Merge pull request #386 from jaredhendrickson13/next_patch

v1.6.2 Fixes
jaredhendrickson13 · Aug 1, 2023 · 1b19911 · 1b19911
2 parents a2d0d3c + ba3b185
commit 1b19911
Show file tree

Hide file tree

Showing 8 changed files with 8 additions and 37 deletions.
diff --git a/pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc b/pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc
@@ -1625,12 +1625,6 @@ function get($id, $data=[], $all=false) {
             "return" => $id,
             "message" => "IPsec remote gateway must be IPv6 address when protocol is set to 'inet6'"
         ],
-        2169 => [
-            "status" => "bad request",
-            "code" => 400,
-            "return" => $id,
-            "message" => "IPsec remote gateway cannot be a hostname unless protocol is set to 'both'"
-        ],
         2170 => [
             "status" => "bad request",
             "code" => 400,

diff --git a/pfSense-pkg-API/files/etc/inc/api/framework/APITools.inc b/pfSense-pkg-API/files/etc/inc/api/framework/APITools.inc
@@ -1133,6 +1133,11 @@ function is_assoc_array($array, $strict_seq=false) {
 function api_request($url, $method, $data=[], $headers=[], $username="", $password="") {
     # Format data and headers
     $data = json_encode($data);
+
+    # Ensure headers is always an array
+    if (!is_array($headers)) {
+        $headers = [];
+    }
     $headers["Content-Type"] = "application/json";
     $headers["Content-Length"] = strlen($data);
 

diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIAccessTokenCreate.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIAccessTokenCreate.inc
@@ -22,6 +22,7 @@ class APIAccessTokenCreate extends APIModel {
         parent::__construct();
         $this->set_auth_mode = "local";
         $this->retain_read_mode = false;
+        $this->privileges = [];
     }
 
     # Validate our API configurations auth mode (must be JWT)

diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIFirewallNATOutboundMappingCreate.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIFirewallNATOutboundMappingCreate.inc
@@ -36,7 +36,7 @@ class APIFirewallNATOutboundMappingCreate extends APIModel {
 
     public function action() {
         # Add our new configuration
-        $this->id = count($this->get_config("nat/outbound/rule"));
+        $this->id = $this->get_next_id("nat/outbound/rule");
         $this->set_config("nat/outbound/rule/{$this->id}", $this->validated_data);
         APITools\sort_nat_rules($this->initial_data["top"], $this->id, "outbound");
         $this->write_config();

diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Create.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Create.inc
@@ -167,10 +167,6 @@ class APIServicesIPsecPhase1Create extends APIModel {
             elseif (is_ipaddrv4($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] === "inet6") {
                 $this->errors[] = APIResponse\get(2168);
             }
-            # For domain name remote gateways, ensure the protocol is 'both'
-            elseif (is_fqdn($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] !== "both") {
-                $this->errors[] = APIResponse\get(2169);
-            }
             # Ensure remote gateway is not already in use
             elseif ($this->is_ipsec_remote_gateway_in_use($this->initial_data["remote-gateway"])) {
                 $this->errors[] = APIResponse\get(2170);

diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Update.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Update.inc
@@ -245,10 +245,6 @@ class APIServicesIPsecPhase1Update extends APIModel {
             elseif (is_ipaddrv4($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] === "inet6") {
                 $this->errors[] = APIResponse\get(2168);
             }
-            # For domain name remote gateways, ensure the protocol is 'both'
-            elseif (is_fqdn($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] !== "both") {
-                $this->errors[] = APIResponse\get(2169);
-            }
             # Ensure remote gateway is not already in use
             elseif ($this->is_ipsec_remote_gateway_in_use($this->initial_data["remote-gateway"])) {
                 $this->errors[] = APIResponse\get(2170);

diff --git a/tests/test_api_v1_access_token.py b/tests/test_api_v1_access_token.py
@@ -19,6 +19,7 @@
 class APIE2ETestAccessToken(e2e_test_framework.APIE2ETest):
     """Class used to test the /api/v1/access_token endpoint."""
     uri = "/api/v1/access_token"
+    post_privilges = []
     post_tests = [
         {
             "name": "Change auth mode to local to test token-based auth restriction",

diff --git a/tests/test_api_v1_services_ipsec_phase1.py b/tests/test_api_v1_services_ipsec_phase1.py
@@ -197,28 +197,6 @@ class APIE2ETestServicesIPsecPhase1(e2e_test_framework.APIE2ETest):
                 "remote-gateway": "127.0.0.1"
             }
         },
-        {
-            "name": "Check remote-gateway domain only when protocol is 'both' constraint (inet)",
-            "status": 400,
-            "return": 2169,
-            "req_data": {
-                "iketype": "ikev2",
-                "protocol": "inet",
-                "interface": "wan",
-                "remote-gateway": "example.com"
-            }
-        },
-        {
-            "name": "Check remote-gateway domain only when protocol is 'both' constraint (inet6)",
-            "status": 400,
-            "return": 2169,
-            "req_data": {
-                "iketype": "ikev2",
-                "protocol": "inet6",
-                "interface": "wan",
-                "remote-gateway": "example.com"
-            }
-        },
         {
             "name": "Check remote gateway unique constraint",
             "status": 400,