From 3a2d4cf9fda87760c86320a7f8a5041d1d4256c6 Mon Sep 17 00:00:00 2001
From: Jeremy Benoist <jeremy.benoist@gmail.com>
Date: Wed, 9 Jan 2019 23:29:30 +0100
Subject: [PATCH] Cast client id to avoid PG error

If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer.
---
 src/Wallabag/ApiBundle/Entity/Client.php      |  2 +-
 .../ApiBundle/Repository/ClientRepository.php | 19 +++++++++++++++++++
 .../Controller/DeveloperControllerTest.php    | 14 ++++++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 src/Wallabag/ApiBundle/Repository/ClientRepository.php

diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php
index e6f98f98..78349820 100644
--- a/src/Wallabag/ApiBundle/Entity/Client.php
+++ b/src/Wallabag/ApiBundle/Entity/Client.php
@@ -11,7 +11,7 @@ use Wallabag\UserBundle\Entity\User;
 
 /**
  * @ORM\Table("oauth2_clients")
- * @ORM\Entity
+ * @ORM\Entity(repositoryClass="Wallabag\ApiBundle\Repository\ClientRepository")
  */
 class Client extends BaseClient
 {
diff --git a/src/Wallabag/ApiBundle/Repository/ClientRepository.php b/src/Wallabag/ApiBundle/Repository/ClientRepository.php
new file mode 100644
index 00000000..fc14262e
--- /dev/null
+++ b/src/Wallabag/ApiBundle/Repository/ClientRepository.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Wallabag\ApiBundle\Repository;
+
+use Doctrine\ORM\EntityRepository;
+
+class ClientRepository extends EntityRepository
+{
+    public function findOneBy(array $criteria, array $orderBy = null)
+    {
+        if (!empty($criteria['id'])) {
+            // cast client id to be an integer to avoid postgres error:
+            // "invalid input syntax for integer"
+            $criteria['id'] = (int) $criteria['id'];
+        }
+
+        return parent::findOneBy($criteria, $orderBy);
+    }
+}
diff --git a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
index f58d1c12..e1a0ac7e 100644
--- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
+++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
@@ -56,6 +56,20 @@ class DeveloperControllerTest extends WallabagCoreTestCase
         $this->assertArrayHasKey('refresh_token', $data);
     }
 
+    public function testCreateTokenWithBadClientId()
+    {
+        $client = $this->getClient();
+        $client->request('POST', '/oauth/v2/token', [
+            'grant_type' => 'password',
+            'client_id' => '$WALLABAG_CLIENT_ID',
+            'client_secret' => 'secret',
+            'username' => 'admin',
+            'password' => 'mypassword',
+        ]);
+
+        $this->assertSame(400, $client->getResponse()->getStatusCode());
+    }
+
     public function testListingClient()
     {
         $this->logInAs('admin');
-- 
2.41.0