Baguette
/
dnsmanagerv1
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

prise en compte de la sécurité dans le développement

master
Philippe Pittoli 2014-02-07 23:56:45 +01:00
parent 318b11e7f3
commit 6d75a31f88
3 changed files with 468 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
app/app.pm
View File

@ -116,7 +116,8 @@ sub delete_domain {
} }
sub update_domain_raw { sub update_domain_raw {
my ($self, $login, $zone, $domain) = @_; my ($self, $zone, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir , zdir => $self->zdir
, host => $self->sshhost , host => $self->sshhost
@ -125,7 +126,7 @@ sub update_domain_raw {
} }
sub update_domain { sub update_domain {
my ($self, $login, $zone, $domain) = @_; my ($self, $zone, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir , zdir => $self->zdir
, host => $self->sshhost , host => $self->sshhost
@ -134,7 +135,7 @@ sub update_domain {
} }
sub get_domain { sub get_domain {
my ($self, $login, $domain) = @_; my ($self, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir , zdir => $self->zdir
, host => $self->sshhost , host => $self->sshhost
@ -160,7 +161,7 @@ sub get_all_users {
} }
sub new_tmp { sub new_tmp {
my ($self, $login, $domain) = @_; my ($self, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir , zdir => $self->zdir
, host => $self->sshhost , host => $self->sshhost
@ -169,107 +170,106 @@ sub new_tmp {
} }
sub _mod_entry { sub _mod_entry {
my ($self, $login, $domain, $entryToDelete, $action, $newEntry) = @_; my ($self, $domain, $entryToDelete, $action, $newEntry) = @_;
my $name = $entryToDelete->{'name'}; my $name = $entryToDelete->{'name'};
my $type = $entryToDelete->{'type'}; my $type = $entryToDelete->{'type'};
my $ttl = $entryToDelete->{'ttl'}; my $ttl = $entryToDelete->{'ttl'};
my $host = $entryToDelete->{'host'}; my $host = $entryToDelete->{'host'};
my $priority = $entryToDelete->{'priority'}; my $priority = $entryToDelete->{'priority'};
my $new_name = $newEntry->{'newname'}; my $new_name = $newEntry->{'newname'};
my $new_type = $newEntry->{'newtype'}; my $new_type = $newEntry->{'newtype'};
my $new_ttl = $newEntry->{'newttl'}; my $new_ttl = $newEntry->{'newttl'};
my $new_host = $newEntry->{'newhost'}; my $new_host = $newEntry->{'newhost'};
my $new_priority = $newEntry->{'newpriority'}; my $new_priority = $newEntry->{'newpriority'};
# say "in _mod_entry : $action"; # say "in _mod_entry : $action";
# say "in _mod_entry : $new_name"; # say "in _mod_entry : $new_name";
my $zone = $self->get_domain($login , $domain); my $zone = $self->get_domain($domain);
my $dump = $zone->dump; my $dump = $zone->dump;
my $record; my $record;
my $found = 0; my $found = 0;
given( lc $type ) given( lc $type )
{ {
when ('a') when ('a')
{ {
$record = $zone->a; $record = $zone->a;
$found = 1; $found = 1;
} }
when ('aaaa') when ('aaaa')
{ {
$record = $zone->aaaa; $record = $zone->aaaa;
$found = 1; $found = 1;
} }
when ('cname') when ('cname')
{ {
$record = $zone->cname; $record = $zone->cname;
$found = 1; $found = 1;
} }
when ('ns') when ('ns')
{ {
$record = $zone->ns; $record = $zone->ns;
$found = 1; $found = 1;
} }
when ('mx') when ('mx')
{ {
$record = $zone->mx; $record = $zone->mx;
$found = 1; $found = 1;
} }
when ('ptr') when ('ptr')
{ {
$record = $zone->ptr; $record = $zone->ptr;
$found = 1; $found = 1;
} }
} }
if( $found ) if( $found )
{ {
foreach my $i ( 0 .. scalar @{$record}-1 ) foreach my $i ( 0 .. scalar @{$record}-1 )
{ {
if( $action eq 'del' ) if( $action eq 'del' )
{ {
delete $record->[$i] delete $record->[$i]
if( $record->[$i]->{'name'} eq $name && if( $record->[$i]->{'name'} eq $name &&
$record->[$i]->{'host'} eq $host && $record->[$i]->{'host'} eq $host &&
$record->[$i]->{'ttl'} == $ttl ); $record->[$i]->{'ttl'} == $ttl );
} }
if ( $action eq 'mod' ) if ( $action eq 'mod' )
{ {
