DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

dont allow redirects, messaging applied, general webhook validation applied

Browse source
This commit is contained in:
Godfrey M 2023-09-20 12:54:34 -07:00
parent 66abf8d5c0
commit b7901ae2d8
2 changed files with 15 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
app/Http/Livewire/SlackSettingsForm.php
View file

@ -12,7 +12,7 @@ class SlackSettingsForm extends Component
public $webhook_endpoint; public $webhook_endpoint;
public $webhook_channel; public $webhook_channel;
public $webhook_botname; public $webhook_botname;
public $isDisabled ='' ; public $isDisabled ='disabled' ;
public $webhook_name; public $webhook_name;
public $webhook_link; public $webhook_link;
public $webhook_placeholder; public $webhook_placeholder;
@ -26,7 +26,7 @@ class SlackSettingsForm extends Component
protected $rules = [ protected $rules = [
'webhook_endpoint' => 'url|required_with:webhook_channel|starts_with:http://,https://,ftp://,irc://|nullable', 'webhook_endpoint' => 'url|required_with:webhook_channel|starts_with:http://,https://,ftp://,irc://,https://hooks.slack.com/services/|nullable',
'webhook_channel' => 'required_with:webhook_endpoint|starts_with:#|nullable', 'webhook_channel' => 'required_with:webhook_endpoint|starts_with:#|nullable',
'webhook_botname' => 'string|nullable', 'webhook_botname' => 'string|nullable',
]; ];
@ -58,9 +58,7 @@ class SlackSettingsForm extends Component
$this->webhook_botname = $this->setting->webhook_botname; $this->webhook_botname = $this->setting->webhook_botname;
$this->webhook_options = $this->setting->webhook_selected; $this->webhook_options = $this->setting->webhook_selected;
if($this->setting->webhook_selected == 'general'){
$this->isDisabled='';
}
if($this->setting->webhook_endpoint != null && $this->setting->webhook_channel != null){ if($this->setting->webhook_endpoint != null && $this->setting->webhook_channel != null){
$this->isDisabled= ''; $this->isDisabled= '';
} }
@ -84,7 +82,6 @@ class SlackSettingsForm extends Component
} }
private function isButtonDisabled() { private function isButtonDisabled() {
if($this->webhook_selected == 'slack') {
if (empty($this->webhook_endpoint)) { if (empty($this->webhook_endpoint)) {
$this->isDisabled = 'disabled'; $this->isDisabled = 'disabled';
$this->save_button = trans('admin/settings/general.webhook_presave'); $this->save_button = trans('admin/settings/general.webhook_presave');
@ -93,8 +90,6 @@ class SlackSettingsForm extends Component
$this->isDisabled = 'disabled'; $this->isDisabled = 'disabled';
$this->save_button = trans('admin/settings/general.webhook_presave'); $this->save_button = trans('admin/settings/general.webhook_presave');
} }
}
} }
public function render() public function render()
@ -110,6 +105,7 @@ class SlackSettingsForm extends Component
'defaults' => [ 'defaults' => [
'exceptions' => false, 'exceptions' => false,
], ],
'allow_redirects' => false,
]); ]);
$payload = json_encode( $payload = json_encode(
@ -118,18 +114,23 @@ class SlackSettingsForm extends Component
'text' => trans('general.webhook_test_msg', ['app' => $this->webhook_name]), 'text' => trans('general.webhook_test_msg', ['app' => $this->webhook_name]),
'username' => e($this->webhook_botname), 'username' => e($this->webhook_botname),
'icon_emoji' => ':heart:', 'icon_emoji' => ':heart:',
]); ]);
try { try {
$test = $webhook->post($this->webhook_endpoint, ['body' => $payload]);
$webhook->post($this->webhook_endpoint, ['body' => $payload]); if($test->getStatusCode() == 302){
return session()->flash('error' , 'This endpoint returns a redirect. For security reasons, we dont follow redirects. Please use the actual endpoint');
}
$this->isDisabled=''; $this->isDisabled='';
$this->save_button = trans('general.save'); $this->save_button = trans('general.save');
return session()->flash('success' , 'Your '.$this->webhook_name.' Integration works!'); return session()->flash('success' , 'Your '.$this->webhook_name.' Integration works!');
} catch (\Exception $e) { } catch (\Exception $e) {
$this->isDisabled= 'disabled'; $this->isDisabled='disabled';
$this->save_button = trans('admin/settings/general.webhook_presave');
return session()->flash('error' , trans('admin/settings/message.webhook.error', ['error_message' => $e->getMessage(), 'app' => $this->webhook_name])); return session()->flash('error' , trans('admin/settings/message.webhook.error', ['error_message' => $e->getMessage(), 'app' => $this->webhook_name]));
} }
@ -160,9 +161,7 @@ class SlackSettingsForm extends Component
if (Helper::isDemoMode()) { if (Helper::isDemoMode()) {
session()->flash('error',trans('general.feature_disabled')); session()->flash('error',trans('general.feature_disabled'));
} else { } else {
if ($this->webhook_selected != 'general') { $this->validate($this->rules);
$this->validate($this->rules);
}
$this->setting->webhook_selected = $this->webhook_selected; $this->setting->webhook_selected = $this->webhook_selected;
$this->setting->webhook_endpoint = $this->webhook_endpoint; $this->setting->webhook_endpoint = $this->webhook_endpoint;

