diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 8dfe4b51b7..da7e4c6ff1 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -1995,7 +1995,7 @@ App::post('/v1/account/tokens/magic-url') ]); $user->removeAttribute('$sequence'); - $dbForProject->getAuthorization()->skip(fn () => $dbForProject->createDocument('users', $user)); + $user = $dbForProject->getAuthorization()->skip(fn () => $dbForProject->createDocument('users', $user)); } $tokenSecret = Auth::tokenGenerator(Auth::TOKEN_LENGTH_MAGIC_URL); @@ -2590,7 +2590,7 @@ App::post('/v1/account/tokens/phone') ]); $user->removeAttribute('$sequence'); - $dbForProject->getAuthorization()->skip(fn () => $dbForProject->createDocument('users', $user)); + $user = $dbForProject->getAuthorization()->skip(fn () => $dbForProject->createDocument('users', $user)); try { $target = $dbForProject->getAuthorization()->skip(fn () => $dbForProject->createDocument('targets', new Document([ '$permissions' => [ diff --git a/app/http.php b/app/http.php index 629d1d21b7..5ca72c45ed 100644 --- a/app/http.php +++ b/app/http.php @@ -457,7 +457,6 @@ $http->on(Constant::EVENT_REQUEST, function (SwooleRequest $swooleRequest, Swool $request->setAuthorization($authorization); $response->setAuthorization($authorization); - $authorization->cleanRoles(); $authorization->addRole(Role::any()->toString()); @@ -501,7 +500,7 @@ $http->on(Constant::EVENT_REQUEST, function (SwooleRequest $swooleRequest, Swool $log->addExtra('file', $th->getFile()); $log->addExtra('line', $th->getLine()); $log->addExtra('trace', $th->getTraceAsString()); - $log->addExtra('roles', $authorization->getRoles()); + $log->addExtra('roles', isset($authorization) ? $authorization->getRoles() : []); $sdk = $route->getLabel("sdk", false); diff --git a/composer.lock b/composer.lock index aa76cd45d5..93a4d68546 100644 --- a/composer.lock +++ b/composer.lock @@ -4108,16 +4108,16 @@ }, { "name": "utopia-php/emails", - "version": "0.6.1", + "version": "0.6.2", "source": { "type": "git", "url": "https://github.com/utopia-php/emails.git", - "reference": "0de8896f369b6aa1f14df338645048f95a8439e3" + "reference": "9c4c40cf7c03c2e9e21364566f9b192d03ea93c9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/emails/zipball/0de8896f369b6aa1f14df338645048f95a8439e3", - "reference": "0de8896f369b6aa1f14df338645048f95a8439e3", + "url": "https://api.github.com/repos/utopia-php/emails/zipball/9c4c40cf7c03c2e9e21364566f9b192d03ea93c9", + "reference": "9c4c40cf7c03c2e9e21364566f9b192d03ea93c9", "shasum": "" }, "require": { @@ -4125,7 +4125,7 @@ "utopia-php/cli": "^0.15", "utopia-php/domains": "^0.9", "utopia-php/fetch": "^0.4", - "utopia-php/validators": "^0.0.1" + "utopia-php/validators": "^0.0.2" }, "require-dev": { "laravel/pint": "1.25.*", @@ -4162,9 +4162,9 @@ ], "support": { "issues": "https://github.com/utopia-php/emails/issues", - "source": "https://github.com/utopia-php/emails/tree/0.6.1" + "source": "https://github.com/utopia-php/emails/tree/0.6.2" }, - "time": "2025-10-28T07:29:58+00:00" + "time": "2025-10-28T16:08:17+00:00" }, { "name": "utopia-php/fetch", @@ -5109,16 +5109,16 @@ }, { "name": "utopia-php/validators", - "version": "0.0.1", + "version": "0.0.2", "source": { "type": "git", "url": "https://github.com/utopia-php/validators.git", - "reference": "69d1afa5df2f052535764520609e91b491708db2" + "reference": "894210695c5d35fa248fb65f7fe7237b6ff4fb0b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/validators/zipball/69d1afa5df2f052535764520609e91b491708db2", - "reference": "69d1afa5df2f052535764520609e91b491708db2", + "url": "https://api.github.com/repos/utopia-php/validators/zipball/894210695c5d35fa248fb65f7fe7237b6ff4fb0b", + "reference": "894210695c5d35fa248fb65f7fe7237b6ff4fb0b", "shasum": "" }, "require": { @@ -5149,9 +5149,9 @@ ], "support": { "issues": "https://github.com/utopia-php/validators/issues", - "source": "https://github.com/utopia-php/validators/tree/0.0.1" + "source": "https://github.com/utopia-php/validators/tree/0.0.2" }, - "time": "2025-10-20T15:08:50+00:00" + "time": "2025-10-20T21:52:28+00:00" }, { "name": "utopia-php/vcs", diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php index bc23a0e130..011a9f5a52 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php @@ -263,13 +263,17 @@ class Create extends Action $documentSecurity = $collection->getAttribute('documentSecurity', false); - $validCollection = $dbForProject->getAuthorization()->isValid(new Input($permission, $collection->getPermissionsByType($permission))); + $validCollection = $dbForProject->getAuthorization()->isValid( + new Input($permission, $collection->getPermissionsByType($permission)) + ); if (($permission === Database::PERMISSION_UPDATE && !$documentSecurity) || !$validCollection) { throw new Exception(Exception::USER_UNAUTHORIZED, $dbForProject->getAuthorization()->getDescription()); } if ($permission === Database::PERMISSION_UPDATE) { - $validDocument = $dbForProject->getAuthorization()->isValid(new Input($permission, $document->getUpdate())); + $validDocument = $dbForProject->getAuthorization()->isValid( + new Input($permission, $document->getUpdate()) + ); $valid = $validCollection || $validDocument; if ($documentSecurity && !$valid) { throw new Exception(Exception::USER_UNAUTHORIZED, $dbForProject->getAuthorization()->getDescription()); diff --git a/src/Appwrite/Utopia/Request.php b/src/Appwrite/Utopia/Request.php index a3820f4f1f..76d87e2012 100644 --- a/src/Appwrite/Utopia/Request.php +++ b/src/Appwrite/Utopia/Request.php @@ -210,7 +210,7 @@ class Request extends UtopiaRequest { $forwardedUserAgent = $this->getHeader('x-forwarded-user-agent'); if (!empty($forwardedUserAgent)) { - $roles = $this->authorization->getRoles(); + $roles = $this->authorization->getRoles() ?? []; $isAppUser = Auth::isAppUser($roles); if ($isAppUser) { @@ -234,7 +234,7 @@ class Request extends UtopiaRequest return md5($this->getURI() . '*' . serialize($params) . '*' . APP_CACHE_BUSTER); } - private Authorization $authorization; + private ?Authorization $authorization = null; public function setAuthorization(Authorization $authorization): void { diff --git a/src/Appwrite/Utopia/Response.php b/src/Appwrite/Utopia/Response.php index 83ab451c74..c92d49ade8 100644 --- a/src/Appwrite/Utopia/Response.php +++ b/src/Appwrite/Utopia/Response.php @@ -809,7 +809,7 @@ class Response extends SwooleResponse } if ($rule['sensitive']) { - $roles = $this->authorization->getRoles(); + $roles = $this->authorization->getRoles() ?? []; $isPrivilegedUser = Auth::isPrivilegedUser($roles); $isAppUser = Auth::isAppUser($roles); @@ -978,7 +978,7 @@ class Response extends SwooleResponse } } - private Authorization $authorization; + private ?Authorization $authorization = null; public function setAuthorization(Authorization $authorization): void { diff --git a/tests/e2e/Services/Databases/Legacy/Permissions/DatabasesPermissionsGuestTest.php b/tests/e2e/Services/Databases/Legacy/Permissions/DatabasesPermissionsGuestTest.php index 60c4421853..0c9854160e 100644 --- a/tests/e2e/Services/Databases/Legacy/Permissions/DatabasesPermissionsGuestTest.php +++ b/tests/e2e/Services/Databases/Legacy/Permissions/DatabasesPermissionsGuestTest.php @@ -24,7 +24,10 @@ class DatabasesPermissionsGuestTest extends Scope if (isset($this->authorization)) { return $this->authorization; } - return new Authorization(); + + $this->authorization = new Authorization(); + + return $this->authorization; } public function createCollection(): array diff --git a/tests/unit/Auth/AuthTest.php b/tests/unit/Auth/AuthTest.php index 06e128003a..5e883bf924 100644 --- a/tests/unit/Auth/AuthTest.php +++ b/tests/unit/Auth/AuthTest.php @@ -22,6 +22,7 @@ class AuthTest extends TestCase } $this->authorization = new Authorization(); + return $this->authorization; }