if( $record->[$i]->{'name'} eq $name && if( $record->[$i]->{'name'} eq $name &&
$record->[$i]->{'host'} eq $host && $record->[$i]->{'host'} eq $host &&
$record->[$i]->{'ttl'} == $ttl ) $record->[$i]->{'ttl'} == $ttl )
{ {
$record->[$i]->{'name'} = $new_name; $record->[$i]->{'name'} = $new_name;
$record->[$i]->{'host'} = $new_host; $record->[$i]->{'host'} = $new_host;
$record->[$i]->{'ttl'} = $new_ttl; $record->[$i]->{'ttl'} = $new_ttl;
if( defined $new_priority ) if( defined $new_priority )
{ {
$record->[$i]->{'priority'} = $new_priority $record->[$i]->{'priority'} = $new_priority
} }
} }
} }
} }
} }
$self->update_domain( $login, $zone, $domain ); $self->update_domain( $zone, $domain );
} }
sub delete_entry { sub delete_entry {
my ($self, $login, $domain, $entryToDelete) = @_; my ($self, $domain, $entryToDelete) = @_;
$self->_mod_entry( $login, $domain, $entryToDelete, 'del' ); $self->_mod_entry( $domain, $entryToDelete, 'del' );
} }
sub modify_entry { sub modify_entry {
my ($self, $login, $domain, $entryToDelete, $newEntry) = @_; my ($self, $domain, $entryToDelete, $newEntry) = @_;
$self->_mod_entry( $login, $domain, $entryToDelete, 'mod', $newEntry ); $self->_mod_entry( $domain, $entryToDelete, 'mod', $newEntry );
} }
1; 1;

697
www/lib/DNSManager.pm Normal file → Executable file
View File

@ -9,9 +9,11 @@ use Data::Dump qw( dump );
use Data::Structure::Util qw ( unbless ); use Data::Structure::Util qw ( unbless );
use File::Basename; use File::Basename;
use Config::Simple; use Config::Simple;
use Crypt::Digest::SHA256 qw( sha256_hex ) ;
use Storable qw( freeze thaw ); use Storable qw( freeze thaw );
$Storable::Deparse = true; $Storable::Deparse = true;
$Storable::Eval=true; $Storable::Eval=true;
use encoding 'utf-8'; # TODO check if this works well
# Include other libs relative to current path # Include other libs relative to current path
use Find::Lib '../../'; # TODO remove it when it won't be usefull anymore use Find::Lib '../../'; # TODO remove it when it won't be usefull anymore
@ -19,6 +21,13 @@ use app::app;
our $VERSION = '0.1'; our $VERSION = '0.1';
# TODO we can check if dn matches our domain name
sub is_domain_name {
my ($dn) = @_;
my $ndd = qr/^([a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]*.)*[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]$/;
return $dn =~ $ndd;
}
# eventually change place # eventually change place
sub initco { sub initco {
@ -45,6 +54,7 @@ sub get_errmsg {
$err; $err;
} }
# TODO check if the referer was from our website
sub get_route { sub get_route {
my $route = '/'; my $route = '/';
$route = request->referer if (defined request->referer); $route = request->referer if (defined request->referer);
@ -81,47 +91,6 @@ get '/' => sub {
} }
}; };
get '/home' => sub {
unless( session('login') )
{
redirect '/';
}
else
{
my $app = initco();
my ($success, @domains) = $app->get_domains( session('login') );
if( $success ) {
my (%zone_properties, %domains);
my $cs = session('creationSuccess');
my $dn = session('domainName');
session creationSuccess => '';
session domainName => '';
template home => {
login => session('login')
, admin => session('admin')
, domains => [@domains]
, zones_domains => \%domains
, zone_properties => \%zone_properties
, creationSuccess => $cs
, errmsg => get_errmsg
, domainName => $dn };
}
else {
session->destroy;
redirect '/ ';
}
}
};
prefix '/domain' => sub { prefix '/domain' => sub {
any ['post', 'get'] => '/updateraw/:domain' => sub { any ['post', 'get'] => '/updateraw/:domain' => sub {
@ -135,25 +104,38 @@ prefix '/domain' => sub {
{ {
my $app = initco(); my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
param('password') ); session('password') );
my $success = $app->update_domain_raw(session('login') if($auth_ok && ($isadmin || grep { $_ eq param('domain') }
, param('zoneupdated') @{$user->domains}) ) {
, param('domain'));
