From a7a334e3300a62979cb89da82ea4ece8064ca386 Mon Sep 17 00:00:00 2001 From: Philippe Pittoli Date: Fri, 24 Jan 2014 22:37:02 +0100 Subject: [PATCH] =?UTF-8?q?ajout=20de=20tests,=20site=20un=20peu=20plus=20?= =?UTF-8?q?s=C3=A9curis=C3=A9,=20errmsg=20=C3=A0=20afficher?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ajout de tests, site un peu plus sécurisé, errmsg à afficher --- app/app.pm | 4 +- app/bdd/lambda.pm | 16 +++- app/bdd/management.pm | 11 +-- t/get_all_users.pl | 52 +++++++++++ t/get_error.pl | 29 ++++++ t/initco.pm | 32 +++++++ www/lib/DNSManager.pm | 176 +++++++++++++++++++++++++----------- www/views/administration.tt | 1 + www/views/details.tt | 1 + www/views/error.tt | 10 ++ www/views/home.tt | 18 ++-- www/views/index.tt | 1 + www/views/subscribe.tt | 3 +- 13 files changed, 278 insertions(+), 76 deletions(-) create mode 100755 t/get_all_users.pl create mode 100755 t/get_error.pl create mode 100644 t/initco.pm create mode 100644 www/views/error.tt diff --git a/app/app.pm b/app/app.pm index ae8347d..a714812 100644 --- a/app/app.pm +++ b/app/app.pm @@ -87,7 +87,9 @@ sub add_domain { return 0; } - $user->add_domain($domain); + unless ($user->add_domain($domain)) { + return 0; + } my $ze = app::zone::edit->new(zname => $domain, zdir => $self->zdir); $ze->addzone(); diff --git a/app/bdd/lambda.pm b/app/bdd/lambda.pm index 62d550c..5feeb12 100644 --- a/app/bdd/lambda.pm +++ b/app/bdd/lambda.pm @@ -30,18 +30,30 @@ sub delete_domain { return 1; } + +# $success add_domain sub add_domain { my ($self, $domain) = @_; my ($sth); - # TODO vérifier que personne n'a ce domaine, pas seulement l'utilisateur - return 0 if (grep { $domain eq $_ } @{ $self->domains }) > 0; + $sth = $self->dbh->prepare('select domain from domain where domain=?'); + unless ( $sth->execute($domain) ) { + $sth->finish(); + return 0; + } + + # if the domain already exists + if (my $ref = $sth->fetchrow_arrayref) { + $sth->finish(); + return 0; + } $sth = $self->dbh->prepare('insert into domain VALUES(?,?,?)'); unless ( $sth->execute($domain, $self->login, 0) ) { $sth->finish(); return 0; } + $sth->finish(); push @{ $self->domains }, $domain; return 1; diff --git a/app/bdd/management.pm b/app/bdd/management.pm index 0cafba7..0478708 100644 --- a/app/bdd/management.pm +++ b/app/bdd/management.pm @@ -48,7 +48,6 @@ sub register_user { # if an user already exists if (my $ref = $sth->fetchrow_arrayref) { - #say join (', ', @$ref); $sth->finish(); return 0; } @@ -69,14 +68,7 @@ sub delete_user { my ($self, $login) = @_; my $sth; - # TODO non utile - $sth = $self->dbh->prepare('delete from domain where login=?'); - unless ( $sth->execute($login) ) { - $sth->finish(); - return 0; - } - $sth->finish(); - + # TODO : vérifier que ça renvoie la bonne valeur $sth = $self->dbh->prepare('delete from user where login=?'); unless ( $sth->execute($login) ) { $sth->finish(); @@ -84,7 +76,6 @@ sub delete_user { } $sth->finish(); - return 1; } diff --git a/t/get_all_users.pl b/t/get_all_users.pl new file mode 100755 index 0000000..b422c33 --- /dev/null +++ b/t/get_all_users.pl @@ -0,0 +1,52 @@ +#!/usr/bin/perl -w +use strict; +use warnings; +use v5.14; +use autodie; +use Modern::Perl; +use DNS::ZoneParse; +use Config::Simple; +use Data::Dump qw( dump ); + +use lib '../'; +use app::app; + +sub initco { + + my $cfg = new Config::Simple('./config.ini'); + my $app = app->new( zdir => $cfg->param('zones_path'), + dbname => $cfg->param('dbname'), + dbhost => $cfg->param('host'), + dbport => $cfg->param('port'), + dbuser => $cfg->param('user'), + dbpass => $cfg->param('passwd'), + sgbd => $cfg->param('sgbd'), + dnsapp => $cfg->param('dnsapp') ); + + $app->init(); + + return $app; +} + +if( @ARGV != 0 ) { + say "usage : ./get_all_domains.pl"; + exit 1; +} + +my $app = initco(); + +my %users = $app->get_all_users(); + +dump(%users); + +#if( $domains ) { +# if( scalar(@$domains) != 0) { +# say join ", ", @{$domains}; +# } +# else { +# say "tableau vide"; +# } +#} +#else { +# say "domains undef"; +#} diff --git a/t/get_error.pl b/t/get_error.pl new file mode 100755 index 0000000..2c170f0 --- /dev/null +++ b/t/get_error.pl @@ -0,0 +1,29 @@ +#!