3
0

ajout de tests, site un peu plus sécurisé, errmsg à afficher

ajout de tests, site un peu plus sécurisé, errmsg à afficher
This commit is contained in:
Philippe Pittoli 2014-01-24 22:37:02 +01:00
parent 483b6fed53
commit a7a334e330
13 changed files with 278 additions and 76 deletions

View File

@ -87,7 +87,9 @@ sub add_domain {
return 0;
}
$user->add_domain($domain);
unless ($user->add_domain($domain)) {
return 0;
}
my $ze = app::zone::edit->new(zname => $domain, zdir => $self->zdir);
$ze->addzone();

View File

@ -30,18 +30,30 @@ sub delete_domain {
return 1;
}
# $success add_domain
sub add_domain {
my ($self, $domain) = @_;
my ($sth);
# TODO vérifier que personne n'a ce domaine, pas seulement l'utilisateur
return 0 if (grep { $domain eq $_ } @{ $self->domains }) > 0;
$sth = $self->dbh->prepare('select domain from domain where domain=?');
unless ( $sth->execute($domain) ) {
$sth->finish();
return 0;
}
# if the domain already exists
if (my $ref = $sth->fetchrow_arrayref) {
$sth->finish();
return 0;
}
$sth = $self->dbh->prepare('insert into domain VALUES(?,?,?)');
unless ( $sth->execute($domain, $self->login, 0) ) {
$sth->finish();
return 0;
}
$sth->finish();
push @{ $self->domains }, $domain;
return 1;

View File

@ -48,7 +48,6 @@ sub register_user {
# if an user already exists
if (my $ref = $sth->fetchrow_arrayref) {
#say join (', ', @$ref);
$sth->finish();
return 0;
}
@ -69,14 +68,7 @@ sub delete_user {
my ($self, $login) = @_;
my $sth;
# TODO non utile
$sth = $self->dbh->prepare('delete from domain where login=?');
unless ( $sth->execute($login) ) {
$sth->finish();
return 0;
}
$sth->finish();
# TODO : vérifier que ça renvoie la bonne valeur
$sth = $self->dbh->prepare('delete from user where login=?');
unless ( $sth->execute($login) ) {
$sth->finish();
@ -84,7 +76,6 @@ sub delete_user {
}
$sth->finish();
return 1;
}

52
t/get_all_users.pl Executable file
View File

@ -0,0 +1,52 @@
#!/usr/bin/perl -w
use strict;
use warnings;
use v5.14;
use autodie;
use Modern::Perl;
use DNS::ZoneParse;
use Config::Simple;
use Data::Dump qw( dump );
use lib '../';
use app::app;
sub initco {
my $cfg = new Config::Simple('./config.ini');
my $app = app->new( zdir => $cfg->param('zones_path'),
dbname => $cfg->param('dbname'),
dbhost => $cfg->param('host'),
dbport => $cfg->param('port'),
dbuser => $cfg->param('user'),
dbpass => $cfg->param('passwd'),
sgbd => $cfg->param('sgbd'),
dnsapp => $cfg->param('dnsapp') );
$app->init();
return $app;
}
if( @ARGV != 0 ) {
say "usage : ./get_all_domains.pl";
exit 1;
}
my $app = initco();
my %users = $app->get_all_users();
dump(%users);
#if( $domains ) {
# if( scalar(@$domains) != 0) {
# say join ", ", @{$domains};
# }
# else {
# say "tableau vide";
# }
#}
#else {
# say "domains undef";
#}

29
t/get_error.pl Executable file
View File

@ -0,0 +1,29 @@
#!/usr/bin/perl -w
use strict;
use warnings;
use v5.14;
use autodie;
use Modern::Perl;
use DNS::ZoneParse;
use Config::Simple;
use Data::Dump qw( dump );
use lib '../';
use app::app;
use initco;
if( @ARGV != 0 ) {
say "usage : ./get_all_domains.pl";
exit 1;
}
my $app = initco::initco();
my ($success) = $app->register_user("bla", 'password');
die "erreur de nom, déjà pris" unless $success;
($success) = $app->register_user("bla", 'password');
die "erreur de nom, déjà pris" unless $success;
say "fin";

32
t/initco.pm Normal file
View File

@ -0,0 +1,32 @@
use strict;
use warnings;
use v5.14;
use autodie;
use Modern::Perl;
use DNS::ZoneParse;
use Config::Simple;
use Data::Dump qw( dump );
package initco;
sub initco {
my ($cfgfile) = @_;
$cfgfile = defined $cfgfile ? $cfgfile : './config.ini';
my $cfg = new Config::Simple($cfgfile);
my $app = app->new( zdir => $cfg->param('zones_path'),
dbname => $cfg->param('dbname'),
dbhost => $cfg->param('host'),
dbport => $cfg->param('port'),
dbuser => $cfg->param('user'),
dbpass => $cfg->param('passwd'),
sgbd => $cfg->param('sgbd'),
dnsapp => $cfg->param('dnsapp') );
$app->init();
return $app;
}
1;

View File

@ -37,9 +37,22 @@ sub initco {
return $app;
}
sub get_errmsg {
my $err = session 'errmsg';
session errmsg => '';
$err;
}
sub get_route {
my $route = '/';
$route = request->referer if (defined request->referer);
$route;
}
get '/' => sub {
if( session('login') )
{
my $app = initco();
my ($success, @domains) = $app->get_domains( session('login') );
@ -48,16 +61,21 @@ get '/' => sub {
template index => {
login => session('login')
, admin => session('admin')
, errmsg => get_errmsg
, domains => [ @domains ] };
}
else {
session->destroy;
template 'index';
}
}
else
{
template 'index';
template 'index' => {
errmsg => get_errmsg
};
}
};
@ -78,22 +96,20 @@ get '/home' => sub {
my (%zone_properties, %domains);
my $cs = session('creationSuccess');
my $cf = session('creationFailure');
my $dn = session('domainName');
session creationSuccess => '';
session creationFailure => '';
session domainName => '';
template home => {
login => session('login')
, admin => session('admin')
, domains => [@domains]
, zones_domains => \%domains
, zone_properties => \%zone_properties
, creationSuccess => $cs
, creationFailure => $cf
, domainName => $dn };
login => session('login')
, admin => session('admin')
, domains => [@domains]
, zones_domains => \%domains
, zone_properties => \%zone_properties
, creationSuccess => $cs
, errmsg => get_errmsg
, domainName => $dn };
}
else {
@ -115,6 +131,7 @@ prefix '/domain' => sub {
}
else
{
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
param('password') );
@ -257,32 +274,32 @@ prefix '/domain' => sub {
else
{
my $creationSuccess = false;
my $creationFailure = false;
my $creationSuccess = '';
if( param('domain') =~ /^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$|^[a-zA-Z0-9]+$/ )
{
my $cfg = new Config::Simple(dirname(__FILE__).'/../conf/config.ini');
my $domain = param('domain').$cfg->param('tld');
# $domain =~ s/\.{2,}/\./g;
# say "domain after sed : $domain";
# create domain
my $app = initco();
# Add tld
# create domain
$app->add_domain( session('login'), $domain );
$creationSuccess = true;
my ($success) = $app->add_domain( session('login'), $domain );
if ($success) {
$creationSuccess = q{Le nom de domaine a bien été réservé ! };
}
else {
session errmsg => q{Le nom de domaine est déjà pris.};
}
}
else
{
# say param('domain')." contains a char not valid";
$creationFailure = true;
session errmsg =>
q{Le nom de domaine entré contient des caractères invalides};
}
session 'creationSuccess' => $creationSuccess;
session 'creationFailure' => $creationFailure;
session 'domainName' => param('domain');
session creationSuccess => $creationSuccess;
session domainName => param('domain');
redirect '/home';
}
@ -291,24 +308,39 @@ prefix '/domain' => sub {
get '/del/:domain' => sub {
my $app = initco();
unless( defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>;
redirect get_route;
}
else {
my $app = initco();
# TODO tests des droits
if( session('login') ) {
# TODO tests des droits
if( session('login') ) {
$app->delete_domain(session('login'), param('domain'));
if($app->delete_domain(session('login'), param('domain'))) {
if( request->referer =~ "/domain/details" ) {
redirect '/home';
}
else {
redirect request->referer;
if( request->referer =~ "/domain/details" ) {
redirect '/home';
}
else {
redirect request->referer;
}
}
else {
session errmsg => "Impossible de supprimer le domaine "
. param 'domain'
. '.' ;
redirect request->referer;
}
}
}
};
};
any ['get', 'post'] => '/admin' => sub {
@ -335,6 +367,7 @@ any ['get', 'post'] => '/admin' => sub {
template administration => {
login => session('login')
, admin => session('admin')
, errmsg => get_errmsg
, domains => [ @domains ]
, alldomains => { %alldomains }
, allusers => { %allusers } };
@ -355,10 +388,18 @@ prefix '/user' => sub {
{
my $app = initco();
$app->register_user(param('login'), param('password'));
session login => param('login');
session password => param('password');
redirect '/home';
my ($success) = $app->register_user(param('login')
, param('password'));
if($success) {
session login => param('login');
session password => param('password');
redirect '/home';
}
else {
session errmsg => q/Ce pseudo est déjà pris./;
redirect '/user/subscribe';
}
}
else {
@ -376,11 +417,8 @@ prefix '/user' => sub {
}
else {
my $errmsg = session 'errmsg' ;
session errmsg => '';
template subscribe => {
errmsg => $errmsg
errmsg => get_errmsg
};
}
@ -392,12 +430,14 @@ prefix '/user' => sub {
{
# TODO ajouter une erreur à afficher
session errmsg => "L'administrateur n'est pas défini." ;
redirect request->referer;
}
elsif(! defined session('login') )
{
session errmsg => "Vous n'êtes pas connecté." ;
redirect '/';
}
@ -411,8 +451,16 @@ prefix '/user' => sub {
if ( $auth_ok && $isadmin ) {
$app->set_admin(param('user'), 0);
}
else {
session errmsg => q/Vous n'êtes pas administrateur./;
}
redirect request->referer;
if( request->referer =~ "/admin" ) {
redirect request->referer;
}
else {
redirect '/';
}
}
@ -424,12 +472,14 @@ prefix '/user' => sub {
{
# TODO ajouter une erreur à afficher
session errmsg => "L'utilisateur n'est pas défini." ;
redirect request->referer;
}
elsif(! defined session('login') )
{
session errmsg => "Vous n'êtes pas connecté." ;
redirect '/';
}
@ -444,7 +494,12 @@ prefix '/user' => sub {
$app->set_admin(param('user'), 1);
}
redirect request->referer;
if( request->referer =~ "/admin" ) {
redirect request->referer;
}
else {
redirect '/';
}
}
@ -452,16 +507,31 @@ prefix '/user' => sub {
get '/del/:user' => sub {
my $app = initco();
if(defined param 'user') {
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
my $app = initco();
if ( $auth_ok && $isadmin || session('login') eq param('user')) {
$app->delete_user(param('user'));
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
if ( $auth_ok && $isadmin || session('login') eq param('user')) {
unless ( $app->delete_user(param('user'))) {
session errmsg => "L'utilisateur "
. param 'user'
. " n'a pas pu être supprimé.";
}
}
}
else {
session errmsg => q{Le nom d'utilisateur n'est pas renseigné.};
}
redirect request->referer;
if( defined request->referer) {
redirect request->referer;
}
else {
redirect '/';
}
};
@ -495,8 +565,10 @@ prefix '/user' => sub {
}
else
{
# User login and/or password are incorrect
session errmsg => q<Impossible de se connecter (login ou mot de passe incorrect).>;
redirect '/';
}
}
}