redirect '/domain/details/' . param('domain'); my $success = $app->update_domain_raw( param('zoneupdated')
, param('domain'));
unless($success) {
session errmsg => q{Problème de mise à jour du domaine.};
}
redirect '/domain/details/' . param('domain');
}
else {
session errmsg => q{Donnée privée, petit coquin. ;) };
redirect '/';
}
} }
}; };
any ['post', 'get'] => '/update/:domain' => sub { any ['post', 'get'] => '/update/:domain' => sub {
unless( session('login') && param('domain') )
{ unless( session('login') && param('domain') )
{
redirect '/'; redirect '/';
} }
else else
{ {
my $type = param('type'); my $type = param('type');
my $name = param('name'); my $name = param('name');
my $value = param('value'); my $value = param('value');
@ -161,9 +143,18 @@ prefix '/domain' => sub {
my $priority = param('priority'); my $priority = param('priority');
my $app = initco(); my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
param('password') ); session('password') );
my $zone = $app->get_domain( session('login') , param('domain') );
unless($auth_ok && ($isadmin || grep { $_ eq param('domain') }
@{$user->domains}) ) {
session errmsg => q{Donnée privée, petit coquin. ;) };
redirect '/';
return;
}
my $zone = $app->get_domain( param('domain') );
given( $type ) given( $type )
{ {
@ -226,12 +217,11 @@ prefix '/domain' => sub {
} }
$zone->new_serial(); $zone->new_serial();
$app->update_domain( session('login') dump($zone);
, $zone
, param('domain'));
redirect '/domain/details/'.param('domain'); $app->update_domain( $zone , param('domain'));
redirect '/domain/details/' . param('domain');
} }
}; };
@ -245,33 +235,45 @@ prefix '/domain' => sub {
else else
{ {
my $app = initco(); my $app = initco();
# my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
# param('password') );
my $zone = $app->get_domain(session('login') , param('domain')); my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
if( param( 'expert' ) ) unless ( $auth_ok && ( $isadmin
{ || grep { $_ =~ param('domain') } @{$user->domains})) {
template details => {
login => session('login') session errmsg => q{Auth non OK.};
, domain => param('domain') redirect '/ ';
, domain_zone => $zone->output() return;
, expert => true };
} }
else
{ my $zone = $app->get_domain(param('domain'));
# say dump( $zone->cname());
template details => { if( param( 'expert' ) )
login => session('login') {
, domain => param('domain') template details => {
, domain_zone => $zone->output() login => session('login')
, a => $zone->a() , admin => session('admin')
, aaaa => $zone->aaaa() , domain => param('domain')
, cname => $zone->cname() , domain_zone => $zone->output()
, ptr => $zone->ptr() , expert => true };
, mx => $zone->mx() }
, ns => $zone->ns() }; else
} {
# say dump( $zone->cname());
template details => {
login => session('login')
, admin => session('admin')
, domain => param('domain')
, domain_zone => $zone->output()
, a => $zone->a()
, aaaa => $zone->aaaa()
, cname => $zone->cname()
, ptr => $zone->ptr()
, mx => $zone->mx()
, ns => $zone->ns() };
}
} }
@ -313,7 +315,7 @@ prefix '/domain' => sub {
session creationSuccess => $creationSuccess; session creationSuccess => $creationSuccess;
session domainName => param('domain'); session domainName => param('domain');
redirect '/home'; redirect '/user/home';
} }
@ -321,329 +323,388 @@ prefix '/domain' => sub {
get '/del/:domain' => sub { get '/del/:domain' => sub {
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && ( $isadmin
|| grep { $_ =~ param('domain') } @{$user->domains})) {
session errmsg => q{Auth non OK.};
redirect '/ ';
return;
}
unless( defined param('domain') ) { unless( defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>; session errmsg => q<Domaine non renseigné.>;
redirect get_route; redirect get_route;
return;
}
if( ! is_domain_name(param('domain'))) {
session errmsg => q<Domaine non conforme.>;