/usr/bin/perl -w +use strict; +use warnings; +use v5.14; +use autodie; +use Modern::Perl; +use DNS::ZoneParse; +use Config::Simple; +use Data::Dump qw( dump ); + +use lib '../'; +use app::app; + +use initco; + +if( @ARGV != 0 ) { + say "usage : ./get_all_domains.pl"; + exit 1; +} + +my $app = initco::initco(); + +my ($success) = $app->register_user("bla", 'password'); +die "erreur de nom, déjà pris" unless $success; + +($success) = $app->register_user("bla", 'password'); +die "erreur de nom, déjà pris" unless $success; + +say "fin"; diff --git a/t/initco.pm b/t/initco.pm new file mode 100644 index 0000000..5145803 --- /dev/null +++ b/t/initco.pm @@ -0,0 +1,32 @@ +use strict; +use warnings; +use v5.14; +use autodie; +use Modern::Perl; +use DNS::ZoneParse; +use Config::Simple; +use Data::Dump qw( dump ); + +package initco; + +sub initco { + my ($cfgfile) = @_; + + $cfgfile = defined $cfgfile ? $cfgfile : './config.ini'; + + my $cfg = new Config::Simple($cfgfile); + my $app = app->new( zdir => $cfg->param('zones_path'), + dbname => $cfg->param('dbname'), + dbhost => $cfg->param('host'), + dbport => $cfg->param('port'), + dbuser => $cfg->param('user'), + dbpass => $cfg->param('passwd'), + sgbd => $cfg->param('sgbd'), + dnsapp => $cfg->param('dnsapp') ); + + $app->init(); + + return $app; +} + +1; diff --git a/www/lib/DNSManager.pm b/www/lib/DNSManager.pm index 7c0674a..3450da7 100644 --- a/www/lib/DNSManager.pm +++ b/www/lib/DNSManager.pm @@ -37,9 +37,22 @@ sub initco { return $app; } +sub get_errmsg { + my $err = session 'errmsg'; + session errmsg => ''; + $err; +} + +sub get_route { + my $route = '/'; + $route = request->referer if (defined request->referer); + $route; +} + get '/' => sub { if( session('login') ) { + my $app = initco(); my ($success, @domains) = $app->get_domains( session('login') ); @@ -48,16 +61,21 @@ get '/' => sub { template index => { login => session('login') , admin => session('admin') + , errmsg => get_errmsg , domains => [ @domains ] }; } else { session->destroy; template 'index'; } + } else { - template 'index'; + + template 'index' => { + errmsg => get_errmsg + }; } }; @@ -78,22 +96,20 @@ get '/home' => sub { my (%zone_properties, %domains); my $cs = session('creationSuccess'); - my $cf = session('creationFailure'); my $dn = session('domainName'); session creationSuccess => ''; - session creationFailure => ''; session domainName => ''; template home => { - login => session('login') - , admin => session('admin') - , domains => [@domains] - , zones_domains => \%domains - , zone_properties => \%zone_properties - , creationSuccess => $cs - , creationFailure => $cf - , domainName => $dn }; + login => session('login') + , admin => session('admin') + , domains => [@domains] + , zones_domains => \%domains + , zone_properties => \%zone_properties + , creationSuccess => $cs + , errmsg => get_errmsg + , domainName => $dn }; } else { @@ -115,6 +131,7 @@ prefix '/domain' => sub { } else { + my $app = initco(); my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), param('password') ); @@ -257,32 +274,32 @@ prefix '/domain' => sub { else { - my $creationSuccess = false; - my $creationFailure = false; + my $creationSuccess = ''; + if( param('domain') =~ /^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$|^[a-zA-Z0-9]+$/ ) { my $cfg = new Config::Simple(dirname(__FILE__).'/../conf/config.ini'); my $domain = param('domain').$cfg->param('tld'); - # $domain =~ s/\.{2,}/\./g; - # say "domain after sed : $domain"; - # create domain my $app = initco(); - # Add tld - # create domain - $app->add_domain( session('login'), $domain ); - $creationSuccess = true; + my ($success) = $app->add_domain( session('login'), $domain ); + + if ($success) { + $creationSuccess = q{Le nom de domaine a bien été réservé ! }; + } + else { + session errmsg => q{Le nom de domaine est déjà pris.