WIP
This commit is contained in:
Matthieu
@@ -59,10 +59,10 @@ final class CheckMissingCustomFieldValuesCommand extends Command
|
||||
|
||||
protected function execute(InputInterface $input, OutputInterface $output): int
|
||||
{
|
||||
$io = new SymfonyStyle($input, $output);
|
||||
$entityScope = (string) $input->getOption('entity');
|
||||
$limit = max(1, (int) $input->getOption('limit'));
|
||||
$maxRows = max(1, (int) $input->getOption('max-rows'));
|
||||
$io = new SymfonyStyle($input, $output);
|
||||
$entityScope = (string) $input->getOption('entity');
|
||||
$limit = max(1, (int) $input->getOption('limit'));
|
||||
$maxRows = max(1, (int) $input->getOption('max-rows'));
|
||||
$recoverableOnly = (bool) $input->getOption('recoverable-only');
|
||||
|
||||
if (!in_array($entityScope, ['all', 'piece', 'composant'], true)) {
|
||||
@@ -71,7 +71,7 @@ final class CheckMissingCustomFieldValuesCommand extends Command
|
||||
return Command::FAILURE;
|
||||
}
|
||||
|
||||
$rows = [];
|
||||
$rows = [];
|
||||
$counts = [
|
||||
'piece' => 0,
|
||||
'composant' => 0,
|
||||
@@ -202,7 +202,7 @@ final class CheckMissingCustomFieldValuesCommand extends Command
|
||||
}
|
||||
|
||||
$currentValue = $currentValuesByFieldId[$definition->getId()] ?? null;
|
||||
$issue = null;
|
||||
$issue = null;
|
||||
|
||||
if (!$currentValue instanceof CustomFieldValue) {
|
||||
$issue = 'missing';
|
||||
|
||||
@@ -21,13 +21,13 @@ use Symfony\Component\Console\Output\OutputInterface;
|
||||
use Symfony\Component\Console\Style\SymfonyStyle;
|
||||
|
||||
use function array_key_exists;
|
||||
use function count;
|
||||
use function is_array;
|
||||
use function is_string;
|
||||
use function ksort;
|
||||
use function preg_replace;
|
||||
use function sprintf;
|
||||
use function str_starts_with;
|
||||
use function strlen;
|
||||
use function strtolower;
|
||||
use function trim;
|
||||
|
||||
@@ -110,20 +110,20 @@ final class RestorePieceCustomFieldValuesCommand extends Command
|
||||
continue;
|
||||
}
|
||||
|
||||
$currentValue = $currentValuesByFieldId[$definition->getId()] ?? null;
|
||||
$currentValue = $currentValuesByFieldId[$definition->getId()] ?? null;
|
||||
$shouldRestore = null === $currentValue || '' === trim($currentValue->getValue());
|
||||
if (!$shouldRestore) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$candidate = $historicalValues[$normalizedName];
|
||||
$candidate = $historicalValues[$normalizedName];
|
||||
$plannedRows[] = [
|
||||
$definition->getName(),
|
||||
$candidate['value'],
|
||||
$candidate['sourceDate'],
|
||||
$currentValue ? 'update-empty' : 'create-missing',
|
||||
];
|
||||
$changesCount++;
|
||||
++$changesCount;
|
||||
|
||||
if (!$apply) {
|
||||
continue;
|
||||
@@ -186,7 +186,7 @@ final class RestorePieceCustomFieldValuesCommand extends Command
|
||||
continue;
|
||||
}
|
||||
|
||||
$rawName = trim(substr($field, \strlen('customField:')));
|
||||
$rawName = trim(substr($field, strlen('customField:')));
|
||||
$normalizedName = $this->normalizeFieldName($rawName);
|
||||
if ('' === $normalizedName || array_key_exists($normalizedName, $values)) {
|
||||
continue;
|
||||
@@ -198,9 +198,9 @@ final class RestorePieceCustomFieldValuesCommand extends Command
|
||||
}
|
||||
|
||||
$values[$normalizedName] = [
|
||||
'value' => $candidate,
|
||||
'sourceDate' => $log->getCreatedAt()->format('Y-m-d H:i:s'),
|
||||
'sourceField'=> $rawName,
|
