diff --git a/app/controllers/general.php b/app/controllers/general.php index f0654a97e4..7615719629 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -19,6 +19,7 @@ use Utopia\Database\Document; use Utopia\Database\Query; use Utopia\Database\Validator\Authorization; use Appwrite\Utopia\Request\Filters\V12; +use Utopia\Validator\Text; Config::setParam('domainVerification', false); Config::setParam('cookieDomain', 'localhost'); @@ -513,8 +514,25 @@ App::get('/.well-known/acme-challenge') ->inject('request') ->inject('response') ->action(function ($request, $response) { + $uriChunks = \explode('/', $request->getURI()); + $token = $uriChunks[\count($uriChunks) - 1]; + + $validator = new Text(100, [ + ...Text::NUMBERS, + ...Text::ALPHABET_LOWER, + ...Text::ALPHABET_UPPER, + '-', + '_' + ]); + + if (!$validator->isValid($token) || \count($uriChunks) !== 4) { + throw new Exception('Invalid challenge token.', 400); + } + + $filePath = '/.well-known/acme-challenge' . $token; + $base = \realpath(APP_STORAGE_CERTIFICATES); - $path = \str_replace('/.well-known/acme-challenge/', '', $request->getURI()); + $path = \str_replace('/.well-known/acme-challenge/', '', $filePath); $absolute = \realpath($base.'/.well-known/acme-challenge/'.$path); if (!$base) { diff --git a/composer.lock b/composer.lock index 91440e4a7a..6f7b167745 100644 --- a/composer.lock +++ b/composer.lock @@ -1033,12 +1033,12 @@ } }, "autoload": { - "psr-4": { - "MongoDB\\": "src/" - }, "files": [ "src/functions.php" - ] + ], + "psr-4": { + "MongoDB\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -1766,12 +1766,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php80\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Php80\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -2141,16 +2141,16 @@ }, { "name": "utopia-php/database", - "version": "0.14.0", + "version": "0.14.1", "source": { "type": "git", "url": "https://github.com/utopia-php/database.git", - "reference": "2f2527bb080cf578fba327ea2ec637064561d403" + "reference": "ecc143f2cfe16b23675407035c6b5375ba263285" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/database/zipball/2f2527bb080cf578fba327ea2ec637064561d403", - "reference": "2f2527bb080cf578fba327ea2ec637064561d403", + "url": "https://api.github.com/repos/utopia-php/database/zipball/ecc143f2cfe16b23675407035c6b5375ba263285", + "reference": "ecc143f2cfe16b23675407035c6b5375ba263285", "shasum": "" }, "require": { @@ -2198,9 +2198,9 @@ ], "support": { "issues": "https://github.com/utopia-php/database/issues", - "source": "https://github.com/utopia-php/database/tree/0.14.0" + "source": "https://github.com/utopia-php/database/tree/0.14.1" }, - "time": "2022-01-21T16:34:34+00:00" + "time": "2022-01-25T13:01:20+00:00" }, { "name": "utopia-php/domains", @@ -2258,16 +2258,16 @@ }, { "name": "utopia-php/framework", - "version": "0.19.5", + "version": "0.19.6", "source": { "type": "git", "url": "https://github.com/utopia-php/framework.git", - "reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623" + "reference": "7d9b28365fb794001cb34dd028659452d4e71b7d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/framework/zipball/1c28ba9a5b491cf7c90c535fefee5832c7133623", - "reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623", + "url": "https://api.github.com/repos/utopia-php/framework/zipball/7d9b28365fb794001cb34dd028659452d4e71b7d", + "reference": "7d9b28365fb794001cb34dd028659452d4e71b7d", "shasum": "" }, "require": { @@ -2301,9 +2301,9 @@ ], "support": { "issues": "https://github.com/utopia-php/framework/issues", - "source": "https://github.com/utopia-php/framework/tree/0.19.5" + "source": "https://github.com/utopia-php/framework/tree/0.19.6" }, - "time": "2022-01-04T14:40:23+00:00" + "time": "2022-02-10T17:05:22+00:00" }, { "name": "utopia-php/image", @@ -2688,16 +2688,16 @@ }, { "name": "utopia-php/swoole", - "version": "0.3.2", + "version": "0.3.3", "source": { "type": "git", "url": "https://github.com/utopia-php/swoole.git", - "reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73" + "reference": "8312df69233b5dcd3992de88f131f238002749de" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/swoole/zipball/2b714eddf77cd5eda1889219c9656d7c0a63ce73", - "reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73", + "url": "https://api.github.com/repos/utopia-php/swoole/zipball/8312df69233b5dcd3992de88f131f238002749de", + "reference": "8312df69233b5dcd3992de88f131f238002749de", "shasum": "" }, "require": { @@ -2738,9 +2738,9 @@ ], "support": { "issues": "https://github.com/utopia-php/swoole/issues", - "source": "https://github.com/utopia-php/swoole/tree/0.3.2" + "source": "https://github.com/utopia-php/swoole/tree/0.3.3" }, - "time": "2021-12-13T15:37:41+00:00" + "time": "2022-01-20T09:58:43+00:00" }, { "name": "utopia-php/system", @@ -3037,12 +3037,12 @@ } }, "autoload": { - "psr-4": { - "Amp\\ByteStream\\": "lib" - }, "files": [ "lib/functions.php" - ] + ], + "psr-4": { + "Amp\\ByteStream\\": "lib" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3132,23 +3132,23 @@ }, { "name": "composer/pcre", - "version": "1.0.0", + "version": "1.0.1", "source": { "type": "git", "url": "https://github.com/composer/pcre.git", - "reference": "3d322d715c43a1ac36c7fe215fa59336265500f2" + "reference": "67a32d7d6f9f560b726ab25a061b38ff3a80c560" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/pcre/zipball/3d322d715c43a1ac36c7fe215fa59336265500f2", - "reference": "3d322d715c43a1ac36c7fe215fa59336265500f2", + "url": "https://api.github.com/repos/composer/pcre/zipball/67a32d7d6f9f560b726ab25a061b38ff3a80c560", + "reference": "67a32d7d6f9f560b726ab25a061b38ff3a80c560", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^1", + "phpstan/phpstan": "^1.3", "phpstan/phpstan-strict-rules": "^1.1", "symfony/phpunit-bridge": "^4.2 || ^5" }, @@ -3183,7 +3183,7 @@ ], "support": { "issues": "https://github.com/composer/pcre/issues", - "source": "https://github.com/composer/pcre/tree/1.0.0" + "source": "https://github.com/composer/pcre/tree/1.0.1" }, "funding": [ { @@ -3199,27 +3199,27 @@ "type": "tidelift" } ], - "time": "2021-12-06T15:17:27+00:00" + "time": "2022-01-21T20:24:37+00:00" }, { "name": "composer/semver", - "version": "3.2.7", + "version": "3.2.9", "source": { "type": "git", "url": "https://github.com/composer/semver.git", - "reference": "deac27056b57e46faf136fae7b449eeaa71661ee" + "reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/semver/zipball/deac27056b57e46faf136fae7b449eeaa71661ee", - "reference": "deac27056b57e46faf136fae7b449eeaa71661ee", + "url": "https://api.github.com/repos/composer/semver/zipball/a951f614bd64dcd26137bc9b7b2637ddcfc57649", + "reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^0.12.54", + "phpstan/phpstan": "^1.4", "symfony/phpunit-bridge": "^4.2 || ^5" }, "type": "library", @@ -3264,7 +3264,7 @@ "support": { "irc": "irc://irc.freenode.org/composer", "issues": "https://github.com/composer/semver/issues", - "source": "https://github.com/composer/semver/tree/3.2.7" + "source": "https://github.com/composer/semver/tree/3.2.9" }, "funding": [ { @@ -3280,7 +3280,7 @@ "type": "tidelift" } ], - "time": "2022-01-04T09:57:54+00:00" + "time": "2022-02-04T13:58:43+00:00" }, { "name": "composer/xdebug-handler", @@ -3710,12 +3710,12 @@ }, "type": "library", "autoload": { - "psr-4": { - "DeepCopy\\": "src/DeepCopy/" - }, "files": [ "src/DeepCopy/deep_copy.php" - ] + ], + "psr-4": { + "DeepCopy\\": "src/DeepCopy/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3963,16 +3963,16 @@ }, { "name": "phar-io/version", - "version": "3.1.0", + "version": "3.1.1", "source": { "type": "git", "url": "https://github.com/phar-io/version.git", - "reference": "bae7c545bef187884426f042434e561ab1ddb182" + "reference": "15a90844ad40f127afd244c0cad228de2a80052a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phar-io/version/zipball/bae7c545bef187884426f042434e561ab1ddb182", - "reference": "bae7c545bef187884426f042434e561ab1ddb182", + "url": "https://api.github.com/repos/phar-io/version/zipball/15a90844ad40f127afd244c0cad228de2a80052a", + "reference": "15a90844ad40f127afd244c0cad228de2a80052a", "shasum": "" }, "require": { @@ -4008,9 +4008,9 @@ "description": "Library for handling version information and constraints", "support": { "issues": "https://github.com/phar-io/version/issues", - "source": "https://github.com/phar-io/version/tree/3.1.0" + "source": "https://github.com/phar-io/version/tree/3.1.1" }, - "time": "2021-02-23T14:00:09+00:00" + "time": "2022-02-07T21:56:48+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -4619,11 +4619,11 @@ } }, "autoload": { - "classmap": [ - "src/" - ], "files": [ "src/Framework/Assert/Functions.php" + ], + "classmap": [ + "src/" ] }, "notification-url": "https://packagist.org/downloads/", @@ -5219,16 +5219,16 @@ }, { "name": "sebastian/global-state", - "version": "5.0.3", + "version": "5.0.4", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/global-state.git", - "reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49" + "reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/23bd5951f7ff26f12d4e3242864df3e08dec4e49", - "reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49", + "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/19c519631c5a511b7ed0ad64a6713fdb3fd25fe4", + "reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4", "shasum": "" }, "require": { @@ -5271,7 +5271,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/global-state/issues", - "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.3" + "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.4" }, "funding": [ { @@ -5279,7 +5279,7 @@ "type": "github" } ], - "time": "2021-06-11T13:31:12+00:00" + "time": "2022-02-10T07:01:19+00:00" }, { "name": "sebastian/lines-of-code", @@ -5721,16 +5721,16 @@ }, { "name": "symfony/console", - "version": "v6.0.2", + "version": "v6.0.3", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "dd434fa8d69325e5d210f63070014d889511fcb3" + "reference": "22e8efd019c3270c4f79376234a3f8752cd25490" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/dd434fa8d69325e5d210f63070014d889511fcb3", - "reference": "dd434fa8d69325e5d210f63070014d889511fcb3", + "url": "https://api.github.com/repos/symfony/console/zipball/22e8efd019c3270c4f79376234a3f8752cd25490", + "reference": "22e8efd019c3270c4f79376234a3f8752cd25490", "shasum": "" }, "require": { @@ -5796,7 +5796,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.0.2" + "source": "https://github.com/symfony/console/tree/v6.0.3" }, "funding": [ { @@ -5812,7 +5812,7 @@ "type": "tidelift" } ], - "time": "2021-12-27T21:05:08+00:00" + "time": "2022-01-26T17:23:29+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -5845,12 +5845,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Grapheme\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Grapheme\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -5926,12 +5926,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Normalizer\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Normalizer\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -6090,12 +6090,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php72\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Php72\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -6222,16 +6222,16 @@ }, { "name": "symfony/string", - "version": "v6.0.2", + "version": "v6.0.3", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "bae261d0c3ac38a1f802b4dfed42094296100631" + "reference": "522144f0c4c004c80d56fa47e40e17028e2eefc2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/bae261d0c3ac38a1f802b4dfed42094296100631", - "reference": "bae261d0c3ac38a1f802b4dfed42094296100631", + "url": "https://api.github.com/repos/symfony/string/zipball/522144f0c4c004c80d56fa47e40e17028e2eefc2", + "reference": "522144f0c4c004c80d56fa47e40e17028e2eefc2", "shasum": "" }, "require": { @@ -6287,7 +6287,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v6.0.2" + "source": "https://github.com/symfony/string/tree/v6.0.3" }, "funding": [ { @@ -6303,7 +6303,7 @@ "type": "tidelift" } ], - "time": "2021-12-16T22:13:01+00:00" + "time": "2022-01-02T09:55:41+00:00" }, { "name": "textalk/websocket", @@ -6406,16 +6406,16 @@ }, { "name": "twig/twig", - "version": "v2.14.10", + "version": "v2.14.11", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba" + "reference": "66baa66f29ee30e487e05f1679903e36eb01d727" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/95fb194cd4dd6ac373a27af2bde2bad5d3f27aba", - "reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/66baa66f29ee30e487e05f1679903e36eb01d727", + "reference": "66baa66f29ee30e487e05f1679903e36eb01d727", "shasum": "" }, "require": { @@ -6470,7 +6470,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v2.14.10" + "source": "https://github.com/twigphp/Twig/tree/v2.14.11" }, "funding": [ { @@ -6482,7 +6482,7 @@ "type": "tidelift" } ], - "time": "2022-01-03T21:13:26+00:00" + "time": "2022-02-04T06:57:25+00:00" }, { "name": "vimeo/psalm", @@ -6561,13 +6561,13 @@ } }, "autoload": { - "psr-4": { - "Psalm\\": "src/Psalm/" - }, "files": [ "src/functions.php", "src/spl_object_id.php" - ] + ], + "psr-4": { + "Psalm\\": "src/Psalm/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ diff --git a/tests/e2e/Client.php b/tests/e2e/Client.php index 4e0c138b9e..c86ebc5951 100644 --- a/tests/e2e/Client.php +++ b/tests/e2e/Client.php @@ -119,16 +119,24 @@ class Client } /** - * @param mixed $endpoint + * @param string $endpoint * @return self $this */ - public function setEndpoint($endpoint): self + public function setEndpoint(string $endpoint): self { $this->endpoint = $endpoint; return $this; } + /** + * @return string + */ + public function getEndpoint(): string + { + return $this->endpoint; + } + /** * @param string $key * @param string $value @@ -183,12 +191,13 @@ class Client unset($headers[$i]); } + curl_setopt($ch, CURLOPT_PATH_AS_IS, 1); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36'); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_HEADERFUNCTION, function ($curl, $header) use (&$responseHeaders) { $len = strlen($header); diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index 4b26f2fcd9..f9914806ea 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -94,6 +94,35 @@ class HTTPTest extends Scope $this->assertStringContainsString('# robotstxt.org/', $response['body']); } + public function testAcmeChallenge() + { + // Preparation + $previousEndpoint = $this->client->getEndpoint(); + $this->client->setEndpoint("http://localhost"); + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIg', \array_merge([ + 'origin' => 'http://localhost', + ]), []); + + $this->assertEquals(404, $response['headers']['status-code']); + // 'Unknown path', but validation passed + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/../../../../../../../etc/passwd', \array_merge([ + 'origin' => 'http://localhost', + ]), []); + + $this->assertEquals(400, $response['headers']['status-code']); + + // Cleanup + $this->client->setEndpoint($previousEndpoint); + } + // public function testSpecSwagger2() // { // $response = $this->client->call(Client::METHOD_GET, '/specs/swagger2?platform=client', [