}; + } } else { - # say param('domain')." contains a char not valid"; - $creationFailure = true; + session errmsg => + q{Le nom de domaine entré contient des caractères invalides}; } - session 'creationSuccess' => $creationSuccess; - session 'creationFailure' => $creationFailure; - session 'domainName' => param('domain'); + session creationSuccess => $creationSuccess; + session domainName => param('domain'); redirect '/home'; } @@ -291,24 +308,39 @@ prefix '/domain' => sub { get '/del/:domain' => sub { - my $app = initco(); + unless( defined param('domain') ) { + session errmsg => q; + redirect get_route; + } + else { + my $app = initco(); - # TODO tests des droits - if( session('login') ) { + # TODO tests des droits + if( session('login') ) { - $app->delete_domain(session('login'), param('domain')); + if($app->delete_domain(session('login'), param('domain'))) { - if( request->referer =~ "/domain/details" ) { - redirect '/home'; - } - else { - redirect request->referer; + if( request->referer =~ "/domain/details" ) { + redirect '/home'; + } + else { + redirect request->referer; + } + + } + else { + + session errmsg => "Impossible de supprimer le domaine " + . param 'domain' + . '.' ; + redirect request->referer; + + } } } }; - }; any ['get', 'post'] => '/admin' => sub { @@ -335,6 +367,7 @@ any ['get', 'post'] => '/admin' => sub { template administration => { login => session('login') , admin => session('admin') + , errmsg => get_errmsg , domains => [ @domains ] , alldomains => { %alldomains } , allusers => { %allusers } }; @@ -355,10 +388,18 @@ prefix '/user' => sub { { my $app = initco(); - $app->register_user(param('login'), param('password')); - session login => param('login'); - session password => param('password'); - redirect '/home'; + my ($success) = $app->register_user(param('login') + , param('password')); + + if($success) { + session login => param('login'); + session password => param('password'); + redirect '/home'; + } + else { + session errmsg => q/Ce pseudo est déjà pris./; + redirect '/user/subscribe'; + } } else { @@ -376,11 +417,8 @@ prefix '/user' => sub { } else { - my $errmsg = session 'errmsg' ; - session errmsg => ''; - template subscribe => { - errmsg => $errmsg + errmsg => get_errmsg }; } @@ -392,12 +430,14 @@ prefix '/user' => sub { { # TODO ajouter une erreur à afficher + session errmsg => "L'administrateur n'est pas défini." ; redirect request->referer; } elsif(! defined session('login') ) { + session errmsg => "Vous n'êtes pas connecté." ; redirect '/'; } @@ -411,8 +451,16 @@ prefix '/user' => sub { if ( $auth_ok && $isadmin ) { $app->set_admin(param('user'), 0); } + else { + session errmsg => q/Vous n'êtes pas administrateur./; + } - redirect request->referer; + if( request->referer =~ "/admin" ) { + redirect request->referer; + } + else { + redirect '/'; + } } @@ -424,12 +472,14 @@ prefix '/user' => sub { { # TODO ajouter une erreur à afficher + session errmsg => "L'utilisateur n'est pas défini." ; redirect request->referer; } elsif(! defined session('login') ) { + session errmsg => "Vous n'êtes pas connecté." ; redirect '/'; } @@ -444,7 +494,12 @@ prefix '/user' => sub { $app->set_admin(param('user'), 1); } - redirect request->referer; + if( request->referer =~ "/admin" ) { + redirect request->referer; + } + else { + redirect '/'; + } } @@ -452,16 +507,31 @@ prefix '/user' => sub { get '/del/:user' => sub { - my $app = initco(); + if(defined param 'user') { - my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), - session('password') ); + my $app = initco(); - if ( $auth_ok && $isadmin || session('login') eq param('user')) { - $app->delete_user(param('user')); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); + + if ( $auth_ok && $isadmin || session('login') eq param('user')) { + unless ( $app->delete_user(param('user'))) { + session errmsg => "L'utilisateur " + . param 'user' + . " n'a pas pu être supprimé."; + } + } + } + else { + session errmsg => q{Le nom d'utilisateur n'est pas renseigné.}; } - redirect request->referer; + if( defined request->referer) { + redirect request->referer; + } + else { + redirect '/'; + } }; @@ -495,8 +565,10 @@ prefix '/user' => sub { } else { - # User login and/or password are incorrect + + session errmsg => q; redirect '/'; + } } } diff --git a/www/views/administration.tt b/www/views/administration.tt index b979435..059748f 100644 --- a/www/views/administration.tt +++ b/www/views/administration.tt @@ -1,5 +1,6 @@ <% include header.tt %> <% include sidebar.tt %> +<% include error.tt %>
diff --git a/www/views/details.tt b/www/views/details.tt index 8c50738..e883ee9 100644 --- a/www/views/details.tt +++ b/www/views/details.tt @@ -1,5 +1,6 @@ <% include header.tt %> <% include sidebar.tt %> +<% include error.tt %>
diff --git a/www/views/error.tt b/www/views/error.tt new file mode 100644 index 0000000..1e13d46 --- /dev/null +++ b/www/views/error.tt @@ -0,0 +1,10 @@ +<% IF errmsg.defined && errmsg.length > 0 %> +
+
+

