From a226139630cc161a5ad615dbd33c68f51eecb3c2 Mon Sep 17 00:00:00 2001
From: osaajani <>
Date: Mon, 28 Mar 2022 01:54:38 +0200
Subject: [PATCH 1/2] Add support for hidding adapter datas
---
adapters/AdapterInterface.php | 6 ++++++
adapters/BenchmarkAdapter.php | 9 +++++++++
adapters/GammuAdapter.php | 9 +++++++++
adapters/KannelAdapter.php | 9 +++++++++
adapters/OctopushShortcodeAdapter.php | 9 +++++++++
adapters/OctopushVirtualNumberAdapter.php | 10 ++++++++++
adapters/OvhSmsShortcodeAdapter.php | 9 +++++++++
adapters/OvhSmsVirtualNumberAdapter.php | 9 +++++++++
adapters/TestAdapter.php | 9 +++++++++
adapters/TwilioVirtualNumberAdapter.php | 9 +++++++++
controllers/publics/Api.php | 13 +++++++++++++
11 files changed, 101 insertions(+)
diff --git a/adapters/AdapterInterface.php b/adapters/AdapterInterface.php
index 426dcab3..3a0dc85 100644
--- a/adapters/AdapterInterface.php
+++ b/adapters/AdapterInterface.php
@@ -44,6 +44,12 @@ interface AdapterInterface
*/
public static function meta_hidden(): bool;
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool;
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/BenchmarkAdapter.php b/adapters/BenchmarkAdapter.php
index 6cbd3da..493ad6a 100644
--- a/adapters/BenchmarkAdapter.php
+++ b/adapters/BenchmarkAdapter.php
@@ -66,6 +66,15 @@ namespace adapters;
return false;
}
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/GammuAdapter.php b/adapters/GammuAdapter.php
index bc894d3..fb32676 100644
--- a/adapters/GammuAdapter.php
+++ b/adapters/GammuAdapter.php
@@ -61,6 +61,15 @@ namespace adapters;
return false;
}
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/KannelAdapter.php b/adapters/KannelAdapter.php
index 2df2bf6..4d63802 100644
--- a/adapters/KannelAdapter.php
+++ b/adapters/KannelAdapter.php
@@ -119,6 +119,15 @@ class KannelAdapter implements AdapterInterface
{
return false;
}
+
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
/**
* Name of the adapter.
diff --git a/adapters/OctopushShortcodeAdapter.php b/adapters/OctopushShortcodeAdapter.php
index 8e76106..2c70b97 100644
--- a/adapters/OctopushShortcodeAdapter.php
+++ b/adapters/OctopushShortcodeAdapter.php
@@ -97,6 +97,15 @@ class OctopushShortcodeAdapter implements AdapterInterface
return false;
}
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/OctopushVirtualNumberAdapter.php b/adapters/OctopushVirtualNumberAdapter.php
index 3371d20..5e27c5f 100644
--- a/adapters/OctopushVirtualNumberAdapter.php
+++ b/adapters/OctopushVirtualNumberAdapter.php
@@ -96,6 +96,16 @@ class OctopushVirtualNumberAdapter implements AdapterInterface
return false;
}
+
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/OvhSmsShortcodeAdapter.php b/adapters/OvhSmsShortcodeAdapter.php
index 01004c9..a753f00 100644
--- a/adapters/OvhSmsShortcodeAdapter.php
+++ b/adapters/OvhSmsShortcodeAdapter.php
@@ -72,6 +72,15 @@ namespace adapters;
return false;
}
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/OvhSmsVirtualNumberAdapter.php b/adapters/OvhSmsVirtualNumberAdapter.php
index 59da733..2d27335 100644
--- a/adapters/OvhSmsVirtualNumberAdapter.php
+++ b/adapters/OvhSmsVirtualNumberAdapter.php
@@ -84,6 +84,15 @@ namespace adapters;
return false;
}
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/TestAdapter.php b/adapters/TestAdapter.php
index 7203b58..048e81c 100644
--- a/adapters/TestAdapter.php
+++ b/adapters/TestAdapter.php
@@ -71,6 +71,15 @@ namespace adapters;
return false;
}
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/adapters/TwilioVirtualNumberAdapter.php b/adapters/TwilioVirtualNumberAdapter.php
index 3e39c85..9d628f4 100644
--- a/adapters/TwilioVirtualNumberAdapter.php
+++ b/adapters/TwilioVirtualNumberAdapter.php
@@ -83,6 +83,15 @@ class TwilioVirtualNumberAdapter implements AdapterInterface
return false;
}
+ /**
+ * Should this adapter data be hidden after creation
+ * this help to prevent API credentials to other service leak if an attacker gain access to RaspiSMS through user credentials.
+ */
+ public static function meta_hide_data(): bool
+ {
+ return false;
+ }
+
/**
* Name of the adapter.
* It should probably be the name of the service it adapt (e.g : Gammu SMSD, OVH SMS, SIM800L, etc.).
diff --git a/controllers/publics/Api.php b/controllers/publics/Api.php
index 65f7ae9..69c53ab 100644
--- a/controllers/publics/Api.php
+++ b/controllers/publics/Api.php
@@ -176,6 +176,19 @@ namespace controllers\publics;
$entries[$key]['contacts'] = $this->internal_group->get_contacts($entry['id']);
}
}
+ // Special case for phone as we might need to remove adapter_data for security reason
+ elseif ('phone' == $entry_type)
+ {
+ foreach ($entries as $key => $entry)
+ {
+ if (!$entry['adapter']::meta_hide_data())
+ {
+ continue;
+ }
+
+ unset($entries[$key]['adapter_data']);
+ }
+ }
$return = self::DEFAULT_RETURN;
$return['response'] = $entries;
From 8889eb3dedd8e983f170a98a879d86b70b6a82a3 Mon Sep 17 00:00:00 2001
From: osaajani <>
Date: Mon, 28 Mar 2022 01:54:59 +0200
Subject: [PATCH 2/2] update version
---
VERSION | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/VERSION b/VERSION
index 15ee400..508879b 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v3.3.1
+v3.3.2