~fbertilotti/fakesso.git

aggiunta controllo regex per prevenire xss attacks e rimozione debug

Filippo Bertilotti

2 days ago 0085dcb4e3ab76219819b8a53950df1261c04453

commit \| author \| age
9f6455	1	<?php
DC	2
	3	namespace App\Http\Controllers\Profiles;
	4
	5	use App\Http\Controllers\Controller;
0991a9	6	use App\Http\Requests\SSOFormRequest;
42e9ce	7	use App\Models\VodafoneUser;
9f6455	8	use App\Vola\Classes\Utils;
42e9ce	9	use App\Vola\Services\FakeSSODatabase\FakeSSODatabaseHandler;
FB	10	use Exception;
9f6455	11	use Illuminate\Http\Request;
42e9ce	12	use Illuminate\Support\Facades\DB;
13f6a9	13	use Ramsey\Uuid\Provider\Time\FixedTimeProvider;
9f6455	14
DC	15	class ProfilesController extends Controller
	16	{
	17	public bool $authorized = false;
	18
	19	public function __construct(Request $request)
	20	{
13f6a9	21
FB	22	$this->authorized = true;
9f6455	23	}
DC	24
	25	public function getFakeSSO(Request $request)
	26	{
	27	if ($this->authorized) {
	28	return view('vodafone_fake_sso.choose_profile', [
55f8f9	29	"domain" => Utils::getDomain($_SERVER['SERVER_NAME']),
d5d253	30	"loggedInfo" => Utils::getLoggedUser($request),
9f6455	31	"setUrl" => "/set",
DC	32	"clearUrl" => "/clear"
	33	]);
	34	}
	35	}
	36
	37	public function setFakeSSO(Request $request)
	38	{
	39	if ($this->authorized) {
	40	$json = $request->json()->all();
	41	$expire = time() + (60 * 30);
	42	$prof = isset($json['prof']) ? $json['prof'] : 0;
	43	$domain = Utils::getDomain($_SERVER['SERVER_NAME']);
	44	@setcookie('mc_FakeSSO', "xno:$prof", $expire, "/", $domain);
	45	@setcookie('SSOSESSIONID', "xno:$prof", $expire, "/", $domain);
	46	@setcookie('ObSSOCookie', "xno:$prof", $expire, "/", $domain);
	47	@setcookie('CAuthCookie', "xno:$prof", $expire, "/", $domain);
	48	@setcookie('vodafone_token', "415F2B31F1C15FA45C9A6E1CBEB0ADF3", $expire, "/", $domain);
	49	@setcookie('vodafone_name', "fake_sso", $expire, "/", $domain);
	50	return response()->json(["status" => 200, "response" => "OK"]);
	51	}
	52	}
	53
	54	public function clearFakeSSO(Request $request)
	55	{
	56	$domain = Utils::getDomain($_SERVER['SERVER_NAME']);
	57	if ($this->authorized) {
	58	@setcookie('mc_FakeSSO', "", -1, "/", $domain);
	59	@setcookie('SSOSESSIONID', "", -1, "/", $domain);
	60	@setcookie('CAuthCookie', "", -1, "/", $domain);
	61	@setcookie('ObSSOCookie', "", -1, "/", $domain);
	62	@setcookie('vodafone_token', "", -1, "/", $domain);
	63	@setcookie('vodafone_name', "", -1, "/", $domain);
	64	return response()->json(["status" => 200, "response" => "OK"]);
	65	}
	66	}
	67
	68	public function createView()
	69	{
	70	$defaultXML = \Arr::first(config('devtools.fake_sso_profiles'));
	71	$data = [
ca6434	72	"sso_getWebcustomerInformation" => \Arr::first($defaultXML["sso"]["getWebcustomerInformation"]["parametri"]["k"]),
D	73	"sso_getMSISDNDetails" => \Arr::first($defaultXML["sso"]["getMSISDNDetails"]["parametri"]["k"]),
	74	"sso_getMSISDNList" => \Arr::first($defaultXML["sso"]["getMSISDNList"]["parametri"]["k"]),
9f6455	75	"sso_getSelectedMSISDNDetails" => \Arr::first($defaultXML["sso"]["getSelectedMSISDNDetails"]["parametri"]["ms"]),
DC	76	"sso_getInfoActivationWSC" => \Arr::first($defaultXML["sso"]["getInfoActivationWSC"]["parametri"]["boID"]),
ca6434	77	"picasso_getWebcustomerInformation" => \Arr::first($defaultXML["picasso"]["getWebcustomerInformation"]["parametri"]["k"]),
9f6455	78	];
42e9ce	79	return view('vodafone_fake_sso.create-view', $data);
9f6455	80	}
56f8c8	81
13f6a9	82	public function showView()
56f8c8	83	{
fcae3d	84	$databaseHandler = new FakeSSODatabaseHandler;
FB	85	$productsList = $databaseHandler->readProducts();
	86	return view('vodafone_fake_sso.show-write-view', [ 'productsList' => $productsList ]);
56f8c8	87	}
0991a9	88	public function saveUser(SSOFormRequest $request) {
42e9ce	89	$data = $request->all();
0085dc	90	var_dump($data);
13f6a9	91	$databaseHandler = new FakeSSODatabaseHandler;
d2a091	92	return view("vodafone_fake_sso.db-create-view");
488dbe	93	}
42e9ce	94
9f6455	95	}