UserToken / UserAPI
This commit is contained in:
@@ -32,6 +32,7 @@ namespace Core\API {
|
||||
$connectionData->setProperty("from", $settings["mail_from"] ?? "");
|
||||
$connectionData->setProperty("last_sync", $settings["mail_last_sync"] ?? "");
|
||||
$connectionData->setProperty("mail_footer", $settings["mail_footer"] ?? "");
|
||||
$connectionData->setProperty("mail_async", $settings["mail_async"] ?? false);
|
||||
return $connectionData;
|
||||
}
|
||||
|
||||
@@ -89,7 +90,7 @@ namespace Core\API\Mail {
|
||||
'replyTo' => new Parameter('replyTo', Parameter::TYPE_EMAIL, true, null),
|
||||
'replyName' => new StringType('replyName', 32, true, ""),
|
||||
'gpgFingerprint' => new StringType("gpgFingerprint", 64, true, null),
|
||||
'async' => new Parameter("async", Parameter::TYPE_BOOLEAN, true, true)
|
||||
'async' => new Parameter("async", Parameter::TYPE_BOOLEAN, true, null)
|
||||
));
|
||||
$this->isPublic = false;
|
||||
}
|
||||
@@ -110,7 +111,13 @@ namespace Core\API\Mail {
|
||||
$body = $this->getParam('body');
|
||||
$gpgFingerprint = $this->getParam("gpgFingerprint");
|
||||
|
||||
if ($this->getParam("async")) {
|
||||
$mailAsync = $this->getParam("async");
|
||||
if ($mailAsync === null) {
|
||||
// not set? grab from settings
|
||||
$mailAsync = $mailConfig->getProperty("mail_async", false);
|
||||
}
|
||||
|
||||
if ($mailAsync) {
|
||||
$sql = $this->context->getSQL();
|
||||
$this->success = $sql->insert("MailQueue", ["from", "to", "subject", "body",
|
||||
"replyTo", "replyName", "gpgFingerprint"])
|
||||
|
||||
@@ -223,7 +223,7 @@ abstract class Request {
|
||||
}
|
||||
|
||||
// Check for permission
|
||||
if (!($this instanceof \API\Permission\Save)) {
|
||||
if (!($this instanceof \Core\API\Permission\Save)) {
|
||||
$req = new \Core\API\Permission\Check($this->context);
|
||||
$this->success = $req->execute(array("method" => $this->getMethod()));
|
||||
$this->lastError = $req->getLastError();
|
||||
@@ -242,8 +242,8 @@ abstract class Request {
|
||||
}
|
||||
|
||||
$sql = $this->context->getSQL();
|
||||
if (!$sql->isConnected()) {
|
||||
$this->lastError = $sql->getLastError();
|
||||
if ($sql === null || !$sql->isConnected()) {
|
||||
$this->lastError = $sql ? $sql->getLastError() : "Database not connected yet.";
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -265,8 +265,8 @@ abstract class Request {
|
||||
return false;
|
||||
}
|
||||
|
||||
protected function getParam($name, $obj = NULL) {
|
||||
// i don't know why phpstorm
|
||||
protected function getParam($name, $obj = NULL): mixed {
|
||||
// I don't know why phpstorm
|
||||
if ($obj === NULL) {
|
||||
$obj = $this->params;
|
||||
}
|
||||
|
||||
@@ -45,16 +45,23 @@ namespace Core\API\Template {
|
||||
return $this->createError("Invalid template file extension. Allowed: " . implode(",", $allowedExtensions));
|
||||
}
|
||||
|
||||
$templateDir = WEBROOT . "/Core/Templates/";
|
||||
$templateCache = WEBROOT . "/Core/Cache/Templates/";
|
||||
$path = realpath($templateDir . $templateFile);
|
||||
if (!startsWith($path, realpath($templateDir))) {
|
||||
return $this->createError("Template file not in template directory");
|
||||
} else if (!is_file($path)) {
|
||||
return $this->createError("Template file not found");
|
||||
$baseDirs = ["Site", "Core"];
|
||||
$valid = false;
|
||||
|
||||
foreach ($baseDirs as $baseDir) {
|
||||
$path = realpath(implode("/", [WEBROOT, $baseDir, "Templates", $templateFile]));
|
||||
if ($path && is_file($path)) {
|
||||
$valid = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$twigLoader = new FilesystemLoader($templateDir);
|
||||
if (!$valid) {
|
||||
return $this->createError("Template file not found or not inside template directory");
|
||||
}
|
||||
|
||||
$twigLoader = new FilesystemLoader(dirname($path));
|
||||
$twigEnvironment = new Environment($twigLoader, [
|
||||
'cache' => $templateCache,
|
||||
'auto_reload' => true
|
||||
|
||||
@@ -123,10 +123,11 @@ namespace Core\API\TFA {
|
||||
if ($this->success) {
|
||||
$body = $req->getResult()["html"];
|
||||
$gpg = $currentUser->getGPG();
|
||||
$siteName = $settings->getSiteName();
|
||||
$req = new \Core\API\Mail\Send($this->context);
|
||||
$this->success = $req->execute([
|
||||
"to" => $currentUser->getEmail(),
|
||||
"subject" => "[Security Lab] 2FA-Authentication removed",
|
||||
"subject" => "[$siteName] 2FA-Authentication removed",
|
||||
"body" => $body,
|
||||
"gpgFingerprint" => $gpg?->getFingerprint()
|
||||
]);
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user