diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index 064611a7..1173d0cb 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -7,6 +7,7 @@ jobs: tests: name: Tests runs-on: ubuntu-latest + timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -21,6 +22,7 @@ jobs: name: Build and Publish needs: tests runs-on: ubuntu-latest + timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -34,6 +36,10 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ vars.DOCKER_ORG }}/${{ github.event.repository.name }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} - name: Build and push Docker image uses: docker/build-push-action@v5 with: diff --git a/application/frontend/controllers/MethodController.php b/application/frontend/controllers/MethodController.php index b865694d..409e3fdd 100644 --- a/application/frontend/controllers/MethodController.php +++ b/application/frontend/controllers/MethodController.php @@ -32,8 +32,8 @@ public function init() $config['baseUrl'], $config['accessToken'], [ - IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], - IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, + IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], + IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, ] ); } @@ -114,8 +114,8 @@ public function actionCreate() $request = \Yii::$app->request; - $value = $request->post('value'); - if ($value === null) { + $value = trim($request->getBodyParam('value', '')); + if ($value === '') { throw new BadRequestHttpException(\Yii::t('app', 'Method.MissingValue'), 1542750428); } @@ -157,8 +157,8 @@ public function actionVerify($uid) 429 => \Yii::t('app', 'Method.TooManyFailures'), ]; - $code = \Yii::$app->request->getBodyParam('code'); - if ($code === null) { + $code = trim(\Yii::$app->request->getBodyParam('code', '')); + if ($code === '') { throw new BadRequestHttpException(\Yii::t('app', 'Method.CodeMissing'), 1542749426); } diff --git a/application/frontend/controllers/MfaController.php b/application/frontend/controllers/MfaController.php index 1eb216dd..414f18c4 100644 --- a/application/frontend/controllers/MfaController.php +++ b/application/frontend/controllers/MfaController.php @@ -54,8 +54,8 @@ public function init() $config['baseUrl'], $config['accessToken'], [ - IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], - IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, + IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], + IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, ] ); } @@ -88,7 +88,7 @@ public function actionCreate(): ?array throw new BadRequestHttpException(\Yii::t('app', 'Mfa.TypeMissing')); } - $label = \Yii::$app->request->getBodyParam('label'); + $label = trim(\Yii::$app->request->getBodyParam('label', '')); try { $mfa = $this->idBrokerClient->mfaCreate( @@ -249,8 +249,7 @@ public function actionVerifyRegistration($mfaId) throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingValue')); } - $label = \Yii::$app->request->getBodyParam('label'); - $label = $label ?: ''; + $label = trim(\Yii::$app->request->getBodyParam('label', '')); try { $mfa = $this->idBrokerClient->mfaVerify( @@ -286,8 +285,8 @@ public function actionVerifyRegistration($mfaId) */ public function actionUpdate($mfaId) { - $label = \Yii::$app->request->getBodyParam('label'); - if (!$label) { + $label = trim(\Yii::$app->request->getBodyParam('label', '')); + if ($label === '') { throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel')); } @@ -317,8 +316,8 @@ public function actionUpdate($mfaId) */ public function actionUpdateWebauthn($mfaId, $webauthnId) { - $label = \Yii::$app->request->getBodyParam('label'); - if (!$label) { + $label = trim(\Yii::$app->request->getBodyParam('label', '')); + if ($label === '') { throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel')); } diff --git a/application/frontend/controllers/PasswordController.php b/application/frontend/controllers/PasswordController.php index f7141c20..0911ac3b 100644 --- a/application/frontend/controllers/PasswordController.php +++ b/application/frontend/controllers/PasswordController.php @@ -89,7 +89,7 @@ public function actionAssess() $testPassword = Password::create($user, $newPassword); - if (! $testPassword->validate('password')) { + if (!$testPassword->validate('password')) { $errors = join(', ', $testPassword->getErrors('password')); \Yii::warning([ 'action' => 'password/assess', @@ -110,8 +110,8 @@ public function actionAssess() */ protected function getPasswordFromRequestBody() { - $newPassword = \Yii::$app->request->getBodyParam('password'); - if ($newPassword === null) { + $newPassword = trim(\Yii::$app->request->getBodyParam('password', '')); + if ($newPassword === '') { throw new BadRequestHttpException(\Yii::t('app', 'Password.MissingPassword')); } return $newPassword; diff --git a/application/frontend/controllers/ResetController.php b/application/frontend/controllers/ResetController.php index de071955..3db6dd4b 100644 --- a/application/frontend/controllers/ResetController.php +++ b/application/frontend/controllers/ResetController.php @@ -2,7 +2,6 @@ namespace frontend\controllers; -use common\components\passwordStore\AccountLockedException; use common\components\personnel\NotFoundException; use common\helpers\Utils; use common\models\EventLog; @@ -65,10 +64,10 @@ public function actionView($uid) */ public function actionCreate() { - $username = \Yii::$app->request->post('username'); - $verificationToken = \Yii::$app->request->post('verification_token'); + $username = trim(\Yii::$app->request->getBodyParam('username', '')); + $verificationToken = trim(\Yii::$app->request->getBodyParam('verification_token', '')); - if (! $username) { + if ($username === '') { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingUsername')); } @@ -78,12 +77,12 @@ public function actionCreate() * be double sure an exception is thrown. */ if (\Yii::$app->params['recaptcha']['required']) { - if (! $verificationToken) { + if ($verificationToken === '') { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingRecaptchaCode')); } $clientIp = Utils::getClientIp(\Yii::$app->request); - if (! Utils::isRecaptchaResponseValid($verificationToken, $clientIp)) { + if (!Utils::isRecaptchaResponseValid($verificationToken, $clientIp)) { throw new BadRequestHttpException(\Yii::t('app', 'Reset.RecaptchaFailedVerification')); } } @@ -294,7 +293,7 @@ public function actionValidate($uid) /* * Delete reset record, log errors, but let user proceed */ - if (! $reset->delete()) { + if (!$reset->delete()) { \Yii::warning([ 'action' => 'delete reset after validation', 'reset_id' => $reset->id, @@ -337,8 +336,8 @@ public function actionValidate($uid) */ protected function getCodeFromRequestBody(): string { - $code = \Yii::$app->request->getBodyParam('code', null); - if ($code === null) { + $code = trim(\Yii::$app->request->getBodyParam('code', '')); + if ($code === '') { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingCode'), 1462989866); } return $code;