redirect get_route;
return;
}
my $success = $app->delete_domain(session('login'), param('domain'));
unless($success) {
session errmsg => q{Impossible de supprimer le domaine.};
}
if( request->referer =~ "/domain/details" ) {
redirect '/user/home';
} }
else { else {
my $app = initco(); redirect request->referer;
# TODO tests des droits
if( session('login') ) {
if($app->delete_domain(session('login'), param('domain'))) {
if( request->referer =~ "/domain/details" ) {
redirect '/home';
}
else {
redirect request->referer;
}
}
else {
session errmsg => "Impossible de supprimer le domaine "
. param('domain')
. '.' ;
redirect request->referer;
}
}
} }
}; };
get '/del/:domain/:name/:type/:host/:ttl' => sub { get '/del/:domain/:name/:type/:host/:ttl' => sub {
# Load :domain and search for corresponding data
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && ( $isadmin
|| grep { $_ =~ param('domain') } @{$user->domains})) {
session errmsg => q{Auth non OK.};
redirect '/ ';
return;
}
unless( session( 'user' ) and defined param('domain') ) { unless( session( 'user' ) and defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>; session errmsg => q<Domaine non renseigné.>;
redirect get_route; redirect get_route;
return;
} }
else {
# Load :domain and search for corresponding data
my $app = initco();
# my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
# param('password') );
$app->delete_entry( session('login'), $app->delete_entry( param('domain'),
param('domain'), {
{ type => param('type'),
type => param('type'), name => param('name'),
name => param('name'), host => param('host'),
host => param('host'), ttl => param('ttl')
ttl => param('ttl') });
});
redirect '/domain/details/'. param('domain'); redirect '/domain/details/'. param('domain');
} };
};
get '/mod/:domain/:name/:type/:host/:ttl' => sub { get '/mod/:domain/:name/:type/:host/:ttl' => sub {
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && ( $isadmin
|| grep { $_ =~ param('domain') } @{$user->domains})) {
session errmsg => q{Auth non OK.};
redirect '/ ';
return;
}
unless( session( 'user' ) and defined param('domain') ) { unless( session( 'user' ) and defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>; session errmsg => q<Domaine non renseigné.>;
redirect get_route; redirect get_route;
return;
} }
else {
# Load :domain and search for corresponding data
my $app = initco();
# my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
# param('password') );
$app->modify_entry( session('login'), $app->modify_entry( param('domain'),
param('domain'), {
{ type => param('type'),
type => param('type'), name => param('name'),
name => param('name'), host => param('host'),
host => param('host'), ttl => param('ttl')
ttl => param('ttl') },
}, {
{ newtype => param('newtype'),
newtype => param('newtype'), newname => param('newname'),
newname => param('newname'), newhost => param('newhost'),
newhost => param('newhost'), newttl => param('newttl'),
newttl => param('newttl'), newpriority => param('newpriority')
newpriority => param('newpriority') });
});
redirect '/domain/details/'. param('domain'); redirect '/domain/details/'. param('domain');
} };
};
}; };
any ['get', 'post'] => '/admin' => sub { any ['get', 'post'] => '/admin' => sub {
unless( session('login') ) unless( session('login') )
{ {
redirect '/'; redirect '/';
} return;
else }
{
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && $isadmin ) { my $app = initco();
redirect '/ '; my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
} session('password') );
else {
my %alldomains = $app->get_all_domains; unless ( $auth_ok && $isadmin ) {
my %allusers = $app->get_all_users; session errmsg => q{Donnée privée, petit coquin. ;) };
my ($success, @domains) = $app->get_domains( session('login') ); redirect '/ ';
return;
}
template administration => { my %alldomains = $app->get_all_domains;
