Add path parameter validation

pull/6544/head
Никита Поздняков 2 years ago
parent 3a480578e8
commit abf44ecb8f
No known key found for this signature in database
GPG Key ID: F344106F9804FE5F
  1. 1
      CHANGELOG.md
  2. 17
      apps/block_scout_web/lib/block_scout_web/controllers/account/auth_controller.ex
  3. 2
      apps/block_scout_web/lib/block_scout_web/views/account/api/v1/user_view.ex
  4. 9
      apps/explorer/lib/explorer/account/notifier/forbidden_address.ex

@ -2,6 +2,7 @@
### Features
- [#6544](https://github.com/blockscout/blockscout/pull/6544) - API improvements
- [#5561](https://github.com/blockscout/blockscout/pull/5561), [#6523](https://github.com/blockscout/blockscout/pull/6523) - Improve working with contracts implementations
- [#6401](https://github.com/blockscout/blockscout/pull/6401) - Add Sol2Uml contract visualization
- [#6481](https://github.com/blockscout/blockscout/pull/6481) - Smart contract verification improvements

@ -40,7 +40,7 @@ defmodule BlockScoutWeb.Account.AuthController do
conn
|> put_session(:current_user, user)
|> redirect(to: params["path"] || root())
|> redirect(to: redirect_path(params["path"]))
{:error, reason} ->
conn
@ -71,4 +71,19 @@ defmodule BlockScoutWeb.Account.AuthController do
defp root do
ConfigHelper.network_path()
end
defp redirect_path(path) when is_binary(path) do
case URI.parse(path) do
%URI{path: "/" <> path} ->
"/" <> path
%URI{path: path} when is_binary(path) ->
"/" <> path
_ ->
root()
end
end
defp redirect_path(_), do: root()
end

@ -1,8 +1,8 @@
defmodule BlockScoutWeb.Account.Api.V1.UserView do
alias BlockScoutWeb.Account.Api.V1.AccountView
alias BlockScoutWeb.API.V2.Helper
alias Ecto.Changeset
alias Explorer.Chain
alias BlockScoutWeb.API.V2.Helper
def render("message.json", assigns) do
AccountView.render("message.json", assigns)

@ -8,9 +8,8 @@ defmodule Explorer.Account.Notifier.ForbiddenAddress do
"0x000000000000000000000000000000000000dEaD"
]
alias Explorer.AccessHelpers
alias Explorer.{AccessHelpers, Repo}
alias Explorer.Chain.Token
alias Explorer.Repo
import Ecto.Query, only: [from: 2]
import Explorer.Chain, only: [string_to_address_hash: 1]
@ -21,11 +20,11 @@ defmodule Explorer.Account.Notifier.ForbiddenAddress do
{:error, message}
address_hash ->
check(address_hash, address_string)
check(address_hash)
end
end
def check(%Explorer.Chain.Hash{} = address_hash, address_hash_string) do
def check(%Explorer.Chain.Hash{} = address_hash) do
cond do
address_hash in blacklist() ->
{:error, "This address is blacklisted"}
@ -33,7 +32,7 @@ defmodule Explorer.Account.Notifier.ForbiddenAddress do
is_contract(address_hash) ->
{:error, "This address isn't personal"}
match?({:restricted_access, true}, AccessHelpers.restricted_access?(address_hash_string, %{})) ->
match?({:restricted_access, true}, AccessHelpers.restricted_access?(to_string(address_hash), %{})) ->
{:error, "This address has restricted access"}
address_hash ->

Loading…
Cancel
Save