From 17c2eb75f7a2c49e3260176112a43a67c476a90c Mon Sep 17 00:00:00 2001 From: Chris Brame Date: Mon, 21 Jun 2021 03:37:14 -0400 Subject: [PATCH] fix(tickets): security fix 11 #413 --- src/controllers/api/v1/tickets.js | 92 +++++++++++++++++-------------- src/controllers/tickets.js | 2 +- 2 files changed, 53 insertions(+), 41 deletions(-) diff --git a/src/controllers/api/v1/tickets.js b/src/controllers/api/v1/tickets.js index fdc95d1a6..91dcf7ab3 100644 --- a/src/controllers/api/v1/tickets.js +++ b/src/controllers/api/v1/tickets.js @@ -422,56 +422,68 @@ apiTickets.create = function (req, res) { postData.tags = [postData.tags] } - var HistoryItem = { - action: 'ticket:created', - description: 'Ticket was created.', - owner: req.user._id - } + async.waterfall( + [ + function (done) { + var UserSchema = require('../../../models/user') + UserSchema.findOne({ _id: req.user._id }, done) + }, + function (user, done) { + if (user.deleted) return done({ status: 400, error: 'Invalid User' }) - var TicketSchema = require('../../../models/ticket') - var ticket = new TicketSchema(postData) - if (!_.isUndefined(postData.owner)) { - ticket.owner = postData.owner - } else { - ticket.owner = req.user._id - } + var HistoryItem = { + action: 'ticket:created', + description: 'Ticket was created.', + owner: req.user._id + } - ticket.subject = sanitizeHtml(ticket.subject).trim() + var TicketSchema = require('../../../models/ticket') + var ticket = new TicketSchema(postData) + if (!_.isUndefined(postData.owner)) { + ticket.owner = postData.owner + } else { + ticket.owner = req.user._id + } - var marked = require('marked') - var tIssue = ticket.issue - tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '
') - tIssue = sanitizeHtml(tIssue).trim() - ticket.issue = xss(marked(tIssue)) - ticket.history = [HistoryItem] - ticket.subscribers = [req.user._id] + ticket.subject = sanitizeHtml(ticket.subject).trim() - ticket.save(function (err, t) { - if (err) { - response.success = false - response.error = err - winston.debug(response) - return res.status(400).json(response) - } + var marked = require('marked') + var tIssue = ticket.issue + tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '
') + tIssue = sanitizeHtml(tIssue).trim() + ticket.issue = xss(marked(tIssue)) + ticket.history = [HistoryItem] + ticket.subscribers = [user._id] + + ticket.save(function (err, t) { + if (err) return done({ status: 400, error: err }) + + t.populate('group owner priority', function (err, tt) { + if (err) return done({ status: 400, error: err }) - t.populate('group owner priority', function (err, tt) { + emitter.emit('ticket:created', { + hostname: req.headers.host, + socketId: socketId, + ticket: tt + }) + + response.ticket = tt + }) + }) + } + ], + function (err) { if (err) { response.success = false - response.error = err - winston.debug(response) - return res.status(400).json(response) + response.error = err.error + return res.status(err.status).json(response) } - emitter.emit('ticket:created', { - hostname: req.headers.host, - socketId: socketId, - ticket: tt - }) + response.success = true - response.ticket = tt - res.json(response) - }) - }) + return res.json(response) + } + ) } /** diff --git a/src/controllers/tickets.js b/src/controllers/tickets.js index bdb38d631..645a886d6 100644 --- a/src/controllers/tickets.js +++ b/src/controllers/tickets.js @@ -650,7 +650,7 @@ ticketsController.uploadAttachment = function (req, res) { mimetype.indexOf('application/vnd.openxmlformats-officedocument.spreadsheetml.sheet') === -1 ) { error = { - status: 500, + status: 400, message: 'Invalid File Type' }