DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-11 22:07:29 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Adds stricter validation for slack endpoints

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2021-12-06 11:40:24 -08:00
parent cae62fd4c7
commit ebdbc20740
5 changed files with 39 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/Http/Controllers/Api/SettingsController.php
View file

@ -162,6 +162,12 @@ class SettingsController extends Controller
public function slacktest(Request $request) public function slacktest(Request $request)
{ {
// Only attempt the slack request if the validation passes
if ($request->validate([
'slack_endpoint' => 'url|required_with:slack_channel|starts_with:https://hooks.slack.com|nullable',
'slack_channel' => 'required_with:slack_endpoint|starts_with:#|nullable',
])) {
$slack = new Client([ $slack = new Client([
'base_url' => e($request->input('slack_endpoint')), 'base_url' => e($request->input('slack_endpoint')),
'defaults' => [ 'defaults' => [
@ -184,6 +190,7 @@ class SettingsController extends Controller
} catch (\Exception $e) { } catch (\Exception $e) {
return response()->json(['message' => 'Oops! Please check the channel name and webhook endpoint URL. Slack responded with: '.$e->getMessage()], 400); return response()->json(['message' => 'Oops! Please check the channel name and webhook endpoint URL. Slack responded with: '.$e->getMessage()], 400);
} }
}
return response()->json(['message' => 'Something went wrong :( '], 400); return response()->json(['message' => 'Something went wrong :( '], 400);
} }

10
app/Http/Controllers/SettingsController.php
View file

@ -665,16 +665,6 @@ class SettingsController extends Controller
return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error')); return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
} }
$validatedData = $request->validate([
'slack_channel' => 'regex:/(?<!\w)#\w+/|required_with:slack_endpoint|nullable',
]);
if ($validatedData) {
$setting->slack_endpoint = $request->input('slack_endpoint');
$setting->slack_channel = $request->input('slack_channel');
$setting->slack_botname = $request->input('slack_botname');
}
if ($setting->save()) { if ($setting->save()) {
return redirect()->route('settings.index') return redirect()->route('settings.index')
->with('success', trans('admin/settings/message.update.success')); ->with('success', trans('admin/settings/message.update.success'));

4
app/Models/Setting.php
View file

@ -54,9 +54,9 @@ class Setting extends Model
'admin_cc_email' => 'email|nullable', 'admin_cc_email' => 'email|nullable',
'default_currency' => 'required', 'default_currency' => 'required',
'locale' => 'required', 'locale' => 'required',
'slack_endpoint' => 'url|required_with:slack_channel|nullable', 'slack_endpoint' => 'url|required_with:slack_channel|nullable|starts_with:https://hooks.slack.com',
'labels_per_page' => 'numeric', 'labels_per_page' => 'numeric',
'slack_channel' => 'regex:/^[\#\@]?\w+/|required_with:slack_endpoint|nullable', 'slack_channel' => 'required_with:slack_endpoint|starts_with:#|nullable',
'slack_botname' => 'string|nullable', 'slack_botname' => 'string|nullable',
'labels_width' => 'numeric', 'labels_width' => 'numeric',
'labels_height' => 'numeric', 'labels_height' => 'numeric',

1
resources/lang/en/validation.php
View file

@ -64,6 +64,7 @@ return [
'string' => 'The :attribute must be at least :min characters.', 'string' => 'The :attribute must be at least :min characters.',
'array' => 'The :attribute must have at least :min items.', 'array' => 'The :attribute must have at least :min items.',
], ],
'starts_with' => 'The :attribute must start with one of the following: :values.',
'not_in' => 'The selected :attribute is invalid.', 'not_in' => 'The selected :attribute is invalid.',
'numeric' => 'The :attribute must be a number.', 'numeric' => 'The :attribute must be a number.',
'present' => 'The :attribute field must be present.', 'present' => 'The :attribute field must be present.',

16
resources/views/settings/slack.blade.php
View file

@ -194,9 +194,11 @@
if (data.responseJSON) { if (data.responseJSON) {
var errors = data.responseJSON.message; var errors = data.responseJSON.errors;
var error_msg = data.responseJSON.message;
} else { } else {
var errors; var errors;
var error_msg = 'Something went wrong.';
} }
var error_text = ''; var error_text = '';
@ -204,15 +206,20 @@
$('#save_slack').attr("disabled", true); $('#save_slack').attr("disabled", true);
$("#slacktesticon").html(''); $("#slacktesticon").html('');
$("#slackteststatus").addClass('text-danger'); $("#slackteststatus").addClass('text-danger');
$("#slacktesticon").html('<i class="fas fa-exclamation-triangle text-danger"></i>'); $("#slacktesticon").html('<i class="fas fa-exclamation-triangle text-danger"></i><span class="text-danger">' + error_msg+ '</span>');
if (data.status == 500) { if (data.status == 500) {
$('#slackteststatus').html('500 Server Error'); $('#slackteststatus').html('500 Server Error');
} else if (data.status == 400) { } else if ((data.status == 400) || (data.status == 422)) {
console.log('Type of errors is '+ typeof errors);
console.log('Data status was 400 or 422');
if (typeof errors != 'string') { if (typeof errors != 'string') {
for (i = 0; i < errors.length; i++) { console.log(errors.length);
for (i in errors) {
if (errors[i]) { if (errors[i]) {
error_text += '<li>Error: ' + errors[i]; error_text += '<li>Error: ' + errors[i];
} }
@ -220,6 +227,7 @@
} }
} else { } else {
error_text = errors; error_text = errors;
} }