Merge branch 'publicApi'

2025-10-30 23:36:34 +08:00 · 2016-12-23 13:56:45 +01:00 · 2016-12-23 13:56:45 +01:00 · 86c301076a
commit 86c301076a
parent 1003f082fd d589bbda61
4 changed files with 35 additions and 1 deletions
--- a/controller/credentialcontroller.php
+++ b/controller/credentialcontroller.php
@ -52,6 +52,7 @@ class CredentialController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function createCredential($changed, $created,
 									 $credential_id, $custom_fields, $delete_time,
@ -95,6 +96,7 @@ class CredentialController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getCredential($credential_guid) {
 		return new JSONResponse($this->credentialService->getCredentialByGUID($credential_guid, $this->userId));
@ -102,6 +104,7 @@ class CredentialController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function updateCredential($changed, $created,
 									 $credential_id, $custom_fields, $delete_time, $credential_guid,
@ -234,6 +237,7 @@ class CredentialController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function deleteCredential($credential_guid) {
 		$credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId);
@ -252,6 +256,7 @@ class CredentialController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getRevision($credential_guid) {
 	    try {
@ -280,6 +285,7 @@ class CredentialController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function deleteRevision($credential_id, $revision_id) {
 		$result = $this->credentialRevisionService->deleteRevision($revision_id, $this->userId);
@ -288,6 +294,7 @@ class CredentialController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function updateRevision($credential_guid, $revision_id, $credential_data){
 		$revision = null;
--- a/controller/filecontroller.php
+++ b/controller/filecontroller.php
@ -32,6 +32,7 @@ class FileController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function uploadFile($data, $filename, $mimetype, $size) {
 		$file = array(
@ -45,12 +46,14 @@ class FileController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getFile($file_id) {
 		return new JSONResponse($this->fileService->getFile($file_id, $this->userId));
 	}
 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function deleteFile($file_id) {
 		return new JSONResponse($this->fileService->deleteFile($file_id, $this->userId));
--- a/controller/sharecontroller.php
+++ b/controller/sharecontroller.php
@ -84,6 +84,7 @@ class ShareController extends ApiController {
 	 * @param $permissions
 	 * @param $expire_timestamp
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function createPublicShare($item_id, $item_guid, $permissions, $expire_timestamp, $expire_views) {

@ -120,6 +121,7 @@ class ShareController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function applyIntermediateShare($item_id, $item_guid, $vaults, $permissions) {
 		/**
@ -190,6 +192,7 @@ class ShareController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function searchUsers($search) {
 		$users = array();
@ -210,6 +213,7 @@ class ShareController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function unshareCredential($item_guid) {
 		$acl_list = $this->shareService->getCredentialAclList($item_guid);
@ -261,6 +265,7 @@ class ShareController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function search($search) {
 		$user_search = $this->searchUsers($search);
@ -270,6 +275,7 @@ class ShareController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getVaultsByUser($user_id) {
 		$user_vaults = $this->vaultService->getByUser($user_id);
@ -288,6 +294,7 @@ class ShareController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function savePendingRequest($item_guid, $target_vault_guid, $final_shared_key) {
 		try {
@ -320,6 +327,7 @@ class ShareController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getPendingRequests() {
 		try {
@ -341,6 +349,7 @@ class ShareController extends ApiController {
 	 * @param $item_guid
 	 * @return JSONResponse
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getRevisions($item_guid) {
 		try {
@ -354,6 +363,7 @@ class ShareController extends ApiController {
 	 * Obtains the list of credentials shared with this vault
 	 *
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getVaultItems($vault_guid) {
 		try {
@ -367,6 +377,7 @@ class ShareController extends ApiController {
 	 * @param $share_request_id
 	 * @return JSONResponse
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function deleteShareRequest($share_request_id) {
 		try {
@ -435,6 +446,7 @@ class ShareController extends ApiController {
 	 * @param $item_guid
 	 * @return JSONResponse
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function getItemAcl($item_guid) {
 		$acl = $this->shareService->getCredentialAclList($item_guid);
@ -484,6 +496,7 @@ class ShareController extends ApiController {
 	 * @param $permission
 	 * @return JSONResponse
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function updateSharedCredentialACL($item_guid, $user_id, $permission) {
 		try {
--- a/controller/vaultcontroller.php
+++ b/controller/vaultcontroller.php
@ -30,7 +30,12 @@ class VaultController extends ApiController {
 								$UserId,
 								VaultService $vaultService,
 								CredentialService $credentialService) {
-		parent::__construct($AppName, $request);
+		parent::__construct(
+			$AppName,
+			$request,
+			'GET, POST, DELETE, PUT, PATCH',
+			'Authorization, Content-Type, Accept',
+			86400);
 		$this->userId = $UserId;
 		$this->vaultService = $vaultService;
 		$this->credentialService = $credentialService;
@ -38,6 +43,7 @@ class VaultController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function listVaults() {
 		$result = array();
@ -64,6 +70,7 @@ class VaultController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function create($vault_name) {
 		$vault = $this->vaultService->createVault($vault_name, $this->userId);
@ -72,6 +79,7 @@ class VaultController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function get($vault_guid) {
 		//$vault_guid
@ -107,6 +115,7 @@ class VaultController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function update($vault_guid, $name, $vault_settings) {
 		$vault = $this->vaultService->getByGuid($vault_guid, $this->userId);
@ -121,6 +130,7 @@ class VaultController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function updateSharingKeys($vault_guid, $private_sharing_key, $public_sharing_key) {
 		$vault = null;
@ -136,6 +146,7 @@ class VaultController extends ApiController {

 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 */
 	public function delete($vault_id) {
 		return;