login => session('login') my %allusers = $app->get_all_users;
, admin => session('admin') my ($success, @domains) = $app->get_domains( session('login') );
, errmsg => get_errmsg
, domains => [ @domains ] template administration => {
, alldomains => { %alldomains } login => session('login')
, allusers => { %allusers } }; , admin => session('admin')
} , errmsg => get_errmsg
} , domains => [ @domains ]
, alldomains => { %alldomains }
, allusers => { %allusers } };
}; };
prefix '/user' => sub { prefix '/user' => sub {
get '/logout' => sub { get '/home' => sub {
session->destroy;
redirect '/';
};
post '/add/' => sub { unless( session('login') ) {
redirect '/';
return;
}
if ( param('login') && param('password') ) my $app = initco();
{
my $app = initco(); my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
my ($success) = $app->register_user(param('login') session('password') );
, param('password'));
if($success) { unless( $auth_ok ) {
session login => param('login'); session errmsg => q/problème de connexion à votre compte/;
session password => param('password'); redirect '/';
redirect '/home'; return;
} }
else {
session errmsg => q/Ce pseudo est déjà pris./;
redirect '/user/subscribe';
}
} my ($success, @domains) = $app->get_domains( session('login') );
else {
session errmsg => q/login ou password non renseignés/;
redirect '/user/subscribe';
}
}; if( $success ) {
get '/subscribe' => sub { my $cs = session('creationSuccess');
my $dn = session('domainName');
if( defined session('login') ) session creationSuccess => '';
{ session domainName => '';
redirect '/home';
}
else {
template subscribe => { template home => {
errmsg => get_errmsg login => session('login')
}; , admin => session('admin')
} , domains => [@domains]
, creationSuccess => $cs
, errmsg => get_errmsg
, domainName => $dn };
}; }
else {
session->destroy;
redirect '/ ';
}
get '/unsetadmin/:user' => sub { };
unless( defined param('user') )
{
# TODO ajouter une erreur à afficher get '/logout' => sub {
session errmsg => "L'administrateur n'est pas défini." ; session->destroy;
redirect request->referer; redirect '/';
};
} # add a user => registration
elsif(! defined session('login') ) post '/add/' => sub {
{
session errmsg => "Vous n'êtes pas connecté." ; if ( param('login') && param('password') ) {
redirect '/';
} my $pass = sha256_hex(param('password'));
else {
my $app = initco(); my $app = initco();
my ($success) = $app->register_user(param('login')
, $pass);
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), if($success) {
session('password') ); session login => param('login');
session password => $pass;
redirect '/user/home';
}
else {
session errmsg => q/Ce pseudo est déjà pris./;
redirect '/user/subscribe';
}
if ( $auth_ok && $isadmin ) { }
$app->set_admin(param('user'), 0); else {
} session errmsg => q/login ou password non renseignés/;
else { redirect '/user/subscribe';
session errmsg => q/Vous n'êtes pas administrateur./; }
}
if( request->referer =~ "/admin" ) { };
redirect request->referer;
}
else {
redirect '/';
}
} get '/subscribe' => sub {
}; if( defined session('login') ) {
redirect '/user/home';
}
else {
get '/setadmin/:user' => sub { template subscribe => {
errmsg => get_errmsg
, admin => session('admin')
};
}
unless( defined param('user') ) };
{
# TODO ajouter une erreur à afficher get '/unsetadmin/:user' => sub {
session errmsg => "L'utilisateur n'est pas défini." ;
redirect request->referer;
} unless( defined param('user') ) {
elsif(! defined session('login') )
{
session errmsg => "Vous n'êtes pas connecté." ; session errmsg => "L'administrateur n'est pas défini." ;
redirect '/'; redirect request->referer;
return;
} }
else {
my $app = initco(); if(! defined session('login') ) {
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), session errmsg => "Vous n'êtes pas connecté." ;
session('password') ); redirect '/';