||||
'value' => $candidate,
|
||||
'sourceDate' => $log->getCreatedAt()->format('Y-m-d H:i:s'),
|
||||
'sourceField' => $rawName,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -95,7 +95,7 @@ final class RestoreRecoverablePieceCustomFieldValuesCommand extends Command
|
||||
continue;
|
||||
}
|
||||
|
||||
$pieceCount++;
|
||||
++$pieceCount;
|
||||
$changesCount += count($pieceRows);
|
||||
$rows = [...$rows, ...$pieceRows];
|
||||
}
|
||||
@@ -169,8 +169,8 @@ final class RestoreRecoverablePieceCustomFieldValuesCommand extends Command
|
||||
continue;
|
||||
}
|
||||
|
||||
$currentValue = $currentValuesByFieldId[$definition->getId()] ?? null;
|
||||
$shouldRestore = null === $currentValue || '' === trim($currentValue->getValue());
|
||||
$currentValue = $currentValuesByFieldId[$definition->getId()] ?? null;
|
||||
$shouldRestore = null === $currentValue || '' === trim($currentValue->getValue());
|
||||
if (!$shouldRestore) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -68,6 +68,9 @@ final class AdminProfileController extends AbstractController
|
||||
}
|
||||
|
||||
if (null !== $password && '' !== $password) {
|
||||
if (mb_strlen($password) < 8) {
|
||||
return new JsonResponse(['message' => 'Le mot de passe doit contenir au moins 8 caractères.'], JsonResponse::HTTP_BAD_REQUEST);
|
||||
}
|
||||
$profile->setPassword(
|
||||
$this->passwordHasher->hashPassword($profile, $password)
|
||||
);
|
||||
@@ -131,6 +134,10 @@ final class AdminProfileController extends AbstractController
|
||||
return new JsonResponse(['message' => 'Le mot de passe est requis.'], JsonResponse::HTTP_BAD_REQUEST);
|
||||
}
|
||||
|
||||
if (mb_strlen($password) < 8) {
|
||||
return new JsonResponse(['message' => 'Le mot de passe doit contenir au moins 8 caractères.'], JsonResponse::HTTP_BAD_REQUEST);
|
||||
}
|
||||
|
||||
$profile->setPassword(
|
||||
$this->passwordHasher->hashPassword($profile, $password)
|
||||
);
|
||||
|
||||
@@ -91,12 +91,29 @@ final class CommentController extends AbstractController
|
||||
$this->entityManager->persist($comment);
|
||||
|
||||
// Handle file uploads
|
||||
$allowedMimeTypes = [
|
||||
'application/pdf',
|
||||
'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/bmp',
|
||||
'text/plain', 'text/csv',
|
||||
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
|
||||
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
||||
'application/msword', 'application/vnd.ms-excel',
|
||||
'application/zip',
|
||||
];
|
||||
|
||||
$files = $request->files->all('files');
|
||||
foreach ($files as $file) {
|
||||
if (!$file instanceof UploadedFile || !$file->isValid()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$detectedMime = $file->getMimeType() ?: 'application/octet-stream';
|
||||
if (!in_array($detectedMime, $allowedMimeTypes, true)) {
|
||||
return $this->json([
|
||||
'message' => sprintf('Type de fichier non autorisé : %s', $detectedMime),
|
||||
], 400);
|
||||
}
|
||||
|
||||
$document = new Document();
|
||||
$documentId = 'cl'.bin2hex(random_bytes(12));
|
||||
$document->setId($documentId);
|
||||
|
||||
@@ -8,6 +8,7 @@ use App\Repository\DocumentRepository;
|
||||
use App\Service\DocumentStorageService;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\HttpFoundation\BinaryFileResponse;
|
||||
use Symfony\Component\HttpFoundation\HeaderUtils;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
@@ -42,11 +43,15 @@ class DocumentServeController extends AbstractController
|
||||
return $this->json(['error' => 'Invalid document data.'], 500);
|
||||
}
|
||||
|
||||
$disposition = HeaderUtils::makeDisposition(ResponseHeaderBag::DISPOSITION_INLINE, $document->getFilename());
|
||||
|
||||
return new Response($content, 200, [
|
||||
'Content-Type' => $document->getMimeType(),
|
||||
'Content-Disposition' => ResponseHeaderBag::DISPOSITION_INLINE.'; filename="'.$document->getFilename().'"',
|
||||
'Content-Length' => (string) strlen($content),
|
||||
'Cache-Control' => 'private, max-age=3600',
|
||||
'Content-Type' => $document->getMimeType(),
|
||||
'Content-Disposition' => $disposition,
|
||||
'Content-Length' => (string) strlen($content),
|
||||
'Cache-Control' => 'private, max-age=3600',
|
||||
'X-Content-Type-Options' => 'nosniff',
|
||||
'Content-Security-Policy' => 'sandbox',
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -63,6 +68,8 @@ class DocumentServeController extends AbstractController
|
||||
$document->getFilename()
|
||||
);
|
||||
$response->headers->set('Cache-Control', 'private, max-age=3600');
|
||||
$response->headers->set('X-Content-Type-Options', 'nosniff');
|
||||
$response->headers->set('Content-Security-Policy', 'sandbox');
|
||||
|
||||
return $response;
|
||||
}
|
||||
@@ -86,9 +93,11 @@ class DocumentServeController extends AbstractController
|
||||
return $this->json(['error' => 'Invalid document data.'], 500);
|
||||
}
|
||||
|
||||
$disposition = HeaderUtils::makeDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $document->getFilename());
|
||||
|
||||
return new Response($content, 200, [
|
||||
'Content-Type' => 'application/octet-stream',
|
||||
'Content-Disposition' => ResponseHeaderBag::DISPOSITION_ATTACHMENT.'; filename="'.$document->getFilename().'"',
|
||||
'Content-Disposition' => $disposition,
|
||||
'Content-Length' => (string) strlen($content),
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -5,10 +5,12 @@ declare(strict_types=1);
|
||||
namespace App\Controller;
|
||||
|
||||
use App\Repository\ProfileRepository;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
use Symfony\Component\HttpFoundation\JsonResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||
use Symfony\Component\RateLimiter\RateLimiterFactory;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
|
||||
final class SessionProfileController
|
||||
@@ -16,6 +18,8 @@ final class SessionProfileController
|
||||
public function __construct(
|
||||
private readonly ProfileRepository $profiles,
|
||||
private readonly UserPasswordHasherInterface $passwordHasher,
|
||||
#[Autowire(service: 'limiter.login')]
|
||||
private readonly RateLimiterFactory $loginLimiter,
|
||||
) {}
|
||||
|
||||
#[Route('/api/session/profile', name: 'api_session_profile_get', methods: ['GET'])]
|
||||
@@ -56,6 +60,11 @@ final class SessionProfileController
|
||||
return new JsonResponse(['message' => 'Session indisponible.'], JsonResponse::HTTP_INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
|
||||
$limiter = $this->loginLimiter->create($request->getClientIp());
|
||||
if (!$limiter->consume()->isAccepted()) {
|
||||
return new JsonResponse(['message' => 'Trop de tentatives. Réessayez dans une minute.'], JsonResponse::HTTP_TOO_MANY_REQUESTS);
|
||||
}
|
||||
|
||||
$payload = $request->toArray();
|
||||
$profileId = $payload['profileId'] ?? null;
|
||||
|
||||
@@ -64,24 +73,24 @@ final class SessionProfileController
