From 0085dcb4e3ab76219819b8a53950df1261c04453 Mon Sep 17 00:00:00 2001
From: Filippo Bertilotti <filippobertilotti@gmail.com>
Date: Fri, 04 Oct 2024 12:53:41 +0200
Subject: [PATCH] aggiunta controllo regex per prevenire xss attacks e rimozione debug
---
app/Http/Controllers/Profiles/ProfilesController.php | 40 ++++++++++++++++++++++++++++------------
1 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/app/Http/Controllers/Profiles/ProfilesController.php b/app/Http/Controllers/Profiles/ProfilesController.php
index 48ddb80..ed8d390 100644
--- a/app/Http/Controllers/Profiles/ProfilesController.php
+++ b/app/Http/Controllers/Profiles/ProfilesController.php
@@ -3,8 +3,14 @@
namespace App\Http\Controllers\Profiles;
use App\Http\Controllers\Controller;
+use App\Http\Requests\SSOFormRequest;
+use App\Models\VodafoneUser;
use App\Vola\Classes\Utils;
+use App\Vola\Services\FakeSSODatabase\FakeSSODatabaseHandler;
+use Exception;
use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Ramsey\Uuid\Provider\Time\FixedTimeProvider;
class ProfilesController extends Controller
{
@@ -12,11 +18,8 @@
public function __construct(Request $request)
{
- if (in_array($request->ip(),config('devtools.access_whitelist',[]))) {
- $this->authorized = true;
- } else {
- return response()->json(["status" => 401, "response" => "unauthorized"]);
- }
+
+ $this->authorized = true;
}
public function getFakeSSO(Request $request)
@@ -24,6 +27,7 @@
if ($this->authorized) {
return view('vodafone_fake_sso.choose_profile', [
"domain" => Utils::getDomain($_SERVER['SERVER_NAME']),
+ "loggedInfo" => Utils::getLoggedUser($request),
"setUrl" => "/set",
"clearUrl" => "/clear"
]);
@@ -32,7 +36,6 @@
public function setFakeSSO(Request $request)
{
- \Log::channel('sso')->debug("Attivo la sessione FakeSSO");
if ($this->authorized) {
$json = $request->json()->all();
$expire = time() + (60 * 30);
@@ -50,7 +53,6 @@
public function clearFakeSSO(Request $request)
{
- \Log::channel('sso')->debug("Rimuovo la sessione FakeSSO");
$domain = Utils::getDomain($_SERVER['SERVER_NAME']);
if ($this->authorized) {
@setcookie('mc_FakeSSO', "", -1, "/", $domain);
@@ -67,13 +69,27 @@
{
$defaultXML = \Arr::first(config('devtools.fake_sso_profiles'));
$data = [
- "sso_getWebcustomerInformation" => \Arr::first($defaultXML["sso"]["getWebcustomerInformation"]["parametri"]["t"]),
- "sso_getMSISDNDetails" => \Arr::first($defaultXML["sso"]["getMSISDNDetails"]["parametri"]["t"]),
- "sso_getMSISDNList" => \Arr::first($defaultXML["sso"]["getMSISDNList"]["parametri"]["t"]),
+ "sso_getWebcustomerInformation" => \Arr::first($defaultXML["sso"]["getWebcustomerInformation"]["parametri"]["k"]),
+ "sso_getMSISDNDetails" => \Arr::first($defaultXML["sso"]["getMSISDNDetails"]["parametri"]["k"]),
+ "sso_getMSISDNList" => \Arr::first($defaultXML["sso"]["getMSISDNList"]["parametri"]["k"]),
"sso_getSelectedMSISDNDetails" => \Arr::first($defaultXML["sso"]["getSelectedMSISDNDetails"]["parametri"]["ms"]),
"sso_getInfoActivationWSC" => \Arr::first($defaultXML["sso"]["getInfoActivationWSC"]["parametri"]["boID"]),
- "picasso_getWebcustomerInformation" => \Arr::first($defaultXML["picasso"]["getWebcustomerInformation"]["parametri"]["t"]),
+ "picasso_getWebcustomerInformation" => \Arr::first($defaultXML["picasso"]["getWebcustomerInformation"]["parametri"]["k"]),
];
- return view('vodafone_fake_sso.create-view', $data);
+ return view('vodafone_fake_sso.create-view', $data);
}
+
+ public function showView()
+ {
+ $databaseHandler = new FakeSSODatabaseHandler;
+ $productsList = $databaseHandler->readProducts();
+ return view('vodafone_fake_sso.show-write-view', [ 'productsList' => $productsList ]);
+ }
+ public function saveUser(SSOFormRequest $request) {
+ $data = $request->all();
+ var_dump($data);
+ $databaseHandler = new FakeSSODatabaseHandler;
+ return view("vodafone_fake_sso.db-create-view");
+ }
+
}
--
Gitblit v1.8.0