custom/plugins/SwagPlatformSecurity/src/Fixes/NEXT32886/CallWebhookActionFix.php line 57

Open in your IDE?
  1. <?php
  3. namespace Swag\Security\Fixes\NEXT32886;
  5. use Doctrine\DBAL\Connection;
  6. use Psr\Log\LoggerInterface;
  7. use Shopware\Core\Content\Flow\Dispatching\StorableFlow;
  8. use Shopware\Core\Content\Media\File\FileUrlValidatorInterface;
  9. use Shopware\Core\Defaults;
  10. use Shopware\Core\Framework\Event\FlowEvent;
  11. use Shopware\Core\Framework\Uuid\Uuid;
  12. use Swag\FlowBuilderProfessional\Core\Content\Flow\Dispatching\Action\CallWebhookAction;
  14. class CallWebhookActionFix extends CallWebhookAction
  15. {
  16.     /**
  17.      * @var FileUrlValidatorInterface
  18.      */
  19.     private $fileUrlValidator;
  21.     /**
  22.      * @var LoggerInterface
  23.      */
  24.     private $logger;
  26.     /**
  27.      * @var Connection
  28.      */
  29.     private $connection;
  31.     public function setFileUrlValidator(FileUrlValidatorInterface $fileUrlValidator): void
  32.     {
  33.         $this->fileUrlValidator $fileUrlValidator;
  34.     }
  36.     public function setLogger(LoggerInterface $logger): void
  37.     {
  38.         $this->logger $logger;
  39.     }
  41.     public function setConnection(Connection $connection): void
  42.     {
  43.         $this->connection $connection;
  44.     }
  46.     public function handleFlow(StorableFlow $flow): void
  47.     {
  48.         $url $flow->getConfig()['baseUrl'];
  50.         if (!$this->validate($url$flow->getName(), $flow->getFlowState()->getSequenceId())) {
  51.             return;
  52.         }
  54.         parent::handleFlow($flow);
  55.     }
  57.     public function handle(FlowEvent $event): void
  58.     {
  59.         $url $event->getConfig()['baseUrl'];
  61.         if (!$this->validate($url$event->getName(), $event->getFlowState()->getSequenceId())) {
  62.             return;
  63.         }
  65.         parent::handle($event);
  66.     }
  68.     private function validate(string $urlstring $eventNamestring $sequenceId): bool
  69.     {
  70.         if ($this->fileUrlValidator->isValid($url)) {
  71.             return true;
  72.         }
  74.         $this->logger->error('Webhook url is not valid: Webhook urls must be publicly accessible.');
  76.         $webhookEventId Uuid::randomBytes();
  77.         $this->connection->executeStatement(
  78.             'INSERT INTO
  79.                 `webhook_event_log` (id, delivery_status, timestamp, webhook_name, event_name, url, request_content, response_content, created_at)
  80.                 VALUES (:webhookEventId, :deliveryStatus, :timestamp, :webhookName, :eventName, :url, :requestContent, :responseContent, :createdAt)',
  81.             [
  82.                 'webhookEventId' => $webhookEventId,
  83.                 'deliveryStatus' => 'failed',
  84.                 'timestamp' => time(),
  85.                 'webhookName' => $url,
  86.                 'eventName' => $eventName,
  87.                 'url' => $url,
  88.                 'requestContent' => '{}',
  89.                 'responseContent' => \json_encode([
  90.                     'message' => 'Webhook url is not valid: Webhook urls must be publicly accessible.',
  91.                 ]),
  92.                 'createdAt' => (new \DateTime())->format(Defaults::STORAGE_DATE_TIME_FORMAT),
  93.             ]
  94.         );
  96.         $this->connection->executeStatement(
  97.             'INSERT INTO `swag_sequence_webhook_event_log` (sequence_id, webhook_event_log_id)
  98.                 VALUES (:sequenceId, :webhookEventId)',
  99.             [
  100.                 'sequenceId' => Uuid::fromHexToBytes($sequenceId),
  101.                 'webhookEventId' => $webhookEventId,
  102.             ]
  103.         );
  105.         return false;
  106.     }
  107. }