fernando/luos
1
0
Fork 0
Code Releases Activity

Merged in feature/HOR-4508 (pull request #6649)

Browse Source 
HOR-4508

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
This commit is contained in:
Paula Quispe
2018-11-12 17:42:09 +00:00
committed by Julio Cesar Laura Avendaño
parent 27a71416c7 54225f9df7
commit 9b3d936e65
28 changed files with 831 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php
View File

@@ -1,28 +1,29 @@
<?php
namespace ProcessMaker\BusinessModel\Cases;
use ProcessMaker\Plugins\PluginRegistry;
use AppDocument;
use AppDocumentPeer;
use Exception;
use Criteria;
use ResultSet;
use G;
use ObjectPermissionPeer;
use StepPeer;
use StepSupervisorPeer;
use AppDelegation;
use AppDelegationPeer;
use Users;
use Configurations;
use Bootstrap;
use WsBase;
use ApplicationPeer;
use ProcessMaker\BusinessModel\ProcessSupervisor;
use ProcessMaker\BusinessModel\Cases AS BusinessModelCases;
use Cases;
use ProcessUserPeer;
use AppDocument;
use AppDocumentPeer;
use AppFolder;
use ApplicationPeer;
use Bootstrap;
use Cases;
use Configurations;
use Criteria;
use Exception;
use G;
use ObjectPermissionPeer;
use ProcessMaker\BusinessModel\Cases AS BusinessModelCases;
use ProcessMaker\BusinessModel\ProcessSupervisor;
use ProcessMaker\Plugins\PluginRegistry;
use ProcessMaker\Validation\ValidationUploadedFiles;
use ProcessUserPeer;
use ResultSet;
use StepPeer;
use StepSupervisorPeer;
use Users;
use WsBase;
class InputDocument
@@ -936,6 +937,12 @@ class InputDocument
*/
public function uploadFileCase($files, $caseInstance, $aData, $userUid, $appUid, $delIndex)
{
ValidationUploadedFiles::getValidationUploadedFiles()->dispach(function($validator) {
G::SendMessageText($validator->getMessage(), "ERROR");
$url = explode("sys" . config("system.workspace"), $_SERVER['HTTP_REFERER']);
G::header("location: " . "/sys" . config("system.workspace") . $url[1]);
die();
});
$arrayField = array();
$arrayFileName = array();
$arrayFileTmpName = array();
@@ -1034,16 +1041,6 @@ class InputDocument
$aFields = array("APP_UID" => $appUid, "DEL_INDEX" => $delIndex, "USR_UID" => $userUid, "DOC_UID" => -1, "APP_DOC_TYPE" => "ATTACHED", "APP_DOC_CREATE_DATE" => date("Y-m-d H:i:s"), "APP_DOC_COMMENT" => "", "APP_DOC_TITLE" => "", "APP_DOC_FILENAME" => $arrayFileName[$i], "APP_DOC_FIELDNAME" => $fieldName);
}
$sExtension = pathinfo($aFields["APP_DOC_FILENAME"]);
if (Bootstrap::getDisablePhpUploadExecution() === 1 && $sExtension["extension"] === 'php') {
$message = G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, 'processmaker.log');
G::SendMessageText($message, "ERROR");
$backUrlObj = explode("sys" . config("system.workspace"), $_SERVER['HTTP_REFERER']);
G::header("location: " . "/sys" . config("system.workspace") . $backUrlObj[1]);
die();
}
$oAppDocument = new AppDocument();
$oAppDocument->create($aFields);

5
workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php
View File

@@ -196,11 +196,6 @@ class FilesManager
if ($extention == '.exe') {
throw new \Exception(\G::LoadTranslation('ID_FILE_UPLOAD_INCORRECT_EXTENSION'));
}
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extention === '.php' && !$isImport) {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $aData['prf_filename']);
throw new \Exception($message);
}
break;
default:
$sDirectory = PATH_DATA_MAILTEMPLATES . $sProcessUID . PATH_SEP . $sSubDirectory . $aData['prf_filename'];