return;
}
if ( $auth_ok && $isadmin ) { my $app = initco();
$app->set_admin(param('user'), 1);
}
if( request->referer =~ "/admin" ) { my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
redirect request->referer; session('password') );
}
else {
redirect '/';
}
} unless ( $auth_ok && $isadmin ) {
session errmsg => q/Vous n'êtes pas administrateur./;
}
else {
$app->set_admin(param('user'), 0);
}
}; if( request->referer =~ "/admin" ) {
redirect request->referer;
}
else {
redirect '/';
}
get '/del/:user' => sub { };
if(defined param 'user') { get '/setadmin/:user' => sub {
my $app = initco(); unless( defined param('user') ) {
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), session errmsg => "L'utilisateur n'est pas défini." ;
session('password') ); redirect request->referer;
return;
}
if ( $auth_ok && $isadmin || session('login') eq param('user')) { if(! defined session('login') ) {
unless ( $app->delete_user(param('user'))) {
session errmsg => "L'utilisateur "
. param 'user'
. " n'a pas pu être supprimé.";
}
}
}
else {
session errmsg => q{Le nom d'utilisateur n'est pas renseigné.};
}
if( defined request->referer) { session errmsg => "Vous n'êtes pas connecté." ;
redirect request->referer; redirect '/';
} return;
else { }
redirect '/';
}
}; my $app = initco();
post '/login' => sub { my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
# Check if user is already logged unless ( $auth_ok && $isadmin ) {
unless ( session('login') ) session errmsg => q/Vous n'êtes pas administrateur./;
{ }
# Check user login and password else {
if ( param('login') && param('password') ) $app->set_admin(param('user'), 1);
{ }
my $app = initco(); if( request->referer =~ "/admin" ) {
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), redirect request->referer;
param('password') ); }
else {
redirect '/';
}
if( $auth_ok ) };
{
session login => param('login'); get '/del/:user' => sub {
# TODO : change password storage…
session password => param('password');
session user => freeze( $user );
session admin => $isadmin;
if( $isadmin ) { if(defined param 'user') {
redirect '/admin';
return;
}
} my $app = initco();
else
{
session errmsg => q<Impossible de se connecter (login ou mot de passe incorrect).>; my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
redirect '/'; session('password') );
} if ( $auth_ok && $isadmin || session('login') eq param('user')) {
} unless ( $app->delete_user(param('user'))) {
} session errmsg => "L'utilisateur "
. param 'user'
. " n'a pas pu être supprimé.";
}
}
}
else {
session errmsg => q{Le nom d'utilisateur n'est pas renseigné.};
}
redirect '/home'; if( defined request->referer) {
redirect request->referer;
}
else {
redirect '/';
}
}; };
post '/login' => sub {
# Check if user is already logged
unless ( session('login') )
{
# Check user login and password
if ( param('login') && param('password') )
{
my $app = initco();
my $pass = sha256_hex(param('password'));
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
$pass );
if( $auth_ok )
{
session login => param('login');
session password => $pass;
session user => freeze( $user );
session admin => $isadmin;
if( $isadmin ) {
redirect '/admin';
return;
}
}
else
{
session errmsg => q<Impossible de se connecter (login ou mot de passe incorrect).>;
redirect '/';
}
}
}
redirect '/user/home';
};
}; };

2
www/views/sidebar.tt
View File

@ -14,7 +14,7 @@
<div class="list-group"> <div class="list-group">
<a href="/user/logout" class="list-group-item active">Déconnexion</a> <a href="/user/logout" class="list-group-item active">Déconnexion</a>
<a href='/home' class="list-group-item active">Ma page</a> <a href='/user/home' class="list-group-item active">Ma page</a>
<% IF admin == 1 %> <% IF admin == 1 %>
<a href='/admin' class="list-group-item ">Administration</a> <a href='/admin' class="list-group-item ">Administration</a>