From 5eea08088dd4f6bfa1643c5de11d17bdfe4e14aa Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Tue, 23 Jul 2024 16:03:02 +0100 Subject: [PATCH 1/2] Improve .env file checking to not validate SSL certificates --- app/Http/Controllers/SettingsController.php | 7 +++---- tests/Feature/Settings/ShowSetUpPageTest.php | 8 ++++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index ca4563ba2d..e61019d7a6 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -14,7 +14,6 @@ use App\Models\Asset; use App\Models\User; use App\Notifications\FirstAdminNotification; use App\Notifications\MailTest; -use Illuminate\Http\Client\HttpClientException; use Illuminate\Http\Request; use Illuminate\Support\Facades\App; use Illuminate\Support\Facades\Storage; @@ -129,12 +128,12 @@ class SettingsController extends Controller protected function dotEnvFileIsExposed() : bool { try { - return Http::timeout(10) + return Http::withoutVerifying()->timeout(10) ->accept('*/*') ->get(URL::to('.env')) ->successful(); - } catch (HttpClientException $e) { - Log::debug($e->getMessage()); + } catch (\Exception $e) { + Log::error($e->getMessage()); return true; } } diff --git a/tests/Feature/Settings/ShowSetUpPageTest.php b/tests/Feature/Settings/ShowSetUpPageTest.php index 7f40768db7..85b5a0e96a 100644 --- a/tests/Feature/Settings/ShowSetUpPageTest.php +++ b/tests/Feature/Settings/ShowSetUpPageTest.php @@ -2,6 +2,7 @@ namespace Tests\Feature\Settings; +use App\Http\Controllers\SettingsController; use Illuminate\Database\Events\QueryExecuted; use Illuminate\Http\Client\ConnectionException; use Illuminate\Http\Client\Request; @@ -301,4 +302,11 @@ class ShowSetUpPageTest extends TestCase $this->assertSeeDirectoryPermissionError(false); } + + public function testInvalidTLSCertsOkWhenCheckingForEnvFile() + { + //set the weird bad SSL cert place - https://self-signed.badssl.com + + $this->assertTrue((new SettingsController())->dotEnvFileIsExposed()); + } } From 7f7cfef81b071835c82f878cb2b271ba6b111b97 Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Tue, 23 Jul 2024 20:24:05 +0100 Subject: [PATCH 2/2] Mark test as Incomplete, and downgrade error back to debug for tests --- app/Http/Controllers/SettingsController.php | 2 +- tests/Feature/Settings/ShowSetUpPageTest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index e61019d7a6..d186d42cf4 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -133,7 +133,7 @@ class SettingsController extends Controller ->get(URL::to('.env')) ->successful(); } catch (\Exception $e) { - Log::error($e->getMessage()); + Log::debug($e->getMessage()); return true; } } diff --git a/tests/Feature/Settings/ShowSetUpPageTest.php b/tests/Feature/Settings/ShowSetUpPageTest.php index 85b5a0e96a..929c41c4ef 100644 --- a/tests/Feature/Settings/ShowSetUpPageTest.php +++ b/tests/Feature/Settings/ShowSetUpPageTest.php @@ -306,7 +306,7 @@ class ShowSetUpPageTest extends TestCase public function testInvalidTLSCertsOkWhenCheckingForEnvFile() { //set the weird bad SSL cert place - https://self-signed.badssl.com - + $this->markTestIncomplete("Not yet sure how to write this test, it requires messing with .env ..."); $this->assertTrue((new SettingsController())->dotEnvFileIsExposed()); } }