Skip to content

Z
z-push
Commit 40304b53 authored by Manfred Kutas's avatar Manfred Kutas
Browse files
Options

ZP-672 Always require authentication info. 

Released under the Affero GNU General Public License (AGPL) version 3.
parent f02caf31
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 5 deletions
src/index.php
View file @ 40304b53
...@@ -69,6 +69,10 @@ include_once(ZPUSH_CONFIG); ...@@ -69,6 +69,10 @@ include_once(ZPUSH_CONFIG);
sprintf("cmd='%s' devType='%s' devId='%s' getUser='%s' from='%s' version='%s' method='%s'", sprintf("cmd='%s' devType='%s' devId='%s' getUser='%s' from='%s' version='%s' method='%s'",
Request::GetCommand(), Request::GetDeviceType(), Request::GetDeviceID(), Request::GetGETUser(), Request::GetRemoteAddr(), @constant('ZPUSH_VERSION'), Request::GetMethod() )); Request::GetCommand(), Request::GetDeviceType(), Request::GetDeviceID(), Request::GetGETUser(), Request::GetRemoteAddr(), @constant('ZPUSH_VERSION'), Request::GetMethod() ));
// always request the authorization header
if (! Request::HasAuthenticationInfo() || !Request::GetGETUser())
throw new AuthenticationRequiredException("Access denied. Please send authorisation information");
// Stop here if this is an OPTIONS request // Stop here if this is an OPTIONS request
if (Request::IsMethodOPTIONS()) if (Request::IsMethodOPTIONS())
throw new NoPostRequestException("Options request", NoPostRequestException::OPTIONS_REQUEST); throw new NoPostRequestException("Options request", NoPostRequestException::OPTIONS_REQUEST);
...@@ -85,10 +89,6 @@ include_once(ZPUSH_CONFIG); ...@@ -85,10 +89,6 @@ include_once(ZPUSH_CONFIG);
// Load the backend // Load the backend
$backend = ZPush::GetBackend(); $backend = ZPush::GetBackend();
// always request the authorization header
if (! Request::HasAuthenticationInfo() || !Request::GetGETUser())
throw new AuthenticationRequiredException("Access denied. Please send authorisation information");
// check the provisioning information // check the provisioning information
if (PROVISIONING === true && Request::IsMethodPOST() && ZPush::CommandNeedsProvisioning(Request::GetCommandCode()) && if (PROVISIONING === true && Request::IsMethodPOST() && ZPush::CommandNeedsProvisioning(Request::GetCommandCode()) &&
((Request::WasPolicyKeySent() && Request::GetPolicyKey() == 0) || ZPush::GetDeviceManager()->ProvisioningRequired(Request::GetPolicyKey())) && ((Request::WasPolicyKeySent() && Request::GetPolicyKey() == 0) || ZPush::GetDeviceManager()->ProvisioningRequired(Request::GetPolicyKey())) &&
...@@ -198,7 +198,12 @@ include_once(ZPUSH_CONFIG); ...@@ -198,7 +198,12 @@ include_once(ZPUSH_CONFIG);
} }
if ($ex instanceof AuthenticationRequiredException) { if ($ex instanceof AuthenticationRequiredException) {
ZPush::PrintZPushLegal($exclass, sprintf('<pre>%s</pre>',$ex->getMessage())); // Only print ZPush legal message for GET requests because
// some devices send unauthorized OPTIONS requests
// and don't expect anything in the response body
if (Request::IsMethodGET()) {
ZPush::PrintZPushLegal($exclass, sprintf('<pre>%s</pre>',$ex->getMessage()));
}
// log the failed login attemt e.g. for fail2ban // log the failed login attemt e.g. for fail2ban
if (defined('LOGAUTHFAIL') && LOGAUTHFAIL != false) if (defined('LOGAUTHFAIL') && LOGAUTHFAIL != false)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment