Commit 72498ad7 authored by Aaron Wells's avatar Aaron Wells Committed by Robert Lyon

Bug 1620879: Improved webservice param validation

- Respect the "optional" and "default" flags for
object and array params (not just scalar params)

- Allow REST server to handle file upload params ($_FILES)

behatnotneeded: Tests to come later

Change-Id: I3a6a6ccf7c9de1711e2fd39aa5f130c245823721
parent 219e7553
......@@ -646,6 +646,17 @@ class external_api {
}
else if ($description instanceof external_single_structure) {
if ($response === null) {
if ($description->required == VALUE_REQUIRED) {
throw new WebserviceInvalidParameterException(get_string('errormissingkey', 'auth.webservice', $description->type));
}
else if ($description->required == VALUE_DEFAULT) {
return $description->default;
}
else {
return null;
}
}
if (!is_array($response)) {
throw new WebserviceInvalidResponseException(get_string('erroronlyarray', 'auth.webservice'));
}
......@@ -655,13 +666,12 @@ class external_api {
if ($subdesc->required == VALUE_REQUIRED) {
throw new WebserviceParameterException('errorresponsemissingkey', $key);
}
if ($subdesc instanceof external_value) {
if ($subdesc->required == VALUE_DEFAULT) {
try {
$result[$key] = self::clean_returnvalue($subdesc, $subdesc->default);
} catch (Exception $e) {
throw new WebserviceParameterException('invalidextresponse',$key . " (" . $e->getMessage() . ")");
}
else if ($subdesc->required == VALUE_DEFAULT) {
try {
$result[$key] = self::clean_returnvalue($subdesc, $subdesc->default);
}
catch (Exception $e) {
throw new WebserviceParameterException('invalidextresponse',$key . " (" . $e->getMessage() . ")");
}
}
}
......@@ -680,6 +690,17 @@ class external_api {
}
else if ($description instanceof external_multiple_structure) {
if ($response === null) {
if ($description->required == VALUE_REQUIRED) {
throw new WebserviceInvalidParameterException(get_string('errormissingkey', 'auth.webservice', $description->type));
}
else if ($description->required == VALUE_DEFAULT) {
return $description->default;
}
else {
return null;
}
}
if (!is_array($response)) {
throw new WebserviceInvalidResponseException(get_string('erroronlyarray', 'auth.webservice'));
}
......
......@@ -76,6 +76,13 @@ class webservice_rest_server extends webservice_base_server {
$this->parameters = $_REQUEST;
// Handle file uploads
if (count($_FILES)) {
foreach ($_FILES as $k => $v) {
$this->parameters[$k] = $v['name'];
}
}
execute_sql("delete from oauth_server_nonce");
// if we should have one - setup the OAuth server handler
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment