diff --git a/CHANGES.md b/CHANGES.md index bccf34dd1d..02d04700a2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,16 @@ +# Version 0.12.2 + +## Bugs +- Fix security vulnerability in the Console (#2778) +- Fix security vulnerability in the ACME-Challenge (#2780) + +## Upgrades + +- Upgraded `redis` extenstion to version 5.3.6 +- Upgraded `swoole` extenstion to version 4.8.6 +- Upgraded `imagick` extenstion to version 3.7.0 +- Upgraded GEO IP database to version February 2022 + # Version 0.12.1 ## Bugs @@ -84,6 +97,20 @@ - Upgraded InfluxDB to 1.4.0 - Upgraded Telegraf to 1.3.0 +# Version 0.11.1 + +## Bugs +- Fix security vulnerability in the Console (#2777) +- Fix security vulnerability in the ACME-Challenge (#2779) + +## Upgrades +- Upgraded redis extenstion to version 5.3.6 +- Upgraded swoole extenstion to version 4.8.6 +- Upgraded imagick extenstion to version 3.7.0 +- Upgraded yaml extenstion to version 2.2.2 +- Upgraded maxminddb extenstion to version 1.11.0 +- Upgraded GEO IP database to version February 2022 + # Version 0.11.0 ## Features diff --git a/README-CN.md b/README-CN.md index 5c4ce54433..c815eaedd8 100644 --- a/README-CN.md +++ b/README-CN.md @@ -18,7 +18,7 @@ [English](README.md) | 简体中文 -Appwrite是一个基于dcoker的端到端开发者平台,其容器化的微服务库可应用于网页端,移动端,以及后端。Appwrite 通过视觉化界面极简了从零编写 API 的繁琐过程,在保证软件安全的前提下为开发者创造了一个高效的开发环境。 +Appwrite是一个基于Docker的端到端开发者平台,其容器化的微服务库可应用于网页端,移动端,以及后端。Appwrite 通过视觉化界面极简了从零编写 API 的繁琐过程,在保证软件安全的前提下为开发者创造了一个高效的开发环境。 Appwrite 可以提供给开发者用户验证,外部授权,用户数据读写检索,文件储存, 图像处理,云函数计算,[等多种服务](https:/ /appwrite.io/docs)。 @@ -59,7 +59,7 @@ docker run -it --rm \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \ --entrypoint="install" \ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` ### Windows @@ -71,7 +71,7 @@ docker run -it --rm ^ --volume //var/run/docker.sock:/var/run/docker.sock ^ --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^ --entrypoint="install" ^ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` #### PowerShell @@ -81,7 +81,7 @@ docker run -it --rm , --volume /var/run/docker.sock:/var/run/docker.sock , --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw , --entrypoint="install" , - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` 运行后,可以在浏览器上访问 http://localhost 找到 Appwrite 控制台。在非 Linux 的本机主机上完成安装后,服务器可能需要几分钟才能启动。 diff --git a/README.md b/README.md index 4cf345f250..c2e802bacb 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ docker run -it --rm \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \ --entrypoint="install" \ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` ### Windows @@ -74,7 +74,7 @@ docker run -it --rm ^ --volume //var/run/docker.sock:/var/run/docker.sock ^ --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^ --entrypoint="install" ^ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` #### PowerShell @@ -84,7 +84,7 @@ docker run -it --rm , --volume /var/run/docker.sock:/var/run/docker.sock , --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw , --entrypoint="install" , - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` Once the Docker installation completes, go to http://localhost to access the Appwrite console from your browser. Please note that on non-Linux native hosts, the server might take a few minutes to start after installation completes. diff --git a/SECURITY.md b/SECURITY.md index 66bdeb985f..89aa610910 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,11 +4,10 @@ | Version | Supported | | ------- | ------------------ | -| < 0.5 | :x: | -| 0.6.x | :white_check_mark: | -| 0.7.x | :white_check_mark: | -| 0.8.0 | :white_check_mark: | +| <= 0.10 | :x: | +| 0.11.x | :white_check_mark: | +| 0.12.x | :white_check_mark: | ## Reporting a Vulnerability -For security issues, kindly email us at security@appwrite.io instead of posting a public issue in GitHub. \ No newline at end of file +For security issues, kindly email us at security@appwrite.io instead of posting a public issue in GitHub. diff --git a/app/config/variables.php b/app/config/variables.php index bdcbc936ea..5e0f8fb5e9 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -152,7 +152,7 @@ return [ ], [ 'name' => '_APP_LOGGING_PROVIDER', - 'description' => 'This variable allows you to enable logging errors to 3rd party providers. This value is empty by default, to enable the logger set the value to one of \'sentry\', \'raygun\', \'appsignal\'', + 'description' => 'This variable allows you to enable logging errors to 3rd party providers. This value is empty by default, to enable the logger set the value to one of \'sentry\', \'raygun\', \'appsignal\', \'logowl\'', 'introduction' => '0.12.0', 'default' => '', 'required' => false, @@ -161,7 +161,7 @@ return [ ], [ 'name' => '_APP_LOGGING_CONFIG', - 'description' => 'This variable configures authentication to 3rd party error logging providers. If using Sentry, this should be \'SENTRY_API_KEY;SENTRY_APP_ID\'. If using Raygun, this should be Raygun API key. If using AppSignal, this should be AppSignal API key.', + 'description' => 'This variable configures authentication to 3rd party error logging providers. If using Sentry, this should be \'SENTRY_API_KEY;SENTRY_APP_ID\'. If using Raygun, this should be Raygun API key. If using AppSignal, this should be AppSignal API key. If using LogOwl, this should be LogOwl Service Ticket.', 'introduction' => '0.12.0', 'default' => '', 'required' => false, diff --git a/app/controllers/general.php b/app/controllers/general.php index 5b9b139c64..5b347cefa4 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -19,6 +19,7 @@ use Utopia\Database\Document; use Utopia\Database\Query; use Utopia\Database\Validator\Authorization; use Appwrite\Utopia\Request\Filters\V12; +use Utopia\Validator\Text; Config::setParam('domainVerification', false); Config::setParam('cookieDomain', 'localhost'); @@ -514,8 +515,25 @@ App::get('/.well-known/acme-challenge') ->inject('request') ->inject('response') ->action(function ($request, $response) { + $uriChunks = \explode('/', $request->getURI()); + $token = $uriChunks[\count($uriChunks) - 1]; + + $validator = new Text(100, [ + ...Text::NUMBERS, + ...Text::ALPHABET_LOWER, + ...Text::ALPHABET_UPPER, + '-', + '_' + ]); + + if (!$validator->isValid($token) || \count($uriChunks) !== 4) { + throw new Exception('Invalid challenge token.', 400); + } + + $filePath = '/.well-known/acme-challenge' . $token; + $base = \realpath(APP_STORAGE_CERTIFICATES); - $path = \str_replace('/.well-known/acme-challenge/', '', $request->getURI()); + $path = \str_replace('/.well-known/acme-challenge/', '', $filePath); $absolute = \realpath($base.'/.well-known/acme-challenge/'.$path); if (!$base) { diff --git a/app/views/install/compose.phtml b/app/views/install/compose.phtml index 9da6d6fe57..c29c324452 100644 --- a/app/views/install/compose.phtml +++ b/app/views/install/compose.phtml @@ -365,6 +365,10 @@ services: - _APP_INFLUXDB_HOST - _APP_INFLUXDB_PORT - _APP_USAGE_AGGREGATION_INTERVAL + - _APP_REDIS_HOST + - _APP_REDIS_PORT + - _APP_REDIS_USER + - _APP_REDIS_PASS appwrite-schedule: image: /: diff --git a/composer.lock b/composer.lock index 9250a17f16..3da06db4c8 100644 --- a/composer.lock +++ b/composer.lock @@ -1033,12 +1033,12 @@ } }, "autoload": { - "psr-4": { - "MongoDB\\": "src/" - }, "files": [ "src/functions.php" - ] + ], + "psr-4": { + "MongoDB\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -1766,12 +1766,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php80\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Php80\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -2258,16 +2258,16 @@ }, { "name": "utopia-php/framework", - "version": "0.19.5", + "version": "0.19.6", "source": { "type": "git", "url": "https://github.com/utopia-php/framework.git", - "reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623" + "reference": "7d9b28365fb794001cb34dd028659452d4e71b7d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/framework/zipball/1c28ba9a5b491cf7c90c535fefee5832c7133623", - "reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623", + "url": "https://api.github.com/repos/utopia-php/framework/zipball/7d9b28365fb794001cb34dd028659452d4e71b7d", + "reference": "7d9b28365fb794001cb34dd028659452d4e71b7d", "shasum": "" }, "require": { @@ -2301,9 +2301,9 @@ ], "support": { "issues": "https://github.com/utopia-php/framework/issues", - "source": "https://github.com/utopia-php/framework/tree/0.19.5" + "source": "https://github.com/utopia-php/framework/tree/0.19.6" }, - "time": "2022-01-04T14:40:23+00:00" + "time": "2022-02-10T17:05:22+00:00" }, { "name": "utopia-php/image", @@ -2688,16 +2688,16 @@ }, { "name": "utopia-php/swoole", - "version": "0.3.2", + "version": "0.3.3", "source": { "type": "git", "url": "https://github.com/utopia-php/swoole.git", - "reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73" + "reference": "8312df69233b5dcd3992de88f131f238002749de" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/swoole/zipball/2b714eddf77cd5eda1889219c9656d7c0a63ce73", - "reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73", + "url": "https://api.github.com/repos/utopia-php/swoole/zipball/8312df69233b5dcd3992de88f131f238002749de", + "reference": "8312df69233b5dcd3992de88f131f238002749de", "shasum": "" }, "require": { @@ -2738,9 +2738,9 @@ ], "support": { "issues": "https://github.com/utopia-php/swoole/issues", - "source": "https://github.com/utopia-php/swoole/tree/0.3.2" + "source": "https://github.com/utopia-php/swoole/tree/0.3.3" }, - "time": "2021-12-13T15:37:41+00:00" + "time": "2022-01-20T09:58:43+00:00" }, { "name": "utopia-php/system", @@ -3037,12 +3037,12 @@ } }, "autoload": { - "psr-4": { - "Amp\\ByteStream\\": "lib" - }, "files": [ "lib/functions.php" - ] + ], + "psr-4": { + "Amp\\ByteStream\\": "lib" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3192,23 +3192,23 @@ }, { "name": "composer/semver", - "version": "3.2.7", + "version": "3.2.9", "source": { "type": "git", "url": "https://github.com/composer/semver.git", - "reference": "deac27056b57e46faf136fae7b449eeaa71661ee" + "reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/semver/zipball/deac27056b57e46faf136fae7b449eeaa71661ee", - "reference": "deac27056b57e46faf136fae7b449eeaa71661ee", + "url": "https://api.github.com/repos/composer/semver/zipball/a951f614bd64dcd26137bc9b7b2637ddcfc57649", + "reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^0.12.54", + "phpstan/phpstan": "^1.4", "symfony/phpunit-bridge": "^4.2 || ^5" }, "type": "library", @@ -3253,7 +3253,7 @@ "support": { "irc": "irc://irc.freenode.org/composer", "issues": "https://github.com/composer/semver/issues", - "source": "https://github.com/composer/semver/tree/3.2.7" + "source": "https://github.com/composer/semver/tree/3.2.9" }, "funding": [ { @@ -3269,7 +3269,7 @@ "type": "tidelift" } ], - "time": "2022-01-04T09:57:54+00:00" + "time": "2022-02-04T13:58:43+00:00" }, { "name": "composer/xdebug-handler", @@ -3699,12 +3699,12 @@ }, "type": "library", "autoload": { - "psr-4": { - "DeepCopy\\": "src/DeepCopy/" - }, "files": [ "src/DeepCopy/deep_copy.php" - ] + ], + "psr-4": { + "DeepCopy\\": "src/DeepCopy/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3952,16 +3952,16 @@ }, { "name": "phar-io/version", - "version": "3.1.0", + "version": "3.1.1", "source": { "type": "git", "url": "https://github.com/phar-io/version.git", - "reference": "bae7c545bef187884426f042434e561ab1ddb182" + "reference": "15a90844ad40f127afd244c0cad228de2a80052a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phar-io/version/zipball/bae7c545bef187884426f042434e561ab1ddb182", - "reference": "bae7c545bef187884426f042434e561ab1ddb182", + "url": "https://api.github.com/repos/phar-io/version/zipball/15a90844ad40f127afd244c0cad228de2a80052a", + "reference": "15a90844ad40f127afd244c0cad228de2a80052a", "shasum": "" }, "require": { @@ -3997,9 +3997,9 @@ "description": "Library for handling version information and constraints", "support": { "issues": "https://github.com/phar-io/version/issues", - "source": "https://github.com/phar-io/version/tree/3.1.0" + "source": "https://github.com/phar-io/version/tree/3.1.1" }, - "time": "2021-02-23T14:00:09+00:00" + "time": "2022-02-07T21:56:48+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -4608,11 +4608,11 @@ } }, "autoload": { - "classmap": [ - "src/" - ], "files": [ "src/Framework/Assert/Functions.php" + ], + "classmap": [ + "src/" ] }, "notification-url": "https://packagist.org/downloads/", @@ -5208,16 +5208,16 @@ }, { "name": "sebastian/global-state", - "version": "5.0.3", + "version": "5.0.4", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/global-state.git", - "reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49" + "reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/23bd5951f7ff26f12d4e3242864df3e08dec4e49", - "reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49", + "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/19c519631c5a511b7ed0ad64a6713fdb3fd25fe4", + "reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4", "shasum": "" }, "require": { @@ -5260,7 +5260,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/global-state/issues", - "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.3" + "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.4" }, "funding": [ { @@ -5268,7 +5268,7 @@ "type": "github" } ], - "time": "2021-06-11T13:31:12+00:00" + "time": "2022-02-10T07:01:19+00:00" }, { "name": "sebastian/lines-of-code", @@ -5834,12 +5834,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Grapheme\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Grapheme\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -5915,12 +5915,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Normalizer\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Normalizer\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -6079,12 +6079,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php72\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Php72\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -6395,16 +6395,16 @@ }, { "name": "twig/twig", - "version": "v2.14.10", + "version": "v2.14.11", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba" + "reference": "66baa66f29ee30e487e05f1679903e36eb01d727" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/95fb194cd4dd6ac373a27af2bde2bad5d3f27aba", - "reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/66baa66f29ee30e487e05f1679903e36eb01d727", + "reference": "66baa66f29ee30e487e05f1679903e36eb01d727", "shasum": "" }, "require": { @@ -6459,7 +6459,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v2.14.10" + "source": "https://github.com/twigphp/Twig/tree/v2.14.11" }, "funding": [ { @@ -6471,7 +6471,7 @@ "type": "tidelift" } ], - "time": "2022-01-03T21:13:26+00:00" + "time": "2022-02-04T06:57:25+00:00" }, { "name": "vimeo/psalm", @@ -6550,13 +6550,13 @@ } }, "autoload": { - "psr-4": { - "Psalm\\": "src/Psalm/" - }, "files": [ "src/functions.php", "src/spl_object_id.php" - ] + ], + "psr-4": { + "Psalm\\": "src/Psalm/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ diff --git a/docker-compose.yml b/docker-compose.yml index c42dc157a3..bf378351f4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -455,6 +455,10 @@ services: - _APP_INFLUXDB_HOST - _APP_INFLUXDB_PORT - _APP_USAGE_SYNC_INTERVAL + - _APP_REDIS_HOST + - _APP_REDIS_PORT + - _APP_REDIS_USER + - _APP_REDIS_PASS appwrite-schedule: entrypoint: schedule diff --git a/src/Appwrite/Auth/OAuth2/Bitly.php b/src/Appwrite/Auth/OAuth2/Bitly.php index 4b7e525a76..02a21dc29e 100644 --- a/src/Appwrite/Auth/OAuth2/Bitly.php +++ b/src/Appwrite/Auth/OAuth2/Bitly.php @@ -65,7 +65,7 @@ class Bitly extends OAuth2 protected function getTokens(string $code): array { if(empty($this->tokens)) { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', $this->resourceEndpoint . 