Skip to content

IONOS(login-flow-v2): reject unknown api clients by user agent #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
printminion-co merged 2 commits into from
Feb 7, 2025
Merged

IONOS(login-flow-v2): reject unknown api clients by user agent #98

printminion-co merged 2 commits into from
Feb 7, 2025

Conversation

@printminion-co
Copy link

@printminion-co printminion-co commented Feb 4, 2025
edited
Loading

add config value to config.php:

	"core.login_flow_v2.allowed_user_agents" => [
			'/Custom Foo/i'
	],

Test Allowed client

curl -s -A "Custom Foo Curl Client/1.0" -X POST http://localhost:8080/index.php/login/v2 | jq

click on generated login url.

Test Forbidden client

curl -s -A "Rogue Curl Client/1.0" -X POST http://localhost:8080/index.php/login/v2 | jq

click on generated login url.
observe
Selection_20250204-003

Unitests

  • Run tests with coverage
  • Add test suite phpunit-autotest-core.xml file
phpunit-autotest-core.xml 
<?xml version="1.0" encoding="utf-8" ?>
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		 bootstrap="bootstrap.php"
		 verbose="true"
		 backupGlobals="false"
		 timeoutForSmallTests="900"
		 timeoutForMediumTests="900"
		 timeoutForLargeTests="900"
		 convertDeprecationsToExceptions="true"
		 xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.6/phpunit.xsd">
	<testsuite name='test LoginFlowV2'>
		<directory suffix=".php">./Core/Controller/ClientFlowLoginV2ControllerTest.php</directory>
		<directory suffix=".php">./Core/Service/LoginFlowV2ServiceUnitTest.php</directory>
	</testsuite>
	<coverage>
		<include>
			<directory suffix=".php">../core/*</directory>
		</include>
		<exclude>
			<directory suffix=".js">../**/</directory>

			<directory suffix=".php">../3rdparty/**/*</directory>
			<directory suffix=".php">../apps/**/*</directory>
			<directory suffix=".php">../apps-custom/**/*</directory>
			<directory suffix=".php">../apps-external/**/*</directory>
			<directory suffix=".php">../custom-npms/**/*</directory>
			<directory suffix=".php">../build</directory>
			<directory suffix=".php">../IONOS/**/*</directory>
			<directory suffix=".php">../lib/composer</directory>
			<directory suffix=".php">../vendor/**/*</directory>
			<directory suffix=".php">../tests</directory>
		</exclude>
	</coverage>
	<listeners>
		<listener class="StartSessionListener" file="startsessionlistener.php" />
	</listeners>
</phpunit>
  • run tests
export XDEBUG_MODE=coverage && phpunit --configuration tests/phpunit-autotest-core.xml --coverage-html coverage
  • observe coverage in ./coverage folder

Additional Info

Checklist

@printminion-co printminion-co force-pushed the mk/dev/block_unknown_clients branch 2 times, most recently from 2fef244 to a9eee81 Compare February 4, 2025 15:33
@printminion-co printminion-co force-pushed the mk/dev/block_unknown_clients branch from 2880105 to 759bece Compare February 5, 2025 11:50
bromiesTM
bromiesTM reviewed Feb 6, 2025
View reviewed changes
bromiesTM
bromiesTM approved these changes Feb 7, 2025
View reviewed changes
Copy link

@bromiesTM bromiesTM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks okay to me.

@printminion-co printminion-co merged commit 6f275d0 into ionos-dev Feb 7, 2025
15 of 24 checks passed
@printminion-co printminion-co deleted the mk/dev/block_unknown_clients branch February 7, 2025 08:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bromiesTM bromiesTM bromiesTM approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@printminion-co @bromiesTM