|
||||
}
|
||||
|
||||
$profile = $this->profiles->find($profileId);
|
||||
if (!$profile || !$profile->isActive()) {
|
||||
return new JsonResponse(['message' => 'Profil introuvable ou inactif.'], JsonResponse::HTTP_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$password = $payload['password'] ?? '';
|
||||
if ('' === $password) {
|
||||
return new JsonResponse(['message' => 'Mot de passe requis.'], JsonResponse::HTTP_BAD_REQUEST);
|
||||
}
|
||||
|
||||
$loginFailed = new JsonResponse(['message' => 'Identifiants invalides.'], JsonResponse::HTTP_UNAUTHORIZED);
|
||||
|
||||
if (!$profile || !$profile->isActive()) {
|
||||
return $loginFailed;
|
||||
}
|
||||
|
||||
if (!$profile->getPassword()) {
|
||||
return new JsonResponse(
|
||||
['message' => 'Ce profil n\'a pas de mot de passe. Contactez un administrateur.'],
|
||||
JsonResponse::HTTP_FORBIDDEN,
|
||||
);
|
||||
return $loginFailed;
|
||||
}
|
||||
|
||||
if (!$this->passwordHasher->isPasswordValid($profile, $password)) {
|
||||
return new JsonResponse(['message' => 'Mot de passe incorrect.'], JsonResponse::HTTP_UNAUTHORIZED);
|
||||
return $loginFailed;
|
||||
}
|
||||
|
||||
$session->migrate(true);
|
||||
|
||||
@@ -27,10 +27,9 @@ final class SessionProfilesController
|
||||
|
||||
return new JsonResponse(array_map(static function ($profile): array {
|
||||
return [
|
||||
'id' => $profile->getId(),
|
||||
'firstName' => $profile->getFirstName(),
|
||||
'lastName' => $profile->getLastName(),
|
||||
'hasPassword' => null !== $profile->getPassword() && '' !== $profile->getPassword(),
|
||||
'id' => $profile->getId(),
|
||||
'firstName' => $profile->getFirstName(),
|
||||
'lastName' => $profile->getLastName(),
|
||||
];
|
||||
}, $items));
|
||||
}
|
||||
|
||||
@@ -167,7 +167,7 @@ class Profile implements UserInterface, PasswordAuthenticatedUserInterface
|
||||
*/
|
||||
public function getUserIdentifier(): string
|
||||
{
|
||||
return (string) $this->email;
|
||||
return $this->email ?? $this->id;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -27,6 +27,10 @@ class DocumentStorageService
|
||||
|
||||
public function getAbsolutePath(string $relativePath): string
|
||||
{
|
||||
if (str_contains($relativePath, '..')) {
|
||||
throw new RuntimeException(sprintf('Path traversal detected: "%s"', $relativePath));
|
||||
}
|
||||
|
||||
$absolutePath = $this->storageDir.'/'.$relativePath;
|
||||
$realPath = realpath($absolutePath);
|
||||
|
||||
|
||||
@@ -64,6 +64,20 @@ final class DocumentUploadProcessor implements ProcessorInterface
|
||||
throw new BadRequestHttpException('A valid file is required in the "file" field.');
|
||||
}
|
||||
|
||||
$allowedMimeTypes = [
|
||||
'application/pdf',
|
||||
'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/bmp',
|
||||
'text/plain', 'text/csv',
|
||||
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
|
||||
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
||||
'application/msword', 'application/vnd.ms-excel',
|
||||
'application/zip',
|
||||
];
|
||||
$detectedMime = $file->getMimeType() ?: 'application/octet-stream';
|
||||
if (!in_array($detectedMime, $allowedMimeTypes, true)) {
|
||||
throw new BadRequestHttpException(sprintf('Type de fichier non autorisé : %s', $detectedMime));
|
||||
}
|
||||
|
||||
$document = new Document();
|
||||
|
||||
// Metadata from form fields
|
||||
|
||||
Reference in New Issue
Block a user