'oauth/access_token', ["Content-Type: application/x-www-form-urlencoded"], @@ -76,7 +76,11 @@ class Bitly extends OAuth2 "redirect_uri" => $this->callback, "state" => \json_encode($this->state) ]) - ), true); + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; } return $this->tokens; @@ -89,7 +93,7 @@ class Bitly extends OAuth2 */ public function refreshTokens(string $refreshToken):array { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', $this->resourceEndpoint . 'oauth/access_token', ["Content-Type: application/x-www-form-urlencoded"], @@ -99,7 +103,11 @@ class Bitly extends OAuth2 "refresh_token" => $refreshToken, 'grant_type' => 'refresh_token' ]) - ), true); + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; if(empty($this->tokens['refresh_token'])) { $this->tokens['refresh_token'] = $refreshToken; diff --git a/src/Appwrite/Auth/OAuth2/Github.php b/src/Appwrite/Auth/OAuth2/Github.php index 22ffbe937f..dddd4a5181 100644 --- a/src/Appwrite/Auth/OAuth2/Github.php +++ b/src/Appwrite/Auth/OAuth2/Github.php @@ -53,7 +53,7 @@ class Github extends OAuth2 protected function getTokens(string $code): array { if(empty($this->tokens)) { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', 'https://github.com/login/oauth/access_token', [], @@ -63,7 +63,11 @@ class Github extends OAuth2 'client_secret' => $this->appSecret, 'code' => $code ]) - ), true); + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; } return $this->tokens; @@ -76,7 +80,7 @@ class Github extends OAuth2 */ public function refreshTokens(string $refreshToken):array { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', 'https://github.com/login/oauth/access_token', [], @@ -86,7 +90,11 @@ class Github extends OAuth2 'grant_type' => 'refresh_token', 'refresh_token' => $refreshToken ]) - ), true); + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; if(empty($this->tokens['refresh_token'])) { $this->tokens['refresh_token'] = $refreshToken; diff --git a/tests/e2e/Client.php b/tests/e2e/Client.php index 4e0c138b9e..c86ebc5951 100644 --- a/tests/e2e/Client.php +++ b/tests/e2e/Client.php @@ -119,16 +119,24 @@ class Client } /** - * @param mixed $endpoint + * @param string $endpoint * @return self $this */ - public function setEndpoint($endpoint): self + public function setEndpoint(string $endpoint): self { $this->endpoint = $endpoint; return $this; } + /** + * @return string + */ + public function getEndpoint(): string + { + return $this->endpoint; + } + /** * @param string $key * @param string $value @@ -183,12 +191,13 @@ class Client unset($headers[$i]); } + curl_setopt($ch, CURLOPT_PATH_AS_IS, 1); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36'); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_HEADERFUNCTION, function ($curl, $header) use (&$responseHeaders) { $len = strlen($header); diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index 0a0226c779..c4811f0f41 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -94,6 +94,35 @@ class HTTPTest extends Scope $this->assertStringContainsString('# robotstxt.org/', $response['body']); } + public function testAcmeChallenge() + { + // Preparation + $previousEndpoint = $this->client->getEndpoint(); + $this->client->setEndpoint("http://localhost"); + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIg', \array_merge([ + 'origin' => 'http://localhost', + ]), []); + + $this->assertEquals(404, $response['headers']['status-code']); + // 'Unknown path', but validation passed + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/../../../../../../../etc/passwd', \array_merge([ + 'origin' => 'http://localhost', + ]), []); + + $this->assertEquals(400, $response['headers']['status-code']); + + // Cleanup + $this->client->setEndpoint($previousEndpoint); + } + // public function testSpecSwagger2() // { // $response = $this->client->call(Client::METHOD_GET, '/specs/swagger2?platform=client', [