Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v1.6.2 Fixes #386

Merged
merged 8 commits into from
Aug 1, 2023
6 changes: 0 additions & 6 deletions pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc
Original file line number Diff line number Diff line change
@@ -1625,12 +1625,6 @@ function get($id, $data=[], $all=false) {
"return" => $id,
"message" => "IPsec remote gateway must be IPv6 address when protocol is set to 'inet6'"
],
2169 => [
"status" => "bad request",
"code" => 400,
"return" => $id,
"message" => "IPsec remote gateway cannot be a hostname unless protocol is set to 'both'"
],
2170 => [
"status" => "bad request",
"code" => 400,
5 changes: 5 additions & 0 deletions pfSense-pkg-API/files/etc/inc/api/framework/APITools.inc
Original file line number Diff line number Diff line change
@@ -1133,6 +1133,11 @@ function is_assoc_array($array, $strict_seq=false) {
function api_request($url, $method, $data=[], $headers=[], $username="", $password="") {
# Format data and headers
$data = json_encode($data);

# Ensure headers is always an array
if (!is_array($headers)) {
$headers = [];
}
$headers["Content-Type"] = "application/json";
$headers["Content-Length"] = strlen($data);

Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@ class APIAccessTokenCreate extends APIModel {
parent::__construct();
$this->set_auth_mode = "local";
$this->retain_read_mode = false;
$this->privileges = [];
}

# Validate our API configurations auth mode (must be JWT)
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@ class APIFirewallNATOutboundMappingCreate extends APIModel {

public function action() {
# Add our new configuration
$this->id = count($this->get_config("nat/outbound/rule"));
$this->id = $this->get_next_id("nat/outbound/rule");
$this->set_config("nat/outbound/rule/{$this->id}", $this->validated_data);
APITools\sort_nat_rules($this->initial_data["top"], $this->id, "outbound");
$this->write_config();
Original file line number Diff line number Diff line change
@@ -167,10 +167,6 @@ class APIServicesIPsecPhase1Create extends APIModel {
elseif (is_ipaddrv4($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] === "inet6") {
$this->errors[] = APIResponse\get(2168);
}
# For domain name remote gateways, ensure the protocol is 'both'
elseif (is_fqdn($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] !== "both") {
$this->errors[] = APIResponse\get(2169);
}
# Ensure remote gateway is not already in use
elseif ($this->is_ipsec_remote_gateway_in_use($this->initial_data["remote-gateway"])) {
$this->errors[] = APIResponse\get(2170);
Original file line number Diff line number Diff line change
@@ -245,10 +245,6 @@ class APIServicesIPsecPhase1Update extends APIModel {
elseif (is_ipaddrv4($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] === "inet6") {
$this->errors[] = APIResponse\get(2168);
}
# For domain name remote gateways, ensure the protocol is 'both'
elseif (is_fqdn($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] !== "both") {
$this->errors[] = APIResponse\get(2169);
}
# Ensure remote gateway is not already in use
elseif ($this->is_ipsec_remote_gateway_in_use($this->initial_data["remote-gateway"])) {
$this->errors[] = APIResponse\get(2170);
1 change: 1 addition & 0 deletions tests/test_api_v1_access_token.py
Original file line number Diff line number Diff line change
@@ -19,6 +19,7 @@
class APIE2ETestAccessToken(e2e_test_framework.APIE2ETest):
"""Class used to test the /api/v1/access_token endpoint."""
uri = "/api/v1/access_token"
post_privilges = []
post_tests = [
{
"name": "Change auth mode to local to test token-based auth restriction",
22 changes: 0 additions & 22 deletions tests/test_api_v1_services_ipsec_phase1.py
Original file line number Diff line number Diff line change
@@ -197,28 +197,6 @@ class APIE2ETestServicesIPsecPhase1(e2e_test_framework.APIE2ETest):
"remote-gateway": "127.0.0.1"
}
},
{
"name": "Check remote-gateway domain only when protocol is 'both' constraint (inet)",
"status": 400,
"return": 2169,
"req_data": {
"iketype": "ikev2",
"protocol": "inet",
"interface": "wan",
"remote-gateway": "example.com"
}
},
{
"name": "Check remote-gateway domain only when protocol is 'both' constraint (inet6)",
"status": 400,
"return": 2169,
"req_data": {
"iketype": "ikev2",
"protocol": "inet6",
"interface": "wan",
"remote-gateway": "example.com"
}
},
{
"name": "Check remote gateway unique constraint",
"status": 400,