66
workflow/engine/src/ProcessMaker/BusinessModel/Light.php
View File

@@ -32,6 +32,8 @@ use ProcessMaker\Core\RoutingScreen;
use ProcessMaker\Core\System;
use ProcessMaker\Services\Api\Project\Activity\Step as ActivityStep;
use ProcessMaker\Util\DateTime;
use ProcessMaker\Validation\ExceptionRestApi;
use ProcessMaker\Validation\Validator;
use ProcessPeer;
use Propel;
use RBAC;
@@ -995,16 +997,6 @@ class Light
$confEnvSetting = $config->getFormats();
$user = new Users();
foreach ($requestData as $k => $file) {
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
if (Bootstrap::getDisablePhpUploadExecution() === 1 && $ext === 'php') {
$message = G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $file['name']);
$response[$k]['error'] = array(
"code" => "400",
"message" => $message
);
continue;
}
$cases = new Cases();
$delIndex = $cases->getCurrentDelegation($appUid, $userUid);
$docUid = !empty($file['docUid']) ? $file['docUid'] : -1;
@@ -1071,7 +1063,7 @@ class Light
*
* @throws Exception
*/
public function documentUploadFiles($userUid, $app_uid, $app_doc_uid, $request_data)
public function documentUploadFiles($userUid, $app_uid, $app_doc_uid)
{
$response = array("status" => "fail");
if (isset($_FILES["form"]["name"]) && count($_FILES["form"]["name"]) > 0) {
@@ -1107,6 +1099,58 @@ class Light
}
}
if (count($arrayField) > 0) {
//rule validation
$appDocument = new AppDocument();
$appDocument->load($app_doc_uid);
$inputDocument = new InputDocument();
$ifInputExist = $inputDocument->InputExists($appDocument->getDocUid());
if ($ifInputExist) {
$inputProperties = $inputDocument->load($appDocument->getDocUid());
$inpDocTypeFile = $inputProperties['INP_DOC_TYPE_FILE'];
$inpDocMaxFilesize = (int) $inputProperties["INP_DOC_MAX_FILESIZE"];
$inpDocMaxFilesizeUnit = $inputProperties["INP_DOC_MAX_FILESIZE_UNIT"];
}
for ($i = 0; $ifInputExist && $i < count($arrayField); $i++) {
$file = [
'filename' => $arrayFileName[$i],
'path' => $arrayFileTmpName[$i]
];
$validator = new Validator();
//rule: extension
$validator->addRule()
->validate($file, function($file) use($inpDocTypeFile) {
$result = G::verifyInputDocExtension($inpDocTypeFile, $file->filename, $file->path);
return $result->status === false;
})
->status(415)
->message(G::LoadTranslation('ID_UPLOAD_INVALID_DOC_TYPE_FILE', [$inpDocTypeFile]))
->log(function($rule) {
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename);
});
//rule: maximum file size
$validator->addRule()
->validate($file, function($file) use($inpDocMaxFilesize, $inpDocMaxFilesizeUnit) {
if ($inpDocMaxFilesize > 0) {
$totalMaxFileSize = $inpDocMaxFilesize * ($inpDocMaxFilesizeUnit == "MB" ? 1024 * 1024 : 1024);
$fileSize = filesize($file->path);
if ($fileSize > $totalMaxFileSize) {
return true;
}
}
return false;
})
->status(413)
->message(G::LoadTranslation("ID_UPLOAD_INVALID_DOC_MAX_FILESIZE", [$inpDocMaxFilesize . $inpDocMaxFilesizeUnit]))
->log(function($rule) {
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename);
});
$validator->validate();
if ($validator->fails()) {
throw new ExceptionRestApi($validator->getMessage(), $validator->getStatus());
}
}
for ($i = 0; $i <= count($arrayField) - 1; $i++) {
if ($arrayFileError[$i] == 0) {
$indocUid = null;

5
workflow/engine/src/ProcessMaker/Core/System.php
View File

@@ -66,7 +66,10 @@ class System
'logging_level' => 'INFO',
'smtp_timeout' => 20,
'google_map_api_key' => '',
'google_map_signature' => ''
'google_map_signature' => '',
'logging_level' => 'INFO',
'upload_attempts_limit_per_user' => '60,1',
'files_white_list' => ''
);
/**

11
workflow/engine/src/ProcessMaker/Services/Api/Light.php
View File

@@ -23,6 +23,7 @@ use ProcessMaker\Project\Adapter;
use ProcessMaker\Services\Api;
use ProcessMaker\Services\Api\Project\Activity\Step;
use ProcessMaker\Util\DateTime;
use ProcessMaker\Validation\ExceptionRestApi;
use RBAC;
use stdclass;
use StepPeer;
@@ -1466,10 +1467,11 @@ class Light extends Api
$userUid = $this->getUserId();
$oMobile = new BusinessModelLight();
$filesUids = $oMobile->postUidUploadFiles($userUid, $app_uid, $request_data);
} catch (ExceptionRestApi $e) {
throw new RestException($e->getCode(), $e->getMessage());
} catch (Exception $e) {
throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()));
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
}
return $filesUids;
}
@@ -1500,11 +1502,12 @@ class Light extends Api
try {
$userUid = $this->getUserId();
$oMobile = new BusinessModelLight();
$response = $oMobile->documentUploadFiles($userUid, $app_uid, $app_doc_uid, $request_data);
$response = $oMobile->documentUploadFiles($userUid, $app_uid, $app_doc_uid);
} catch (ExceptionRestApi $e) {
throw new RestException($e->getCode(), $e->getMessage());
} catch (Exception $e) {
throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()));
}
return $response;
}

