commit 1096e1387a86a42621bca517a2425f388ee9537b parent 76f511b1c070a459c27f2e8575230d716d582b2a Author: Felicitus <felicitus@felicitus.org> Date: Wed, 4 Nov 2015 19:23:41 +0100 Verify auth key when retrieving existing configuration as well Diffstat:
M | src/PartKeepr/SetupBundle/Controller/ExistingConfigParserController.php | | | 9 | +++++++++ |
1 file changed, 9 insertions(+), 0 deletions(-)
diff --git a/src/PartKeepr/SetupBundle/Controller/ExistingConfigParserController.php b/src/PartKeepr/SetupBundle/Controller/ExistingConfigParserController.php @@ -15,6 +15,15 @@ class ExistingConfigParserController extends SetupController */ public function parseExistingConfigAction(Request $request) { + $data = json_decode($request->getContent(), true); + if (!array_key_exists("authKey", $data) || !$this->verifyAuthKey($data["authKey"])) { + $response["success"] = false; + $response["message"] = "Invalid Authentication Key"; + $response["errors"] = array(); + + return new JsonResponse($response); + } + $response = array( "success" => true, "errors" => [],