Merge branch 'bcash-main' into main

mevdschee · mevdschee · commit 40b4f426bb22 · 2021-05-16T20:38:16.000+02:00
diff --git a/api.include.php b/api.include.php
@@ -11365,7 +11365,7 @@ public function __construct(Config $config)
 
         private function parseBody(string $body) /*: ?object*/
         {
-            $first = substr($body, 0, 1);
+            $first = substr(ltrim($body), 0, 1);
             if ($first == '[' || $first == '{') {
                 $object = json_decode($body);
                 $causeCode = json_last_error();
diff --git a/api.php b/api.php
@@ -11365,7 +11365,7 @@ public function __construct(Config $config)
 
         private function parseBody(string $body) /*: ?object*/
         {
-            $first = substr($body, 0, 1);
+            $first = substr(ltrim($body), 0, 1);
             if ($first == '[' || $first == '{') {
                 $object = json_decode($body);
                 $causeCode = json_last_error();
diff --git a/src/Tqdev/PhpCrudApi/Api.php b/src/Tqdev/PhpCrudApi/Api.php
@@ -169,7 +169,7 @@ public function __construct(Config $config)
 
     private function parseBody(string $body) /*: ?object*/
     {
-        $first = substr($body, 0, 1);
+        $first = substr(ltrim($body), 0, 1);
         if ($first == '[' || $first == '{') {
             $object = json_decode($body);
             $causeCode = json_last_error();
diff --git a/src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php
@@ -69,9 +69,18 @@ private function getVerifiedClaims(string $token, int $time, int $leeway, int $t
         foreach ($requirements as $field => $values) {
             if (!empty($values)) {
                 if ($field != 'alg') {
-                    if (!isset($claims[$field]) || !in_array($claims[$field], $values)) {
+                    if (!isset($claims[$field])) {
                         return array();
                     }
+                    if (is_array($claims[$field])) {
+                        if (!array_intersect($claims[$field], $values)) {
+                            return array();
+                        }
+                    } else {
+                        if (!in_array($claims[$field], $values)) {
+                            return array();
+                        }
+                    }
                 }
             }
         }
diff --git a/tests/functional/001_records/007_edit_post.log b/tests/functional/001_records/007_edit_post.log
@@ -16,3 +16,25 @@ Content-Type: application/json; charset=utf-8
 Content-Length: 62
 
 {"id":3,"user_id":1,"category_id":1,"content":"test (edited)"}
+===
+PUT /records/posts/3
+
+    {
+        "user_id": 1,
+        "category_id": 1,
+        "content": "test (edited 1)"
+    }
+===
+200
+Content-Type: application/json; charset=utf-8
+Content-Length: 1
+
+1
+===
+GET /records/posts/3
+===
+200
+Content-Type: application/json; charset=utf-8
+Content-Length: 64
+
+{"id":3,"user_id":1,"category_id":1,"content":"test (edited 1)"}

Original file line number	Diff line number	Diff line change
`@@ -11365,7 +11365,7 @@ public function __construct(Config $config)`
`11365`	`11365`
`11366`	`11366`	`private function parseBody(string $body) /: ?object/`
`11367`	`11367`	`{`
`11368`		`- $first = substr($body, 0, 1);`
	`11368`	`+ $first = substr(ltrim($body), 0, 1);`
`11369`	`11369`	`if ($first == '[' \|\| $first == '{') {`
`11370`	`11370`	`$object = json_decode($body);`
`11371`	`11371`	`$causeCode = json_last_error();`
Original file line number	Diff line number	Diff line change
`@@ -169,7 +169,7 @@ public function __construct(Config $config)`
`169`	`169`
`170`	`170`	`private function parseBody(string $body) /: ?object/`
`171`	`171`	`{`
`172`		`- $first = substr($body, 0, 1);`
	`172`	`+ $first = substr(ltrim($body), 0, 1);`
`173`	`173`	`if ($first == '[' \|\| $first == '{') {`
`174`	`174`	`$object = json_decode($body);`
`175`	`175`	`$causeCode = json_last_error();`
Original file line number	Diff line number	Diff line change
`@@ -69,9 +69,18 @@ private function getVerifiedClaims(string $token, int $time, int $leeway, int $t`
`69`	`69`	`foreach ($requirements as $field => $values) {`
`70`	`70`	`if (!empty($values)) {`
`71`	`71`	`if ($field != 'alg') {`
`72`		`- if (!isset($claims[$field]) \|\| !in_array($claims[$field], $values)) {`
	`72`	`+ if (!isset($claims[$field])) {`
`73`	`73`	`return array();`
`74`	`74`	`}`
	`75`	`+ if (is_array($claims[$field])) {`
	`76`	`+ if (!array_intersect($claims[$field], $values)) {`
	`77`	`+ return array();`
	`78`	`+ }`
	`79`	`+ } else {`
	`80`	`+ if (!in_array($claims[$field], $values)) {`
	`81`	`+ return array();`
	`82`	`+ }`
	`83`	`+ }`
`75`	`84`	`}`
`76`	`85`	`}`
`77`	`86`	`}`