From b4b57fb1818eae167225bb86ee245b33fdc240a4 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:40:17 +0800 Subject: [PATCH 1/5] set job timeout --- .github/workflows/test-and-publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index 064611a7..da173a21 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -7,6 +7,7 @@ jobs: tests: name: Tests runs-on: ubuntu-latest + timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -21,6 +22,7 @@ jobs: name: Build and Publish needs: tests runs-on: ubuntu-latest + timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }} steps: - name: Checkout code uses: actions/checkout@v4 From 74ed0b294560ab2257f2288be223c9e7c391e1dd Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:38:13 +0800 Subject: [PATCH 2/5] trim input strings (IDP-1223) --- .../frontend/controllers/MethodController.php | 8 ++++---- application/frontend/controllers/MfaController.php | 13 ++++++------- .../frontend/controllers/PasswordController.php | 4 ++-- .../frontend/controllers/ResetController.php | 12 ++++++------ 4 files changed, 18 insertions(+), 19 deletions(-) diff --git a/application/frontend/controllers/MethodController.php b/application/frontend/controllers/MethodController.php index b865694d..0fad0bf8 100644 --- a/application/frontend/controllers/MethodController.php +++ b/application/frontend/controllers/MethodController.php @@ -114,8 +114,8 @@ public function actionCreate() $request = \Yii::$app->request; - $value = $request->post('value'); - if ($value === null) { + $value = trim($request->post('value')); + if ($value === "") { throw new BadRequestHttpException(\Yii::t('app', 'Method.MissingValue'), 1542750428); } @@ -157,8 +157,8 @@ public function actionVerify($uid) 429 => \Yii::t('app', 'Method.TooManyFailures'), ]; - $code = \Yii::$app->request->getBodyParam('code'); - if ($code === null) { + $code = trim(\Yii::$app->request->getBodyParam('code')); + if ($code === "") { throw new BadRequestHttpException(\Yii::t('app', 'Method.CodeMissing'), 1542749426); } diff --git a/application/frontend/controllers/MfaController.php b/application/frontend/controllers/MfaController.php index 1eb216dd..57c623c5 100644 --- a/application/frontend/controllers/MfaController.php +++ b/application/frontend/controllers/MfaController.php @@ -88,7 +88,7 @@ public function actionCreate(): ?array throw new BadRequestHttpException(\Yii::t('app', 'Mfa.TypeMissing')); } - $label = \Yii::$app->request->getBodyParam('label'); + $label = trim(\Yii::$app->request->getBodyParam('label')); try { $mfa = $this->idBrokerClient->mfaCreate( @@ -249,8 +249,7 @@ public function actionVerifyRegistration($mfaId) throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingValue')); } - $label = \Yii::$app->request->getBodyParam('label'); - $label = $label ?: ''; + $label = trim(\Yii::$app->request->getBodyParam('label')); try { $mfa = $this->idBrokerClient->mfaVerify( @@ -286,8 +285,8 @@ public function actionVerifyRegistration($mfaId) */ public function actionUpdate($mfaId) { - $label = \Yii::$app->request->getBodyParam('label'); - if (!$label) { + $label = trim(\Yii::$app->request->getBodyParam('label')); + if ($label === "") { throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel')); } @@ -317,8 +316,8 @@ public function actionUpdate($mfaId) */ public function actionUpdateWebauthn($mfaId, $webauthnId) { - $label = \Yii::$app->request->getBodyParam('label'); - if (!$label) { + $label = trim(\Yii::$app->request->getBodyParam('label')); + if ($label === "") { throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel')); } diff --git a/application/frontend/controllers/PasswordController.php b/application/frontend/controllers/PasswordController.php index f7141c20..81433ec3 100644 --- a/application/frontend/controllers/PasswordController.php +++ b/application/frontend/controllers/PasswordController.php @@ -110,8 +110,8 @@ public function actionAssess() */ protected function getPasswordFromRequestBody() { - $newPassword = \Yii::$app->request->getBodyParam('password'); - if ($newPassword === null) { + $newPassword = trim(\Yii::$app->request->getBodyParam('password')); + if ($newPassword === "") { throw new BadRequestHttpException(\Yii::t('app', 'Password.MissingPassword')); } return $newPassword; diff --git a/application/frontend/controllers/ResetController.php b/application/frontend/controllers/ResetController.php index de071955..1f987e40 100644 --- a/application/frontend/controllers/ResetController.php +++ b/application/frontend/controllers/ResetController.php @@ -65,10 +65,10 @@ public function actionView($uid) */ public function actionCreate() { - $username = \Yii::$app->request->post('username'); - $verificationToken = \Yii::$app->request->post('verification_token'); + $username = trim(\Yii::$app->request->post('username')); + $verificationToken = trim(\Yii::$app->request->post('verification_token')); - if (! $username) { + if ($username === "") { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingUsername')); } @@ -78,7 +78,7 @@ public function actionCreate() * be double sure an exception is thrown. */ if (\Yii::$app->params['recaptcha']['required']) { - if (! $verificationToken) { + if ($verificationToken === "") { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingRecaptchaCode')); } @@ -337,8 +337,8 @@ public function actionValidate($uid) */ protected function getCodeFromRequestBody(): string { - $code = \Yii::$app->request->getBodyParam('code', null); - if ($code === null) { + $code = trim(\Yii::$app->request->getBodyParam('code', null)); + if ($code === "") { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingCode'), 1462989866); } return $code; From 6671319a1a593d721145bffaa615119d7b7f1567 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:38:31 +0800 Subject: [PATCH 3/5] whitespace --- application/frontend/controllers/MethodController.php | 4 ++-- application/frontend/controllers/MfaController.php | 4 ++-- application/frontend/controllers/PasswordController.php | 2 +- application/frontend/controllers/ResetController.php | 5 ++--- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/application/frontend/controllers/MethodController.php b/application/frontend/controllers/MethodController.php index 0fad0bf8..94dadbde 100644 --- a/application/frontend/controllers/MethodController.php +++ b/application/frontend/controllers/MethodController.php @@ -32,8 +32,8 @@ public function init() $config['baseUrl'], $config['accessToken'], [ - IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], - IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, + IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], + IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, ] ); } diff --git a/application/frontend/controllers/MfaController.php b/application/frontend/controllers/MfaController.php index 57c623c5..8d06cd48 100644 --- a/application/frontend/controllers/MfaController.php +++ b/application/frontend/controllers/MfaController.php @@ -54,8 +54,8 @@ public function init() $config['baseUrl'], $config['accessToken'], [ - IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], - IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, + IdBrokerClient::TRUSTED_IPS_CONFIG => $config['validIpRanges'] ?? [], + IdBrokerClient::ASSERT_VALID_BROKER_IP_CONFIG => $config['assertValidBrokerIp'] ?? true, ] ); } diff --git a/application/frontend/controllers/PasswordController.php b/application/frontend/controllers/PasswordController.php index 81433ec3..d61c3611 100644 --- a/application/frontend/controllers/PasswordController.php +++ b/application/frontend/controllers/PasswordController.php @@ -89,7 +89,7 @@ public function actionAssess() $testPassword = Password::create($user, $newPassword); - if (! $testPassword->validate('password')) { + if (!$testPassword->validate('password')) { $errors = join(', ', $testPassword->getErrors('password')); \Yii::warning([ 'action' => 'password/assess', diff --git a/application/frontend/controllers/ResetController.php b/application/frontend/controllers/ResetController.php index 1f987e40..08d7e3d8 100644 --- a/application/frontend/controllers/ResetController.php +++ b/application/frontend/controllers/ResetController.php @@ -2,7 +2,6 @@ namespace frontend\controllers; -use common\components\passwordStore\AccountLockedException; use common\components\personnel\NotFoundException; use common\helpers\Utils; use common\models\EventLog; @@ -83,7 +82,7 @@ public function actionCreate() } $clientIp = Utils::getClientIp(\Yii::$app->request); - if (! Utils::isRecaptchaResponseValid($verificationToken, $clientIp)) { + if (!Utils::isRecaptchaResponseValid($verificationToken, $clientIp)) { throw new BadRequestHttpException(\Yii::t('app', 'Reset.RecaptchaFailedVerification')); } } @@ -294,7 +293,7 @@ public function actionValidate($uid) /* * Delete reset record, log errors, but let user proceed */ - if (! $reset->delete()) { + if (!$reset->delete()) { \Yii::warning([ 'action' => 'delete reset after validation', 'reset_id' => $reset->id, From 4a1c877ae4c5d022bc0b9f3796b863f3623021e3 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Tue, 17 Sep 2024 17:08:33 +0800 Subject: [PATCH 4/5] set the default value to '' in case the future doesn't like trim(null) --- .../frontend/controllers/MethodController.php | 8 ++++---- application/frontend/controllers/MfaController.php | 12 ++++++------ .../frontend/controllers/PasswordController.php | 4 ++-- application/frontend/controllers/ResetController.php | 12 ++++++------ 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/application/frontend/controllers/MethodController.php b/application/frontend/controllers/MethodController.php index 94dadbde..409e3fdd 100644 --- a/application/frontend/controllers/MethodController.php +++ b/application/frontend/controllers/MethodController.php @@ -114,8 +114,8 @@ public function actionCreate() $request = \Yii::$app->request; - $value = trim($request->post('value')); - if ($value === "") { + $value = trim($request->getBodyParam('value', '')); + if ($value === '') { throw new BadRequestHttpException(\Yii::t('app', 'Method.MissingValue'), 1542750428); } @@ -157,8 +157,8 @@ public function actionVerify($uid) 429 => \Yii::t('app', 'Method.TooManyFailures'), ]; - $code = trim(\Yii::$app->request->getBodyParam('code')); - if ($code === "") { + $code = trim(\Yii::$app->request->getBodyParam('code', '')); + if ($code === '') { throw new BadRequestHttpException(\Yii::t('app', 'Method.CodeMissing'), 1542749426); } diff --git a/application/frontend/controllers/MfaController.php b/application/frontend/controllers/MfaController.php index 8d06cd48..414f18c4 100644 --- a/application/frontend/controllers/MfaController.php +++ b/application/frontend/controllers/MfaController.php @@ -88,7 +88,7 @@ public function actionCreate(): ?array throw new BadRequestHttpException(\Yii::t('app', 'Mfa.TypeMissing')); } - $label = trim(\Yii::$app->request->getBodyParam('label')); + $label = trim(\Yii::$app->request->getBodyParam('label', '')); try { $mfa = $this->idBrokerClient->mfaCreate( @@ -249,7 +249,7 @@ public function actionVerifyRegistration($mfaId) throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingValue')); } - $label = trim(\Yii::$app->request->getBodyParam('label')); + $label = trim(\Yii::$app->request->getBodyParam('label', '')); try { $mfa = $this->idBrokerClient->mfaVerify( @@ -285,8 +285,8 @@ public function actionVerifyRegistration($mfaId) */ public function actionUpdate($mfaId) { - $label = trim(\Yii::$app->request->getBodyParam('label')); - if ($label === "") { + $label = trim(\Yii::$app->request->getBodyParam('label', '')); + if ($label === '') { throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel')); } @@ -316,8 +316,8 @@ public function actionUpdate($mfaId) */ public function actionUpdateWebauthn($mfaId, $webauthnId) { - $label = trim(\Yii::$app->request->getBodyParam('label')); - if ($label === "") { + $label = trim(\Yii::$app->request->getBodyParam('label', '')); + if ($label === '') { throw new BadRequestHttpException(\Yii::t('app', 'Mfa.MissingLabel')); } diff --git a/application/frontend/controllers/PasswordController.php b/application/frontend/controllers/PasswordController.php index d61c3611..0911ac3b 100644 --- a/application/frontend/controllers/PasswordController.php +++ b/application/frontend/controllers/PasswordController.php @@ -110,8 +110,8 @@ public function actionAssess() */ protected function getPasswordFromRequestBody() { - $newPassword = trim(\Yii::$app->request->getBodyParam('password')); - if ($newPassword === "") { + $newPassword = trim(\Yii::$app->request->getBodyParam('password', '')); + if ($newPassword === '') { throw new BadRequestHttpException(\Yii::t('app', 'Password.MissingPassword')); } return $newPassword; diff --git a/application/frontend/controllers/ResetController.php b/application/frontend/controllers/ResetController.php index 08d7e3d8..3db6dd4b 100644 --- a/application/frontend/controllers/ResetController.php +++ b/application/frontend/controllers/ResetController.php @@ -64,10 +64,10 @@ public function actionView($uid) */ public function actionCreate() { - $username = trim(\Yii::$app->request->post('username')); - $verificationToken = trim(\Yii::$app->request->post('verification_token')); + $username = trim(\Yii::$app->request->getBodyParam('username', '')); + $verificationToken = trim(\Yii::$app->request->getBodyParam('verification_token', '')); - if ($username === "") { + if ($username === '') { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingUsername')); } @@ -77,7 +77,7 @@ public function actionCreate() * be double sure an exception is thrown. */ if (\Yii::$app->params['recaptcha']['required']) { - if ($verificationToken === "") { + if ($verificationToken === '') { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingRecaptchaCode')); } @@ -336,8 +336,8 @@ public function actionValidate($uid) */ protected function getCodeFromRequestBody(): string { - $code = trim(\Yii::$app->request->getBodyParam('code', null)); - if ($code === "") { + $code = trim(\Yii::$app->request->getBodyParam('code', '')); + if ($code === '') { throw new BadRequestHttpException(\Yii::t('app', 'Reset.MissingCode'), 1462989866); } return $code; From 0b62c38c378ad837daf99db05495f6f9b8a0f802 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Tue, 17 Sep 2024 17:16:33 +0800 Subject: [PATCH 5/5] create semantic version docker tags --- .github/workflows/test-and-publish.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index da173a21..1173d0cb 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -36,6 +36,10 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ vars.DOCKER_ORG }}/${{ github.event.repository.name }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} - name: Build and push Docker image uses: docker/build-push-action@v5 with: