diff --git a/VERSION b/VERSION index 15ee400..508879b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v3.3.1 +v3.3.2 diff --git a/adapters/AdapterInterface.php b/adapters/AdapterInterface.php index 426dcab3..3a0dc85 100644 --- a/adapters/AdapterInterface.php +++ b/adapters/AdapterInterface.php @@ -44,6 +44,12 @@ interface AdapterInterface */ public static function meta_hidden(): bool; + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool; + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/BenchmarkAdapter.php b/adapters/BenchmarkAdapter.php index 6cbd3da..493ad6a 100644 --- a/adapters/BenchmarkAdapter.php +++ b/adapters/BenchmarkAdapter.php @@ -66,6 +66,15 @@ namespace adapters; return false; } + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/GammuAdapter.php b/adapters/GammuAdapter.php index bc894d3..fb32676 100644 --- a/adapters/GammuAdapter.php +++ b/adapters/GammuAdapter.php @@ -61,6 +61,15 @@ namespace adapters; return false; } + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/KannelAdapter.php b/adapters/KannelAdapter.php index 2df2bf6..4d63802 100644 --- a/adapters/KannelAdapter.php +++ b/adapters/KannelAdapter.php @@ -119,6 +119,15 @@ class KannelAdapter implements AdapterInterface { return false; } + + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } /** * Name of the adapter. diff --git a/adapters/OctopushShortcodeAdapter.php b/adapters/OctopushShortcodeAdapter.php index 8e76106..2c70b97 100644 --- a/adapters/OctopushShortcodeAdapter.php +++ b/adapters/OctopushShortcodeAdapter.php @@ -97,6 +97,15 @@ class OctopushShortcodeAdapter implements AdapterInterface return false; } + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/OctopushVirtualNumberAdapter.php b/adapters/OctopushVirtualNumberAdapter.php index 3371d20..5e27c5f 100644 --- a/adapters/OctopushVirtualNumberAdapter.php +++ b/adapters/OctopushVirtualNumberAdapter.php @@ -96,6 +96,16 @@ class OctopushVirtualNumberAdapter implements AdapterInterface return false; } + + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/OvhSmsShortcodeAdapter.php b/adapters/OvhSmsShortcodeAdapter.php index 01004c9..a753f00 100644 --- a/adapters/OvhSmsShortcodeAdapter.php +++ b/adapters/OvhSmsShortcodeAdapter.php @@ -72,6 +72,15 @@ namespace adapters; return false; } + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/OvhSmsVirtualNumberAdapter.php b/adapters/OvhSmsVirtualNumberAdapter.php index 59da733..2d27335 100644 --- a/adapters/OvhSmsVirtualNumberAdapter.php +++ b/adapters/OvhSmsVirtualNumberAdapter.php @@ -84,6 +84,15 @@ namespace adapters; return false; } + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/TestAdapter.php b/adapters/TestAdapter.php index 7203b58..048e81c 100644 --- a/adapters/TestAdapter.php +++ b/adapters/TestAdapter.php @@ -71,6 +71,15 @@ namespace adapters; return false; } + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/adapters/TwilioVirtualNumberAdapter.php b/adapters/TwilioVirtualNumberAdapter.php index 3e39c85..9d628f4 100644 --- a/adapters/TwilioVirtualNumberAdapter.php +++ b/adapters/TwilioVirtualNumberAdapter.php @@ -83,6 +83,15 @@ class TwilioVirtualNumberAdapter implements AdapterInterface return false; } + /** + * Should this adapter data be hidden after creation + * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials. + */ + public static function meta_hide_data(): bool + { + return false; + } + /** * Name of the adapter. * It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.). diff --git a/controllers/publics/Api.php b/controllers/publics/Api.php index 65f7ae9..69c53ab 100644 --- a/controllers/publics/Api.php +++ b/controllers/publics/Api.php @@ -176,6 +176,19 @@ namespace controllers\publics; $entries[$key]['contacts'] = $this->internal_group->get_contacts($entry['id']); } } + // Special case for phone as we might need to remove adapter_data for security reason + elseif ('phone' == $entry_type) + { + foreach ($entries as $key => $entry) + { + if (!$entry['adapter']::meta_hide_data()) + { + continue; + } + + unset($entries[$key]['adapter_data']); + } + } $return = self::DEFAULT_RETURN; $return['response'] = $entries;