19
workflow/engine/src/ProcessMaker/Services/Api/Project/FilesManager.php
View File

@@ -1,8 +1,11 @@
<?php
namespace ProcessMaker\Services\Api\Project;
use \ProcessMaker\Services\Api;
use \Luracast\Restler\RestException;
use Exception;
use Luracast\Restler\RestException;
use ProcessMaker\BusinessModel\FilesManager as FilesManagerBusinessModel;
use ProcessMaker\Services\Api;
use ProcessMaker\Validation\ExceptionRestApi;
/**
* Project\ProjectUsers Api Controller
@@ -57,11 +60,13 @@ class FilesManager extends Api
$userUid = $this->getUserId();
$request_data = (array)($request_data);
$request_data = array_merge(array('prf_content' => $prf_content ), $request_data);
$filesManager = new \ProcessMaker\BusinessModel\FilesManager();
$filesManager = new FilesManagerBusinessModel();
$arrayData = $filesManager->addProcessFilesManager($prj_uid, $userUid, $request_data);
//Response
$response = $arrayData;
} catch (\Exception $e) {
} catch (ExceptionRestApi $e) {
throw new RestException($e->getCode(), $e->getMessage());
} catch (Exception $e) {
//response
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
}
@@ -85,11 +90,13 @@ class FilesManager extends Api
public function doPostProcessFilesManagerUpload($prj_uid, $prf_uid)
{
try {
$filesManager = new \ProcessMaker\BusinessModel\FilesManager();
$filesManager = new FilesManagerBusinessModel();
$sData = $filesManager->uploadProcessFilesManager($prj_uid, $prf_uid);
//Response
$response = $sData;
} catch (\Exception $e) {
} catch (ExceptionRestApi $e) {
throw new RestException($e->getCode(), $e->getMessage());
} catch (Exception $e) {
//response
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
}

10
workflow/engine/src/ProcessMaker/Validation/ExceptionRestApi.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
namespace ProcessMaker\Validation;
use Exception;
class ExceptionRestApi extends Exception
{
}

137
workflow/engine/src/ProcessMaker/Validation/Rule.php Normal file
View File

@@ -0,0 +1,137 @@
<?php
namespace ProcessMaker\Validation;
/**
* It contains a validation rule defined by the Closure function that must
* return a boolean value, true if it has failed, and false if it has passed the
* validation rule.
*/
class Rule
{
/**
* Validation data defined by value and field.
* @var object
*/
private $data = null;
/**
* Validation rule.
* @var Closure
*/
private $callback = null;
/**
* Help to register when the rule is not met.
* @var Closure
*/
private $callbackLog = null;
/**
* Return message in case the rule is not met.
* @var string
*/
private $message = "";
/**
* Response status code.
* @var int
*/
private $status = 0;
/**
* Obtain validation data composed of field and value.
* @return object
*/
function getData()
{
return $this->data;
}
/**
* Get the Closure function.
* @return Closure
*/
function getCallback()
{
return $this->callback;
}
/**
* Gets the Closure function that applies the validation rule.
* @return Closure
*/
function getCallbackLog()
{
return $this->callbackLog;
}
/**
* Get the message to be saved in the log if the rule is not fulfilled.
* @return string
*/
function getMessage()
{
return $this->message;
}
/**
* Get status code.
* @return int
*/
function getStatus()
{
return $this->status;
}
/**
* Registers the data and the Closure function that contains the validation
* rule.
* @param array $data
* @param Closure $callback
* @return Rule
*/
public function validate($data, $callback = null)
{
$this->data = (object) $data;
if (is_callable($callback)) {
$this->callback = $callback;
}
return $this;
}
/**
* Registers the customized message in case the validation rule is not met.
* @param string $message
* @return Rule
*/
public function message($message = "")
{
$this->message = $message;
return $this;
}
/**
* Set status code.
* @param int $status
* @return $this
*/
function status($status = 0)
{
$this->status = $status;
return $this;
}
/**
* Registers the Closure function in case the validation rule is not met.
* @param Closure $callback
* @return Rule
*/
public function log($callback = null)
{
if (is_callable($callback)) {
$this->callbackLog = $callback;
}
return $this;
}
}

241
workflow/engine/src/ProcessMaker/Validation/ValidationUploadedFiles.php Normal file
View File

@@ -0,0 +1,241 @@
<?php
namespace ProcessMaker\Validation;
use Bootstrap;
use G;
use Illuminate\Filesystem\Filesystem;
use Illuminate\Support\Facades\Cache;
use ProcessMaker\Core\System;
use ProcessMaker\Services\OAuth2\Server;
use Symfony\Component\HttpFoundation\File\File;
class ValidationUploadedFiles
{
/**
* Single object instance to be used in the entire environment.
*
* @var object
*/
private static $validationUploadedFiles = null;
/**
* List of evaluated items that have not passed the validation rules.
*
* @var array
*/
private $fails = [];
/**
* Check if the loaded files comply with the validation rules, add here if you
* want more validation rules.
* Accept per argument an array or object that contains a "filename" and "path" values.
* The rules are verified in the order in which they have been added.
*
* @param array|object $file
* @return Validator
*/
public function runRules($file)
{
$validator = new Validator();
//rule: disable_php_upload_execution
$validator->addRule()
->validate($file, function($file) {
$filesystem = new Filesystem();
$extension = $filesystem->extension($file->filename);
return Bootstrap::getDisablePhpUploadExecution() === 1 && $extension === 'php';
})
->status(550)
->message(G::LoadTranslation('ID_THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED'))
->log(function($rule) {
/**
* Levels supported by MonologProvider is:
* 100 "DEBUG"
* 200 "INFO"
* 250 "NOTICE"
* 300 "WARNING"
* 400 "ERROR"
* 500 "CRITICAL"
* 550 "ALERT"
* 600 "EMERGENCY"
*/
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $rule->getMessage(), $rule->getData()->filename);
});
//rule: upload_attempts_limit_per_user
$validator->addRule()
->validate($file, function($file) {
$systemConfiguration = System::getSystemConfiguration('', '', config("system.workspace"));
$filesWhiteList = explode(',', $systemConfiguration['upload_attempts_limit_per_user']);
$userId = Server::getUserId();
$key = config("system.workspace") . '/' . $userId;
$attemps = (int) trim($filesWhiteList[0]);
$minutes = (int) trim($filesWhiteList[1]);
$pastAttemps = Cache::remember($key, $minutes, function() {
return 1;
});
//We only increase when the file path exists, useful when pre-validation is done.
if (isset($file->path)) {
Cache::increment($key, 1);
}
if ($pastAttemps <= $attemps) {
return false;
}
return true;
})
->status(429)
->message(G::LoadTranslation('ID_TOO_MANY_REQUESTS'))
->log(function($rule) {
/**
* Levels supported by MonologProvider is:
* 100 "DEBUG"
* 200 "INFO"
* 250 "NOTICE"
* 300 "WARNING"
* 400 "ERROR"
* 500 "CRITICAL"
* 550 "ALERT"
* 600 "EMERGENCY"
*/
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename);
});
//rule: mimeType
$validator->addRule()
->validate($file, function($file) {
$path = isset($file->path) ? $file->path : "";
$filesystem = new Filesystem();
if (!$filesystem->exists($path)) {
return false;
}
$extension = $filesystem->extension($file->filename);
$mimeType = $filesystem->mimeType($path);
$file = new File($path);
$guessExtension = $file->guessExtension();
$mimeTypeFile = $file->getMimeType();
//mimeType known
if ($extension === $guessExtension && $mimeType === $mimeTypeFile) {
return false;
}
//mimeType custom
$customMimeTypes = config("customMimeTypes");
$customMimeType = isset($customMimeTypes[$extension]) ? $customMimeTypes[$extension] : null;
if (is_string($customMimeType)) {
if ($customMimeType === $mimeType) {
return false;
}
}
if (is_array($customMimeType)) {
foreach ($customMimeType as $value) {
if ($value === $mimeType) {
return false;
}
}
}
//files_white_list
$systemConfiguration = System::getSystemConfiguration('', '', config("system.workspace"));
$filesWhiteList = explode(',', $systemConfiguration['files_white_list']);
if (in_array($extension, $filesWhiteList)) {
return false;
}
return true;
})
->status(415)
->message(G::LoadTranslation('ID_THE_MIMETYPE_EXTENSION_ERROR'))
->log(function($rule) {
/**
* Levels supported by MonologProvider is:
* 100 "DEBUG"
* 200 "INFO"
* 250 "NOTICE"
* 300 "WARNING"
* 400 "ERROR"
* 500 "CRITICAL"
* 550 "ALERT"
* 600 "EMERGENCY"
*/
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename);
});
return $validator->validate();
}
/**
* File upload validation.
*
* @return $this
*/
public function runRulesToAllUploadedFiles()
{
$files = $_FILES;
if (!is_array($files)) {
return;
}
$this->fails = [];
foreach ($files as $file) {
$data = (object) $file;
if (!is_array($data->name) || !is_array($data->tmp_name)) {
$data->name = [$data->name];
$data->tmp_name = [$data->tmp_name];
}
foreach ($data->name as $key => $value) {
if (empty($value)) {
continue;
}
if (is_array($value)) {
foreach ($value as $rowKey => $rowValue) {
foreach ($rowValue as $cellKey => $cellValue) {
if (empty($cellValue)) {
continue;
}
$validator = $this->runRules(['filename' => $cellValue, 'path' => $data->tmp_name[$key][$rowKey][$cellKey]]);
if ($validator->fails()) {
$this->fails[] = $validator;
}
}
}
continue;
}
$validator = $this->runRules(['filename' => $value, 'path' => $data->tmp_name[$key]]);
if ($validator->fails()) {
$this->fails[] = $validator;
}
}
}
return $this;
}
/**
* Get the first error and call the argument function.
*
* @param function $callback
* @return $this
*/
public function dispach($callback)
{
if (!empty($this->fails[0])) {
if (!empty($callback) && is_callable($callback)) {
$callback($this->fails[0], $this->fails);
}
}
return $this;
}
/**
* It obtains a single object to be used as a record of the whole environment.
*
* @return object
*/
public static function getValidationUploadedFiles()
{
if (self::$validationUploadedFiles === null) {
self::$validationUploadedFiles = new ValidationUploadedFiles();
}
return self::$validationUploadedFiles;
}
}

