Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-84px-q68r-2fc9
  • Loading branch information
alexander-schranz committed Dec 15, 2021
1 parent b003694 commit 30bf8b5
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 1 deletion.
18 changes: 17 additions & 1 deletion src/Sulu/Bundle/SecurityBundle/Controller/ProfileController.php
Expand Up @@ -118,7 +118,7 @@ public function putAction(Request $request)
{
$this->checkArguments($request);
$user = $this->tokenStorage->getToken()->getUser();
$this->userManager->save($request->request->all(), $request->get('locale'), $user->getId(), true);
$this->userManager->save($this->getData($request), $request->get('locale'), $user->getId(), true);

$user->setFirstName($request->get('firstName'));
$user->setLastName($request->get('lastName'));
Expand Down Expand Up @@ -231,4 +231,20 @@ private function checkArguments(Request $request)
throw new MissingArgumentException($this->userClass, 'locale');
}
}

/**
* @return array<string, mixed>
*/
protected function getData(Request $request): array
{
$data = [];

foreach ($request->request->all() as $key => $value) {
if (\in_array($key, ['firstName', 'lastName', 'username', 'email', 'password', 'locale'], true)) {
$data[$key] = $value;
}
}

return $data;
}
}
Expand Up @@ -87,6 +87,30 @@ public function testPut()
$this->assertEquals('de', $response->locale);
}

public function testPutInvalidField()

Check failure on line 90 in src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php

GitHub Actions / PHP Lint

src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php#L90

Method Sulu\Bundle\SecurityBundle\Tests\Functional\Controller\ProfileControllerTest::testPutInvalidField() has no return type specified.
{
$this->client->jsonRequest(
'PUT',
'/api/profile',
[
'firstName' => 'Hans',
'lastName' => 'Mustermann',
'username' => 'hansi',
'email' => 'hans.mustermann@muster.at',
'password' => 'testpassword',
'locale' => 'de',
]
);

$response = \json_decode($this->client->getResponse()->getContent());
$this->assertHttpStatusCode(200, $this->client->getResponse());
$this->assertEquals('Hans', $response->firstName);

Check failure on line 107 in src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php

GitHub Actions / PHP Lint

src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php#L107

Cannot access property $firstName on mixed.
$this->assertEquals('Mustermann', $response->lastName);

Check failure on line 108 in src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php

GitHub Actions / PHP Lint

src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php#L108

Cannot access property $lastName on mixed.
$this->assertEquals('hansi', $response->username);

Check failure on line 109 in src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php

GitHub Actions / PHP Lint

src/Sulu/Bundle/SecurityBundle/Tests/Functional/Controller/ProfileControllerTest.php#L109

Cannot access property $username on mixed.
$this->assertEquals('hans.mustermann@muster.at', $response->email);
$this->assertEquals('de', $response->locale);
}

public function testPutEmailNotUnique()
{
$existingContact = new Contact();
Expand Down

0 comments on commit 30bf8b5

Please sign in to comment.