Merge pull request #291 from silinternational/develop

Release 7.0.3 -- trim whitespace

.github/workflows/test-and-publish.yml

@@ -7,6 +7,7 @@ jobs:
   tests:
     name: Tests
     runs-on: ubuntu-latest
+    timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -21,6 +22,7 @@ jobs:
     name: Build and Publish
     needs: tests
     runs-on: ubuntu-latest
+    timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -34,6 +36,10 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ vars.DOCKER_ORG }}/${{ github.event.repository.name }}
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:

application/frontend/controllers/MethodController.php

@@ -32,8 +32,8 @@ public function init()
             $config['baseUrl'],
             $config['accessToken'],
             [
-                IdBrokerClient::TRUSTED_IPS_CONFIG              => $config['validIpRanges']       ?? [],
-                IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG   => $config['assertValidBrokerIp']   ?? true,
+                IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [],
+                IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true,
             ]
         );
     }
@@ -114,8 +114,8 @@ public function actionCreate()
 
         $request = \Yii::$app->request;
 
-        $value = $request->post('value');
-        if ($value === null) {
+        $value = trim($request->getBodyParam('value', ''));
+        if ($value === '') {
             throw new BadRequestHttpException(\Yii::t('app', 'Method.MissingValue'), 1542750428);
         }
 
@@ -157,8 +157,8 @@ public function actionVerify($uid)
             429 => \Yii::t('app', 'Method.TooManyFailures'),
         ];
 
-        $code = \Yii::$app->request->getBodyParam('code');
-        if ($code === null) {
+        $code = trim(\Yii::$app->request->getBodyParam('code', ''));
+        if ($code === '') {
             throw new BadRequestHttpException(\Yii::t('app', 'Method.CodeMissing'), 1542749426);
         }
 

application/frontend/controllers/MfaController.php

@@ -54,8 +54,8 @@ public function init()
             $config['baseUrl'],
             $config['accessToken'],
             [
-                IdBrokerClient::TRUSTED_IPS_CONFIG              => $config['validIpRanges']       ?? [],
-                IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG   => $config['assertValidBrokerIp']   ?? true,
+                IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [],
+                IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true,
             ]
         );
     }
@@ -88,7 +88,7 @@ public function actionCreate(): ?array
             throw new BadRequestHttpException(\Yii::t('app', 'Mfa.TypeMissing'));
         }
 
-        $label = \Yii::$app->request->getBodyParam('label');
+        $label = trim(\Yii::$app->request->getBodyParam('label', ''));
 
         try {
             $mfa = $this->idBrokerClient->mfaCreate(
@@ -249,8 +249,7 @@ public function actionVerifyRegistration($mfaId)
             throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingValue'));
         }
 
-        $label = \Yii::$app->request->getBodyParam('label');
-        $label = $label ?: '';
+        $label = trim(\Yii::$app->request->getBodyParam('label', ''));
 
         try {
             $mfa = $this->idBrokerClient->mfaVerify(
@@ -286,8 +285,8 @@ public function actionVerifyRegistration($mfaId)
      */
     public function actionUpdate($mfaId)
     {
-        $label = \Yii::$app->request->getBodyParam('label');
-        if (!$label) {
+        $label = trim(\Yii::$app->request->getBodyParam('label', ''));
+        if ($label === '') {
             throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel'));
         }
 
@@ -317,8 +316,8 @@ public function actionUpdate($mfaId)
      */
     public function actionUpdateWebauthn($mfaId, $webauthnId)
     {
-        $label = \Yii::$app->request->getBodyParam('label');
-        if (!$label) {
+        $label = trim(\Yii::$app->request->getBodyParam('label', ''));
+        if ($label === '') {
             throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel'));
         }
 

application/frontend/controllers/PasswordController.php

@@ -89,7 +89,7 @@ public function actionAssess()
 
         $testPassword = Password::create($user, $newPassword);
 
-        if (! $testPassword->validate('password')) {
+        if (!$testPassword->validate('password')) {
             $errors = join(', ', $testPassword->getErrors('password'));
             \Yii::warning([
                 'action' => 'password/assess',
@@ -110,8 +110,8 @@ public function actionAssess()
      */
     protected function getPasswordFromRequestBody()
     {
-        $newPassword = \Yii::$app->request->getBodyParam('password');
-        if ($newPassword === null) {
+        $newPassword = trim(\Yii::$app->request->getBodyParam('password', ''));
+        if ($newPassword === '') {
             throw new BadRequestHttpException(\Yii::t('app', 'Password.MissingPassword'));
         }
         return $newPassword;

application/frontend/controllers/ResetController.php

@@ -2,7 +2,6 @@
 
 namespace frontend\controllers;
 
-use common\components\passwordStore\AccountLockedException;
 use common\components\personnel\NotFoundException;
 use common\helpers\Utils;
 use common\models\EventLog;
@@ -65,10 +64,10 @@ public function actionView($uid)
      */
     public function actionCreate()
     {
-        $username = \Yii::$app->request->post('username');
-        $verificationToken = \Yii::$app->request->post('verification_token');
+        $username = trim(\Yii::$app->request->getBodyParam('username', ''));
+        $verificationToken = trim(\Yii::$app->request->getBodyParam('verification_token', ''));
 
-        if (! $username) {
+        if ($username === '') {
             throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingUsername'));
         }
 
@@ -78,12 +77,12 @@ public function actionCreate()
          * be double sure an exception is thrown.
          */
         if (\Yii::$app->params['recaptcha']['required']) {
-            if (! $verificationToken) {
+            if ($verificationToken === '') {
                 throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingRecaptchaCode'));
             }
 
             $clientIp = Utils::getClientIp(\Yii::$app->request);
-            if (! Utils::isRecaptchaResponseValid($verificationToken, $clientIp)) {
+            if (!Utils::isRecaptchaResponseValid($verificationToken, $clientIp)) {
                 throw new BadRequestHttpException(\Yii::t('app', 'Reset.RecaptchaFailedVerification'));
             }
         }
@@ -294,7 +293,7 @@ public function actionValidate($uid)
                 /*
                  * Delete reset record, log errors, but let user proceed
                  */
-                if (! $reset->delete()) {
+                if (!$reset->delete()) {
                     \Yii::warning([
                         'action' => 'delete reset after validation',
                         'reset_id' => $reset->id,
@@ -337,8 +336,8 @@ public function actionValidate($uid)
      */
     protected function getCodeFromRequestBody(): string
     {
-        $code = \Yii::$app->request->getBodyParam('code', null);
-        if ($code === null) {
+        $code = trim(\Yii::$app->request->getBodyParam('code', ''));
+        if ($code === '') {
             throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingCode'), 1462989866);
         }
         return $code;