138
workflow/engine/src/ProcessMaker/Validation/Validator.php Normal file
View File

@@ -0,0 +1,138 @@
<?php
namespace ProcessMaker\Validation;
use ProcessMaker\Validation\Rule;
/**
* Performs the validation process based on a list of validation rules.
*/
class Validator
{
/**
* List of instances of the class 'Rule'.
* @var array
*/
private $rules = [];
/**
* Error message in the current validation rule.
* @var string
*/
private $message = "";
/**
* Response status code.
* @var int
*/
private $status = 0;
/**
* Current status of the validation, true if the validation has not been overcome.
* @var boolean
*/
private $fails = false;
/**
* Call after the validation process.
* @var Closure
*/
private $callback = null;
/**
* Get the message of the current validation if there was a failure.
* @return string
*/
function getMessage()
{
return $this->message;
}
/**
* Get status code.
* @return int
*/
function getStatus()
{
return $this->status;
}
/**
* Get the Closure function.
* @return Closure
*/
function getCallback()
{
return $this->callback;
}
/**
* Add a validation rule.
* The rules are verified in the order in which they have been added.
*
* @param Rule $rule
* @return Rule
*/
public function addRule($rule = null)
{
if (!$rule instanceof Rule) {
$rule = new Rule();
}
$this->rules[] = $rule;
return $rule;
}
/**
* Process all added validation rules.
* @return Validator
*/
public function validate()
{
$this->message = "";
$this->status = 0;
$this->fails = false;
foreach ($this->rules as $rule) {
$callback = $rule->getCallback();
if (is_callable($callback)) {
if ($callback($rule->getData())) {
$this->message = $rule->getMessage();
$this->status = $rule->getStatus();
$this->fails = true;
$getCallbackLog = $rule->getCallbackLog();
if (is_callable($getCallbackLog)) {
$getCallbackLog($rule);
}
break;
}
}
}
$callbackAfter = $this->getCallback();
if (is_callable($callbackAfter)) {
$callbackAfter($this);
}
return $this;
}
/**
* Get the current status of the validation, the value is true if there was a
* failure and false if all the validation rules have been passed.
* @return boolean
*/
public function fails()
{
return $this->fails;
}
/**
* The Closure function is called when the validation process is finished.
* @param Closure $callback
* @return Validator
*/
public function after($callback)
{
if (is_callable($callback)) {
$this->callback = $callback;
}
return $this;
}
}