From ebcc6bd3b5cd6da2c2aa6315160e8d4765b7b013 Mon Sep 17 00:00:00 2001 From: jerome Date: Fri, 28 Aug 2009 07:03:03 +0000 Subject: [PATCH] webservices MDL-12886 "params" parameter has been changed into an object (conform with the web description structure) + clean_params() function filters parameters and throws an exception for any unexpected parameters/malformed parameters --- lib/moodleexternal.php | 56 +++++++++--------- user/external.php | 59 +++++++++++-------- webservice/lib.php | 8 ++- .../soap/testclient/zend/zend_soap_client.php | 29 +++++---- 4 files changed, 86 insertions(+), 66 deletions(-) diff --git a/lib/moodleexternal.php b/lib/moodleexternal.php index 67098a23e2..9ff5a382fb 100644 --- a/lib/moodleexternal.php +++ b/lib/moodleexternal.php @@ -49,12 +49,7 @@ abstract class moodle_external { */ protected function clean_function_params($functionname, &$params) { $description = $this->get_function_webservice_description($functionname); - varlog($functionname); - foreach ($params as $param) { //we are applying the algo for all params - $key = key($description['params']); //get next key of the description array => params need to be ordered ! - $this->clean_params($description['params'][$key], $param); - - } + $this->clean_object($description['params'], $params); } /** @@ -62,38 +57,41 @@ abstract class moodle_external { * @param $params */ protected function clean_params($description, &$params) { - if (!is_array($params)) { - $paramvalue = clean_param($params, $description); - } else { - foreach ($params as $paramname => &$paramvalue) { - if (is_array($paramvalue)) { //it's a list - //A description array does not support list of different objects - //it's why we retrieve the first key, because there should be only one key - $this->clean_params($description[key($description)], $paramvalue); + + if (is_array($params) ) { //it's a list + $nextdescriptionkey = key($description); + if (isset($nextdescriptionkey)) { + $this->clean_params($description[$nextdescriptionkey], $params[key($params)]); + } else { + throw new moodle_exception('wswrongparams'); } - else { - if (is_object($paramvalue)) { //is it a object - $this->clean_object_types($description[$paramname], $paramvalue); - } - else { //it's a primary type - $paramvalue = clean_param($paramvalue, $description[$paramname]); - } + } + else { + if (is_object($params)) { //is it a object + $this->clean_object($description, $params); + } + else { //it's a primary type + $params = clean_param($params, $description); } - - } - } } - protected function clean_object_types($objectdescription, &$paramobject) { + protected function clean_object($objectdescription, &$paramobject) { foreach (get_object_vars($paramobject) as $propertyname => $propertyvalue) { if (is_array($propertyvalue)) { - $this->clean_params($objectdescription->$propertyname, $propertyvalue); - $paramobject->$propertyname = $propertyvalue; + if (isset($objectdescription->$propertyname)) { + $this->clean_params($objectdescription->$propertyname, $propertyvalue); + $paramobject->$propertyname = $propertyvalue; + } else { + throw new moodle_exception('wswrongparams'); + } } else { - $paramobject->$propertyname = clean_param($propertyvalue, $objectdescription->$propertyname); - + if (isset($objectdescription->$propertyname)) { + $paramobject->$propertyname = clean_param($propertyvalue, $objectdescription->$propertyname); + } else { + throw new moodle_exception('wswrongparams'); + } } } } diff --git a/user/external.php b/user/external.php index 5697d3463a..4b0f5a2c5e 100644 --- a/user/external.php +++ b/user/external.php @@ -39,7 +39,7 @@ final class user_external extends moodle_external { $this->descriptions = array(); ///The desciption of the web service - $user = new stdClass(); + $user = new object(); $user->password = PARAM_ALPHANUMEXT; $user->auth = PARAM_ALPHANUMEXT; $user->confirmed = PARAM_NUMBER; @@ -56,12 +56,15 @@ final class user_external extends moodle_external { $user->description = PARAM_TEXT; $user->city = PARAM_ALPHANUMEXT; $user->country = PARAM_ALPHANUMEXT; - - $this->descriptions['create_users'] = array( 'params' => array('users' => array($user)), - 'optionalinformation' => 'All params are not mandatory', - 'return' => array('userids' => array(PARAM_NUMBER))); - - $user = new stdClass(); + $params = new object(); + $params->users = array($user); + $return = new object(); + $return->userids = array(PARAM_NUMBER); + $this->descriptions['create_users'] = array( 'params' => $params, + 'optionalinformation' => 'Username, password, firstname, and username are the only mandatory', + 'return' => $return); + + $user = new object(); $user->id = PARAM_NUMBER; $user->auth = PARAM_ALPHANUMEXT; $user->confirmed = PARAM_NUMBER; @@ -78,25 +81,33 @@ final class user_external extends moodle_external { $user->description = PARAM_TEXT; $user->city = PARAM_ALPHANUMEXT; $user->country = PARAM_ALPHANUMEXT; - - $this->descriptions['get_users'] = array( 'params' => array('search'=> PARAM_ALPHANUM), + $params = new object(); + $params->search = PARAM_ALPHANUM; + $return = new object(); + $return->users = array($user); + $this->descriptions['get_users'] = array( 'params' => $params, 'optionalparams' => 'All params are not mandatory', - 'return' => array('user' => array( $user))); + 