8
resources/views/livewire/slack-settings-form.blade.php
View file

@ -79,7 +79,7 @@
{{ Form::label('webhook_endpoint', trans('admin/settings/general.webhook_endpoint',['app' => $webhook_name ])) }} {{ Form::label('webhook_endpoint', trans('admin/settings/general.webhook_endpoint',['app' => $webhook_name ])) }}
</div> </div>
<div class="col-md-9 required"> <div class="col-md-9 required">
<input type="text" wire:model="webhook_endpoint" class="form-control" placeholder="{{$webhook_placeholder}}" value="{{old('webhook_endpoint', $webhook_endpoint)}}"{{ Helper::isDemoMode() ? ' disabled' : ''}}> <input type="text" wire:model.lazy="webhook_endpoint" class="form-control" placeholder="{{$webhook_placeholder}}" value="{{old('webhook_endpoint', $webhook_endpoint)}}"{{ Helper::isDemoMode() ? ' disabled' : ''}}>
{!! $errors->first('webhook_endpoint', '<span class="alert-msg" aria-hidden="true">:message</span>') !!} {!! $errors->first('webhook_endpoint', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
</div> </div>
</div> </div>
@ -95,7 +95,7 @@
{{ Form::label('webhook_channel', trans('admin/settings/general.webhook_channel',['app' => $webhook_name ])) }} {{ Form::label('webhook_channel', trans('admin/settings/general.webhook_channel',['app' => $webhook_name ])) }}
</div> </div>
<div class="col-md-9 required"> <div class="col-md-9 required">
<input type="text" wire:model="webhook_channel" class="form-control" placeholder="#IT-Ops" value="{{ old('webhook_channel', $webhook_channel) }}"{{ Helper::isDemoMode() ? ' disabled' : ''}}> <input type="text" wire:model.lazy="webhook_channel" class="form-control" placeholder="#IT-Ops" value="{{ old('webhook_channel', $webhook_channel) }}"{{ Helper::isDemoMode() ? ' disabled' : ''}}>
{!! $errors->first('webhook_channel', '<span class="alert-msg" aria-hidden="true">:message</span>') !!} {!! $errors->first('webhook_channel', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
</div> </div>
@ -111,7 +111,7 @@
{{ Form::label('webhook_botname', trans('admin/settings/general.webhook_botname',['app' => $webhook_name ])) }} {{ Form::label('webhook_botname', trans('admin/settings/general.webhook_botname',['app' => $webhook_name ])) }}
</div> </div>
<div class="col-md-9"> <div class="col-md-9">
<input type="text" wire:model="webhook_botname" class='form-control' placeholder="Snipe-Bot" {{ old('webhook_botname', $webhook_botname)}}{{ Helper::isDemoMode() ? ' disabled' : ''}}> <input type="text" wire:model.lazy="webhook_botname" class='form-control' placeholder="Snipe-Bot" {{ old('webhook_botname', $webhook_botname)}}{{ Helper::isDemoMode() ? ' disabled' : ''}}>
{!! $errors->first('webhook_botname', '<span class="alert-msg" aria-hidden="true">:message</span>') !!} {!! $errors->first('webhook_botname', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
</div><!--col-md-10--> </div><!--col-md-10-->
</div> </div>
@ -121,7 +121,6 @@
@endif @endif
<!--Webhook Integration Test--> <!--Webhook Integration Test-->
@if($webhook_selected == 'slack')
@if($webhook_endpoint != null && $webhook_channel != null) @if($webhook_endpoint != null && $webhook_channel != null)
<div class="form-group"> <div class="form-group">
<div class="col-md-offset-2 col-md-9"> <div class="col-md-offset-2 col-md-9">
@ -138,7 +137,6 @@
</div> </div>
</div> </div>
@endif @endif
@endif
</div><!-- /.col-md-12 --> </div><!-- /.col-md-12 -->
</div><!-- /.box-body --> </div><!-- /.box-body -->