Oh ! + <% errmsg %> + +

+
+
+<% END %> diff --git a/www/views/home.tt b/www/views/home.tt index ce3eafa..6f8145b 100644 --- a/www/views/home.tt +++ b/www/views/home.tt @@ -1,21 +1,17 @@ <% include header.tt %> <% include sidebar.tt %> +<% include error.tt %>
- <% IF creationSuccess == 1 %> + <% IF creationSuccess.defined && creationSuccess.length > 0 %>
-

Bien ! Le domaine « <% domainName %> » a bien été créé. +

Bien ! + <% creationSuccess %>

- <% ELSIF creationFailure == 1 %> -
-

Oh ! Le domaine « <% domainName %> » n'a pu être créé. - -

-
<% END %> <% IF domains && domains.size %> @@ -46,7 +42,11 @@

Ajouter un nouveau domaine :

- + <% IF domainName.defined %> + + <% ELSE %> + + <% END %>
diff --git a/www/views/index.tt b/www/views/index.tt index d4ca170..65ea817 100644 --- a/www/views/index.tt +++ b/www/views/index.tt @@ -1,5 +1,6 @@ <% include header.tt %> <% include sidebar.tt %> +<% include error.tt %>
diff --git a/www/views/subscribe.tt b/www/views/subscribe.tt index 634345d..90c42ff 100644 --- a/www/views/subscribe.tt +++ b/www/views/subscribe.tt @@ -1,10 +1,9 @@ <% include header.tt %> <% include sidebar.tt %> +<% include error.tt %>
-<% errmsg %>
-

S'enregistrer