'return' => $return); - - $this->descriptions['delete_users'] = array( 'params' => array('usernames' => array(PARAM_ALPHANUMEXT)), + $params = new object(); + $params->usernames = array(PARAM_ALPHANUMEXT); + $return = new object(); + $return->result = PARAM_BOOL; + $this->descriptions['delete_users'] = array( 'params' => $params, 'optionalparams' => 'All params are not mandatory', - 'return' => array('result' => PARAM_BOOL)); + 'return' => $return); $user->newusername = PARAM_ALPHANUMEXT; - $this->descriptions['update_users'] = array( 'params' => array('users' => array($user), + $params = new object(); + $params->users = array($user); + $this->descriptions['update_users'] = array( 'params' => $params, 'optionalparams' => 'All params are not mandatory', - 'return' => array('result' => PARAM_BOOL))); + 'return' => $return); } /** * Retrieve all user - * @param array|struct $params - need to be define as struct for XMLRPC + * @param object|struct $params - need to be define as struct for XMLRPC * @return object $return */ public function get_users($params) { @@ -105,7 +116,7 @@ final class user_external extends moodle_external { $this->clean_function_params('get_users', $params); if (has_capability('moodle/user:viewdetails', get_context_instance(CONTEXT_SYSTEM))) { - return get_users(true, $params['search'], false, null, 'firstname ASC','', '', '', 1000, 'id, auth, confirmed, username, idnumber, firstname, lastname, email, emailstop, lang, theme, timezone, mailformat, city, description, country'); + return get_users(true, $params->search, false, null, 'firstname ASC','', '', '', 1000, 'id, auth, confirmed, username, idnumber, firstname, lastname, email, emailstop, lang, theme, timezone, mailformat, city, description, country'); } else { throw new moodle_exception('wscouldnotvieweusernopermission'); @@ -114,15 +125,15 @@ final class user_external extends moodle_external { /** * Create multiple users - * @param array|struct $params - need to be define as struct for XMLRPC - * @return array $return ids of new user + * @param object|struct $params - need to be define as struct for XMLRPC + * @return object $return */ public function create_users($params) { global $USER; if (has_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM))) { $userids = array(); $this->clean_function_params('create_users', $params); - foreach ($params['users'] as $user) { + foreach ($params->users as $user) { try { $userids[$user->username] = create_user($user); } @@ -140,7 +151,7 @@ final class user_external extends moodle_external { /** * Delete multiple users * @global object $DB - * @param array|struct $params - need to be define as struct for XMLRPC + * @param object|struct $params - need to be define as struct for XMLRPC * @return boolean result true if success */ public function delete_users($params) { @@ -149,7 +160,7 @@ final class user_external extends moodle_external { if (has_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM))) { $this->clean_function_params('delete_users', $params); - foreach ($params['usernames'] as $username) { + foreach ($params->usernames as $username) { $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>1)); if (empty($user)) { throw new moodle_exception('wscouldnotdeletenoexistinguser'); @@ -169,7 +180,7 @@ final class user_external extends moodle_external { /** * Update some users information * @global object $DB - * @param array|struct $params - need to be define as struct for XMLRPC + * @param object|struct $params - need to be define as struct for XMLRPC * @return boolean result true if success */ public function update_users($params) { @@ -179,7 +190,7 @@ final class user_external extends moodle_external { $this->clean_function_params('update_users', $params); - foreach ($params['users'] as $paramuser) { + foreach ($params->users as $paramuser) { $user = $DB->get_record('user', array('username'=> $paramuser->username, 'mnethostid'=>1)); diff --git a/webservice/lib.php b/webservice/lib.php index 6424137d9c..18086b3d85 100644 --- a/webservice/lib.php +++ b/webservice/lib.php @@ -592,11 +592,13 @@ abstract class webservice_server { class ws_authentication { /** * - * @param array|struct $params + * @param object|struct $params * @return integer */ - function get_token($params) { - if ($params['username'] == 'wsuser' && $params['password'] == 'wspassword') { + function get_token($params) { + $params->username = clean_param($params->username, PARAM_ALPHANUM); + $params->password = clean_param($params->password, PARAM_ALPHANUM); + if ($params->username == 'wsuser' && $params->password == 'wspassword') { return '456'; } else { throw new moodle_exception('wrongusernamepassword'); diff --git a/webservice/soap/testclient/zend/zend_soap_client.php b/webservice/soap/testclient/zend/zend_soap_client.php index 88b68fe613..63c53be2f0 100644 --- a/webservice/soap/testclient/zend/zend_soap_client.php +++ b/webservice/soap/testclient/zend/zend_soap_client.php @@ -76,7 +76,7 @@ try { $params = new stdClass(); $params->username = 'wsuser'; $params->password = 'wspassword'; - $token = $client->get_token(array('username' => "wsuser", 'password' => "wspassword")); + $token = $client->get_token($params); //$token = $client->get_token($params); print "
\n";
     print "