View File

@ -1,5 +1,6 @@
<% include header.tt %>
<% include sidebar.tt %>
<% include error.tt %>
<div id="page">

View File

@ -1,5 +1,6 @@
<% include header.tt %>
<% include sidebar.tt %>
<% include error.tt %>
<div id="page">

10
www/views/error.tt Normal file
View File

@ -0,0 +1,10 @@
<% IF errmsg.defined && errmsg.length > 0 %>
<div id="errmsg" >
<div class="alert alert-danger">
<p><strong>Oh !</strong>
<% errmsg %>
<span class="glyphicon glyphicon-remove"></span>
</p>
</div>
</div>
<% END %>

View File

@ -1,21 +1,17 @@
<% include header.tt %>
<% include sidebar.tt %>
<% include error.tt %>
<div id="page">
<!-- Permettra une mise en forme plus propre. -->
<% IF creationSuccess == 1 %>
<% IF creationSuccess.defined && creationSuccess.length > 0 %>
<div class="alert alert-success">
<p><strong>Bien !</strong> Le domaine « <% domainName %> » a bien été créé.
<p><strong>Bien !</strong>
<% creationSuccess %>
<span class="glyphicon glyphicon-ok"></span>
</p>
</div>
<% ELSIF creationFailure == 1 %>
<div class="alert alert-danger">
<p><strong>Oh !</strong> Le domaine « <% domainName %> » n'a pu être créé.
<span class="glyphicon glyphicon-remove"></span>
</p>
</div>
<% END %>
<% IF domains && domains.size %>
@ -46,7 +42,11 @@
<h3>Ajouter un nouveau domaine :</h3>
<form class="form" action='/domain/add/' method="post" >
<input type='text' name='domain'/>
<% IF domainName.defined %>
<input type='text' name='domain' value="<% domainName %>" />
<% ELSE %>
<input type='text' name='domain' />
<% END %>
<input type='submit' name='submit' value="Créer mon domaine!" />
</form>

View File

@ -1,5 +1,6 @@
<% include header.tt %>
<% include sidebar.tt %>
<% include error.tt %>
<div id="page">

View File

@ -1,10 +1,9 @@
<% include header.tt %>
<% include sidebar.tt %>
<% include error.tt %>
<div id="page">
<% errmsg %> <br />
<h3>S'enregistrer</h3>
<hr />