setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); $logger->log("Session for id '".$dms_session."' has gone", PEAR_LOG_ERR); - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Session has gone', 'data'=>''), 403); } /* Load user data */ @@ -2675,20 +2675,20 @@ class RestapiAuth { /* {{{ */ setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); if($settings->_enableGuestLogin) { if(!($userobj = $dms->getUser($settings->_guestID))) - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Could not get guest login', 'data'=>''), 403); } else - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Login as guest disabled', 'data'=>''), 403); } if($userobj->isAdmin()) { if($resArr["su"]) { if(!($userobj = $dms->getUser($resArr["su"]))) - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Cannot substitute user', 'data'=>''), 403); } } // $logger->log("Login with user name '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); $dms->setUser($userobj); } else { - return $response->withStatus(403); + return $response->withJson(array('success'=>false, 'message'=>'Missing session cookie', 'data'=>''), 403); } } $this->container['userobj'] = $userobj;