Commit 72498ad7 authored by Aaron Wells's avatar Aaron Wells Committed by Robert Lyon
Browse files

Bug 1620879: Improved webservice param validation

- Respect the "optional" and "default" flags for
object and array params (not just scalar params)

- Allow REST server to handle file upload params ($_FILES)

behatnotneeded: Tests to come later

Change-Id: I3a6a6ccf7c9de1711e2fd39aa5f130c245823721
parent 219e7553
...@@ -646,6 +646,17 @@ class external_api { ...@@ -646,6 +646,17 @@ class external_api {
} }
else if ($description instanceof external_single_structure) { else if ($description instanceof external_single_structure) {
if ($response === null) {
if ($description->required == VALUE_REQUIRED) {
throw new WebserviceInvalidParameterException(get_string('errormissingkey', 'auth.webservice', $description->type));
}
else if ($description->required == VALUE_DEFAULT) {
return $description->default;
}
else {
return null;
}
}
if (!is_array($response)) { if (!is_array($response)) {
throw new WebserviceInvalidResponseException(get_string('erroronlyarray', 'auth.webservice')); throw new WebserviceInvalidResponseException(get_string('erroronlyarray', 'auth.webservice'));
} }
...@@ -655,13 +666,12 @@ class external_api { ...@@ -655,13 +666,12 @@ class external_api {
if ($subdesc->required == VALUE_REQUIRED) { if ($subdesc->required == VALUE_REQUIRED) {
throw new WebserviceParameterException('errorresponsemissingkey', $key); throw new WebserviceParameterException('errorresponsemissingkey', $key);
} }
if ($subdesc instanceof external_value) { else if ($subdesc->required == VALUE_DEFAULT) {
if ($subdesc->required == VALUE_DEFAULT) { try {
try { $result[$key] = self::clean_returnvalue($subdesc, $subdesc->default);
$result[$key] = self::clean_returnvalue($subdesc, $subdesc->default); }
} catch (Exception $e) { catch (Exception $e) {
throw new WebserviceParameterException('invalidextresponse',$key . " (" . $e->getMessage() . ")"); throw new WebserviceParameterException('invalidextresponse',$key . " (" . $e->getMessage() . ")");
}
} }
} }
} }
...@@ -680,6 +690,17 @@ class external_api { ...@@ -680,6 +690,17 @@ class external_api {
} }
else if ($description instanceof external_multiple_structure) { else if ($description instanceof external_multiple_structure) {
if ($response === null) {
if ($description->required == VALUE_REQUIRED) {
throw new WebserviceInvalidParameterException(get_string('errormissingkey', 'auth.webservice', $description->type));
}
else if ($description->required == VALUE_DEFAULT) {
return $description->default;
}
else {
return null;
}
}
if (!is_array($response)) { if (!is_array($response)) {
throw new WebserviceInvalidResponseException(get_string('erroronlyarray', 'auth.webservice')); throw new WebserviceInvalidResponseException(get_string('erroronlyarray', 'auth.webservice'));
} }
......
...@@ -76,6 +76,13 @@ class webservice_rest_server extends webservice_base_server { ...@@ -76,6 +76,13 @@ class webservice_rest_server extends webservice_base_server {
$this->parameters = $_REQUEST; $this->parameters = $_REQUEST;
// Handle file uploads
if (count($_FILES)) {
foreach ($_FILES as $k => $v) {
$this->parameters[$k] = $v['name'];
}
}
execute_sql("delete from oauth_server_nonce"); execute_sql("delete from oauth_server_nonce");
// if we should have one - setup the OAuth server handler // if we should have one - setup the OAuth server handler
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment