Cast client id to avoid PG error

If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer.
This commit is contained in:
Jeremy Benoist 2019-01-09 23:29:30 +01:00
parent 4d0c632c70
commit 3a2d4cf9fd
No known key found for this signature in database
GPG key ID: BCA73962457ACC3C
3 changed files with 34 additions and 1 deletions

View file

@ -11,7 +11,7 @@ use Wallabag\UserBundle\Entity\User;
/**
* @ORM\Table("oauth2_clients")
* @ORM\Entity
* @ORM\Entity(repositoryClass="Wallabag\ApiBundle\Repository\ClientRepository")
*/
class Client extends BaseClient
{

View file

@ -0,0 +1,19 @@
<?php
namespace Wallabag\ApiBundle\Repository;
use Doctrine\ORM\EntityRepository;
class ClientRepository extends EntityRepository
{
public function findOneBy(array $criteria, array $orderBy = null)
{
if (!empty($criteria['id'])) {
// cast client id to be an integer to avoid postgres error:
// "invalid input syntax for integer"
$criteria['id'] = (int) $criteria['id'];
}
return parent::findOneBy($criteria, $orderBy);
}
}

View file

@ -56,6 +56,20 @@ class DeveloperControllerTest extends WallabagCoreTestCase
$this->assertArrayHasKey('refresh_token', $data);
}
public function testCreateTokenWithBadClientId()
{
$client = $this->getClient();
$client->request('POST', '/oauth/v2/token', [
'grant_type' => 'password',
'client_id' => '$WALLABAG_CLIENT_ID',
'client_secret' => 'secret',
'username' => 'admin',
'password' => 'mypassword',
]);
$this->assertSame(400, $client->getResponse()->getStatusCode());
}
public function testListingClient()
{
$this->logInAs('admin');