Token: ".$token;
@@ -111,7 +111,9 @@ print "

".$CFG->wwwroot."/webservice/soap/server.php?token=".$token."&cla
 print "

Get users:";
 print "
\n";
 try {
-    var_dump($client->get_users(array('search' => "admin")));
+    $params = new stdClass();
+    $params->search = "admin";
+    var_dump($client->get_users($params));
 } catch (exception $exception) {
     print $exception;
     print "

An exception occured: \n";
@@ -123,13 +125,16 @@ print "
";
 print "

Create user:";
 print "
\n";
 try {
+
     $user = new stdClass();
     $user->password = "password6";
     $user->email = "mockuser6@mockuser6.com";
     $user->username = "mockuser66";
     $user->firstname = "firstname6";
     $user->lastname = "lastname6";
-    var_dump($client->create_users(array('users' => array($user))));
+    $params = new stdClass();
+    $params->users = array($user);
+    var_dump($client->create_users($params));
 } catch (exception $exception) {
     print $exception;
     print "

An exception occured: \n";
@@ -141,12 +146,14 @@ print "
";
 print "

Update user:";
 print "
\n";
 try {
-    $user1 = new stdClass();
-    $user1->email = "mockuser6@mockuser6.com";
-    $user1->username = "mockuser66";
-    $user1->newusername = 'mockuser6b';
-    $user1->firstname = "firstname6b";
-    var_dump($client->update_users(array('users' => array($user1))));
+    $usertoupdate = new stdClass();
+    $usertoupdate->email = "mockuser6@mockuser6.com";
+    $usertoupdate->username = "mockuser66";
+    $usertoupdate->newusername = 'mockuser6b';
+    $usertoupdate->firstname = "firstname6b";
+    $params = new stdClass();
+    $params->users = array($usertoupdate);
+    var_dump($client->update_users($params));
 } catch (exception $exception) {
     print $exception;
     print "

An exception occured: \n";
@@ -158,7 +165,9 @@ print "
";
 print "

Delete user:";
 print "
\n";
 try {
-    var_dump($client->delete_users(array('usernames' => array("mockuser6b"))));
+    $params = new stdClass();
+    $params->usernames = array("mockuser6b");
+    var_dump($client->delete_users($params));
 } catch (exception $exception) {
     print $exception;
     print "

An exception occured: \n";
-- 
2.39.5