Fixing bugs in teampass:

- can not authentificate with json request
- can not create item if it is in root folder - parent_id == 0
- can not create duplicate item if it is enabled and it is not personal
  folder
- bug if creating first item - throwing exception

Author: skt-jdrzik

api/Controller/Api/BaseController.php

@@ -59,9 +59,14 @@ public function getUriSegments()
     public function getQueryStringParams()
     {
         $request = symfonyRequest::createFromGlobals();
-        $queryString = $request->getQueryString();
-        parse_str(html_entity_decode($queryString), $query);
-        return $this->sanitizeUrl($query);
+       $queryString = $request->getQueryString();
+       if ($request->getContentTypeFormat() != 'application/json') {
+               parse_str(html_entity_decode($queryString), $query);
+               return $this->sanitizeUrl($query);
+       }
+
+       return $request->toArray();
+
     }
 
     /**
@@ -103,4 +108,4 @@ protected function sendOutput($data, $httpHeaders=array()): void
 
         echo $data;
     }
-}
+}

api/Controller/Api/ItemController.php

@@ -132,7 +132,7 @@ private function checkNewItemData(array $arrQueryStringParams, array $userData):
             && isset($arrQueryStringParams['anyone_can_modify']) === true
         ) {
             //
-            if (in_array($arrQueryStringParams['folder_id'], $userData['folders_list']) === false) {
+            if (in_array($arrQueryStringParams['folder_id'], $userData['folders_list']) === false && $userData['user_can_create_root_folder'] === 0) {
                 return [
                     'error' => true,
                     'strErrorDesc' => 'User is not allowed in this folder',
@@ -311,4 +311,4 @@ public function getAction(array $userData): void
         }
     }
     //end getAction() 
-}
+}

api/Model/ItemModel.php

@@ -342,8 +342,7 @@ private function checkForDuplicates(string $label, array $SETTINGS, array $itemI
         );
 
         if (DB::count() > 0 && (
-            (isset($SETTINGS['duplicate_item']) && (int) $SETTINGS['duplicate_item'] === 0)
-            || (int) $itemInfos['personal_folder'] === 0)
+            (isset($SETTINGS['duplicate_item']) && (int) $SETTINGS['duplicate_item'] === 0))
         ) {
             throw new Exception('Similar item already exists. Duplicates are not allowed.');
         }
@@ -495,4 +494,4 @@ private function isPasswordEmptyAllowed($password, $create_item_without_password
         }
         return false;
     }
-}
+}

sources/folders.class.php

@@ -73,7 +73,8 @@ public function createNewFolder(array $params): array
         }
 
         if (!$this->isParentFolderAllowed($parent_id, $user_accessible_folders, $user_is_admin)) {
-            return $this->errorResponse($this->lang->get('error_folder_not_allowed_for_this_user'));
+           if ($parent_id != 0 && $user_can_create_root_folder == false )
+               return $this->errorResponse($this->lang->get('error_folder_not_allowed_for_this_user'));
         }
 
         if (!$this->checkDuplicateFolderAllowed($title) && $personal_folder == 0) {
@@ -350,7 +351,7 @@ private function updateUserFolderCache($tree, $title, $parent_id, $isPersonal, $
         if (empty($cache_tree)) {
             DB::insert(prefixTable('cache_tree'), [
                 'user_id' => $user_id,
-                'folders' => json_encode($newId),
+                'folders' => json_encode([$newId,]),
                 'visible_folders' => json_encode($new_json),
                 'timestamp' => time(),
                 'data' => '[{}]',
@@ -463,4 +464,4 @@ private function errorResponse($message, $newIdSuffix = "")
             'newId' => '' . $newIdSuffix,
         ];
     }
-}
+}