Cast client id to avoid PG error

If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer.
author: Jeremy Benoist <jeremy.benoist@gmail.com> 2019-01-09 23:29:30 +0100
committer: Jeremy Benoist <jeremy.benoist@gmail.com> 2019-01-09 23:31:14 +0100
commit: 3a2d4cf9fda87760c86320a7f8a5041d1d4256c6 (patch)
tree: e21e28b440f9318cd3fbb91043e40e0d725bbc5c
parent: 4d0c632c70ea50d459c3c55ddda2e0f394dd51cb (diff)
download: wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.tar.gz
wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.tar.zst
wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.zip
3 files changed, 34 insertions, 1 deletions
diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php
index e6f98f98..78349820 100644
--- a/src/Wallabag/ApiBundle/Entity/Client.php
+++ b/src/Wallabag/ApiBundle/Entity/Client.php
@@ -11,7 +11,7 @@ use Wallabag\UserBundle\Entity\User;
 /**
 * @ORM\Table("oauth2_clients")
- * @ORM\Entity
+ * @ORM\Entity(repositoryClass="Wallabag\ApiBundle\Repository\ClientRepository")
 */
 class Client extends BaseClient
 {
diff --git a/src/Wallabag/ApiBundle/Repository/ClientRepository.php b/src/Wallabag/ApiBundle/Repository/ClientRepository.php
new file mode 100644
index 00000000..fc14262e
--- /dev/null
+++ b/src/Wallabag/ApiBundle/Repository/ClientRepository.php
@@ -0,0 +1,19 @@
+<?php
+namespace Wallabag\ApiBundle\Repository;
+use Doctrine\ORM\EntityRepository;
+class ClientRepository extends EntityRepository
+{
+    public function findOneBy(array $criteria, array $orderBy = null)
+    {
+        if (!empty($criteria['id'])) {
+            // cast client id to be an integer to avoid postgres error:
+            // "invalid input syntax for integer"
+            $criteria['id'] = (int) $criteria['id'];
+        }
+        return parent::findOneBy($criteria, $orderBy);
+    }
+}
diff --git a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
index f58d1c12..e1a0ac7e 100644
--- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
+++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
@@ -56,6 +56,20 @@ class DeveloperControllerTest extends WallabagCoreTestCase
        $this->assertArrayHasKey('refresh_token', $data);
    }
+    public function testCreateTokenWithBadClientId()
+    {
+        $client = $this->getClient();
+        $client->request('POST', '/oauth/v2/token', [
+            'grant_type' => 'password',
+            'client_id' => '$WALLABAG_CLIENT_ID',
+            'client_secret' => 'secret',
+            'username' => 'admin',
+            'password' => 'mypassword',
+        ]);
+        $this->assertSame(400, $client->getResponse()->getStatusCode());
+    }
    public function testListingClient()
    {
        $this->logInAs('admin');
author	Jeremy Benoist <jeremy.benoist@gmail.com>	2019-01-09 23:29:30 +0100
committer	Jeremy Benoist <jeremy.benoist@gmail.com>	2019-01-09 23:31:14 +0100
commit	3a2d4cf9fda87760c86320a7f8a5041d1d4256c6 (patch)
tree	e21e28b440f9318cd3fbb91043e40e0d725bbc5c
parent	4d0c632c70ea50d459c3c55ddda2e0f394dd51cb (diff)
download	wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.tar.gz wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.tar.zst wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.zip

diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php index e6f98f98..78349820 100644 --- a/src/Wallabag/ApiBundle/Entity/Client.php +++ b/src/Wallabag/ApiBundle/Entity/Client.php
@@ -11,7 +11,7 @@ use Wallabag\UserBundle\Entity\User;
11		11
12	/**	12	/**
13	* @ORM\Table("oauth2_clients")	13	* @ORM\Table("oauth2_clients")
14	* @ORM\Entity	14	* @ORM\Entity(repositoryClass="Wallabag\ApiBundle\Repository\ClientRepository")
15	*/	15	*/
16	class Client extends BaseClient	16	class Client extends BaseClient
17	{	17	{


diff --git a/src/Wallabag/ApiBundle/Repository/ClientRepository.php b/src/Wallabag/ApiBundle/Repository/ClientRepository.php new file mode 100644 index 00000000..fc14262e --- /dev/null +++ b/src/Wallabag/ApiBundle/Repository/ClientRepository.php
@@ -0,0 +1,19 @@
		1	<?php
		2
		3	namespace Wallabag\ApiBundle\Repository;
		4
		5	use Doctrine\ORM\EntityRepository;
		6
		7	class ClientRepository extends EntityRepository
		8	{
		9	public function findOneBy(array $criteria, array $orderBy = null)
		10	{
		11	if (!empty($criteria['id'])) {
		12	// cast client id to be an integer to avoid postgres error:
		13	// "invalid input syntax for integer"
		14	$criteria['id'] = (int) $criteria['id'];
		15	}
		16
		17	return parent::findOneBy($criteria, $orderBy);
		18	}
		19	}


diff --git a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php index f58d1c12..e1a0ac7e 100644 --- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
@@ -56,6 +56,20 @@ class DeveloperControllerTest extends WallabagCoreTestCase
56	$this->assertArrayHasKey('refresh_token', $data);	56	$this->assertArrayHasKey('refresh_token', $data);
57	}	57	}
58		58
		59	public function testCreateTokenWithBadClientId()
		60	{
		61	$client = $this->getClient();
		62	$client->request('POST', '/oauth/v2/token', [
		63	'grant_type' => 'password',
		64	'client_id' => '$WALLABAG_CLIENT_ID',
		65	'client_secret' => 'secret',
		66	'username' => 'admin',
		67	'password' => 'mypassword',
		68	]);
		69
		70	$this->assertSame(400, $client->getResponse()->getStatusCode());
		71	}
		72
59	public function testListingClient()	73	public function testListingClient()
60	{	74	{
61	$this->logInAs('admin');	75	$this->logInAs('admin');