Skip to content

Z
z-push
Commit 22dd9503 authored by Sebastian Kummer's avatar Sebastian Kummer
Browse files
Options

Merge pull request #34 in ZP/z-push from... 

Merge pull request #34 in ZP/z-push from bugfix/ZP-672-options-without-authentication-info to develop

* commit '0db8a314':
  ZP-672 Always require Authentication header. Released under the Affero GNU General Public License (AGPL) version 3.
  ZP-672 Options without authentication info. Released under the Affero GNU General Public License (AGPL) version 3.
parents cf3ad6fb 0db8a314
Show whitespace changes
Inline Side-by-side
Showing with 9 additions and 8 deletions
src/index.php
View file @ 22dd9503
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* Created : 01.10.2007 * Created : 01.10.2007
* *
* Copyright 2007 - 2013 Zarafa Deutschland GmbH * Copyright 2007 - 2015 Zarafa Deutschland GmbH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3, * it under the terms of the GNU Affero General Public License, version 3,
...@@ -147,9 +147,14 @@ include_once('version.php'); ...@@ -147,9 +147,14 @@ include_once('version.php');
@constant('ZPUSH_VERSION'), Request::GetMethod(), Request::GetRemoteAddr(), @constant('ZPUSH_VERSION'), Request::GetMethod(), Request::GetRemoteAddr(),
Request::GetCommand(), Request::GetGETUser(), Request::GetDeviceID(), Request::GetDeviceType())); Request::GetCommand(), Request::GetGETUser(), Request::GetDeviceID(), Request::GetDeviceType()));
// Stop here if this is an OPTIONS request // always request the authorization header
if (Request::IsMethodOPTIONS()) if (! Request::AuthenticationInfo())
throw new AuthenticationRequiredException("Access denied. Please send authorization header.");
// Stop here if this is an OPTIONS request - Auth information is available but not verified
if (Request::IsMethodOPTIONS()) {
throw new NoPostRequestException("Options request", NoPostRequestException::OPTIONS_REQUEST); throw new NoPostRequestException("Options request", NoPostRequestException::OPTIONS_REQUEST);
}
ZPush::CheckAdvancedConfig(); ZPush::CheckAdvancedConfig();
...@@ -157,16 +162,12 @@ include_once('version.php'); ...@@ -157,16 +162,12 @@ include_once('version.php');
Request::ProcessHeaders(); Request::ProcessHeaders();
// Check required GET parameters // Check required GET parameters
if(Request::IsMethodPOST() && (Request::GetCommandCode() === false || !Request::GetDeviceID() || !Request::GetDeviceType())) if(Request::IsMethodPOST() && (Request::GetCommandCode() === false || !Request::GetDeviceID() || !Request::GetDeviceType() || !Request::GetGETUser()))
throw new FatalException("Requested the Z-Push URL without the required GET parameters"); throw new FatalException("Requested the Z-Push URL without the required GET parameters");
// Load the backend // Load the backend
$backend = ZPush::GetBackend(); $backend = ZPush::GetBackend();
// always request the authorization header
if (! Request::AuthenticationInfo() || !Request::GetGETUser())
throw new AuthenticationRequiredException("Access denied. Please send authorisation information");
// check the provisioning information // check the provisioning information
if (PROVISIONING === true && Request::IsMethodPOST() && ZPush::CommandNeedsProvisioning(Request::GetCommandCode()) && if (PROVISIONING === true && Request::IsMethodPOST() && ZPush::CommandNeedsProvisioning(Request::GetCommandCode()) &&
((Request::WasPolicyKeySent() && Request::GetPolicyKey() == 0) || ZPush::GetDeviceManager()->ProvisioningRequired(Request::GetPolicyKey())) && ((Request::WasPolicyKeySent() && Request::GetPolicyKey() == 0) || ZPush::GetDeviceManager()->ProvisioningRequired(Request::GetPolicyKey())) &&
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment