MokoConsulting/MokoSuiteClient
0
0
Fork 0
Code Issues 81 Pull Requests 1 Releases 3 Wiki Activity

fix: skip global token check for syncclear/syncpush — they auth via POST body

Browse Source 
The global API token check reads from query string/header, but
syncclear and syncpush send the token in the JSON POST body.
Skip the global check for these actions.

Authored-by: Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jonathan Miller
2026-05-31 21:02:11 -05:00
parent cb264fac6a
commit 73ab21bfb0
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/packages/plg_system_mokowaas/Extension/MokoWaaS.php
+4 -1
View File
@@ -1624,7 +1624,10 @@ class MokoWaaS extends CMSPlugin implements BootableExtensionInterface
$providedToken = $this->app->input->get('token', '', 'RAW');
}
if (!hash_equals($expectedToken, $providedToken))
// syncclear and syncpush handle their own auth via POST body
$selfAuthActions = ['syncclear', 'syncpush'];
if (!\in_array($action, $selfAuthActions, true) && !hash_equals($expectedToken, $providedToken))
{
$this->sendHealthResponse(401, ['error' => 'Invalid token']);
src/packages/plg_task_mokowaassync/src/Extension/ContentSync.php
+15
View File
@@ -71,6 +71,21 @@ final class ContentSync extends CMSPlugin implements SubscriberInterface
{
$params = $event->getArgument('params');
// Debug: log what we received
if (is_object($params))
{
$this->logTask('Params type: object, keys: ' . implode(', ', array_keys(get_object_vars($params))));
}
elseif (is_array($params))
{
$this->logTask('Params type: array, keys: ' . implode(', ', array_keys($params)));
$params = (object) $params;
}
else
{
$this->logTask('Params type: ' . gettype($params));
}
$targetUrl = rtrim($params->target_url ?? '', '/');
if (empty($targetUrl))