Obsolete
/
dnsmanagerv1
Archived
3
0
Fork 0

ajout de tests, site un peu plus sécurisé, errmsg à afficher

ajout de tests, site un peu plus sécurisé, errmsg à afficher
master
Philippe Pittoli 2014-01-24 22:37:02 +01:00
parent 483b6fed53
commit a7a334e330
13 changed files with 278 additions and 76 deletions

View File

@ -87,7 +87,9 @@ sub add_domain {
return 0; return 0;
} }
$user->add_domain($domain); unless ($user->add_domain($domain)) {
return 0;
}
my $ze = app::zone::edit->new(zname => $domain, zdir => $self->zdir); my $ze = app::zone::edit->new(zname => $domain, zdir => $self->zdir);
$ze->addzone(); $ze->addzone();

View File

@ -30,18 +30,30 @@ sub delete_domain {
return 1; return 1;
} }
# $success add_domain
sub add_domain { sub add_domain {
my ($self, $domain) = @_; my ($self, $domain) = @_;
my ($sth); my ($sth);
# TODO vérifier que personne n'a ce domaine, pas seulement l'utilisateur $sth = $self->dbh->prepare('select domain from domain where domain=?');
return 0 if (grep { $domain eq $_ } @{ $self->domains }) > 0; unless ( $sth->execute($domain) ) {
$sth->finish();
return 0;
}
# if the domain already exists
if (my $ref = $sth->fetchrow_arrayref) {
$sth->finish();
return 0;
}
$sth = $self->dbh->prepare('insert into domain VALUES(?,?,?)'); $sth = $self->dbh->prepare('insert into domain VALUES(?,?,?)');
unless ( $sth->execute($domain, $self->login, 0) ) { unless ( $sth->execute($domain, $self->login, 0) ) {
$sth->finish(); $sth->finish();
return 0; return 0;
} }
$sth->finish(); $sth->finish();
push @{ $self->domains }, $domain; push @{ $self->domains }, $domain;
return 1; return 1;

View File

@ -48,7 +48,6 @@ sub register_user {
# if an user already exists # if an user already exists
if (my $ref = $sth->fetchrow_arrayref) { if (my $ref = $sth->fetchrow_arrayref) {
#say join (', ', @$ref);
$sth->finish(); $sth->finish();
return 0; return 0;
} }
@ -69,14 +68,7 @@ sub delete_user {
my ($self, $login) = @_; my ($self, $login) = @_;
my $sth; my $sth;
# TODO non utile # TODO : vérifier que ça renvoie la bonne valeur
$sth = $self->dbh->prepare('delete from domain where login=?');
unless ( $sth->execute($login) ) {
$sth->finish();
return 0;
}
$sth->finish();
$sth = $self->dbh->prepare('delete from user where login=?'); $sth = $self->dbh->prepare('delete from user where login=?');
unless ( $sth->execute($login) ) { unless ( $sth->execute($login) ) {
$sth->finish(); $sth->finish();
@ -84,7 +76,6 @@ sub delete_user {
} }
$sth->finish(); $sth->finish();
return 1; return 1;
} }

52
t/get_all_users.pl Executable file
View File

@ -0,0 +1,52 @@
#!/usr/bin/perl -w
use strict;
use warnings;
use v5.14;
use autodie;
use Modern::Perl;
use DNS::ZoneParse;
use Config::Simple;
use Data::Dump qw( dump );
use lib '../';
use app::app;
sub initco {
my $cfg = new Config::Simple('./config.ini');
my $app = app->new( zdir => $cfg->param('zones_path'),
dbname => $cfg->param('dbname'),
dbhost => $cfg->param('host'),
dbport => $cfg->param('port'),
dbuser => $cfg->param('user'),
dbpass => $cfg->param('passwd'),
sgbd => $cfg->param('sgbd'),
dnsapp => $cfg->param('dnsapp') );
$app->init();
return $app;
}
if( @ARGV != 0 ) {
say "usage : ./get_all_domains.pl";
exit 1;
}
my $app = initco();
my %users = $app->get_all_users();
dump(%users);
#if( $domains ) {
# if( scalar(@$domains) != 0) {
# say join ", ", @{$domains};
# }
# else {
# say "tableau vide";
# }
#}
#else {
# say "domains undef";
#}

29
t/get_error.pl Executable file
View File

@ -0,0 +1,29 @@
#!/usr/bin/perl -w
use strict;
use warnings;
use v5.14;
use autodie;
use Modern::Perl;
use DNS::ZoneParse;
use Config::Simple;
use Data::Dump qw( dump );
use lib '../';
use app::app;
use initco;
if( @ARGV != 0 ) {
say "usage : ./get_all_domains.pl";
exit 1;
}
my $app = initco::initco();
my ($success) = $app->register_user("bla", 'password');
die "erreur de nom, déjà pris" unless $success;
($success) = $app->register_user("bla", 'password');
die "erreur de nom, déjà pris" unless $success;
say "fin";

32
t/initco.pm Normal file
View File

@ -0,0 +1,32 @@
use strict;
use warnings;
use v5.14;
use autodie;
use Modern::Perl;
use DNS::ZoneParse;
use Config::Simple;
use Data::Dump qw( dump );
package initco;
sub initco {
my ($cfgfile) = @_;
$cfgfile = defined $cfgfile ? $cfgfile : './config.ini';
my $cfg = new Config::Simple($cfgfile);
my $app = app->new( zdir => $cfg->param('zones_path'),
dbname => $cfg->param('dbname'),
dbhost => $cfg->param('host'),
dbport => $cfg->param('port'),
dbuser => $cfg->param('user'),
dbpass => $cfg->param('passwd'),
sgbd => $cfg->param('sgbd'),
dnsapp => $cfg->param('dnsapp') );
$app->init();
return $app;
}
1;

View File

@ -37,9 +37,22 @@ sub initco {
return $app; return $app;
} }
sub get_errmsg {
my $err = session 'errmsg';
session errmsg => '';
$err;
}
sub get_route {
my $route = '/';
$route = request->referer if (defined request->referer);
$route;
}
get '/' => sub { get '/' => sub {
if( session('login') ) if( session('login') )
{ {
my $app = initco(); my $app = initco();
my ($success, @domains) = $app->get_domains( session('login') ); my ($success, @domains) = $app->get_domains( session('login') );
@ -48,16 +61,21 @@ get '/' => sub {
template index => { template index => {
login => session('login') login => session('login')
, admin => session('admin') , admin => session('admin')
, errmsg => get_errmsg
, domains => [ @domains ] }; , domains => [ @domains ] };
} }
else { else {
session->destroy; session->destroy;
template 'index'; template 'index';
} }
} }
else else
{ {
template 'index';
template 'index' => {
errmsg => get_errmsg
};
} }
}; };
@ -78,22 +96,20 @@ get '/home' => sub {
my (%zone_properties, %domains); my (%zone_properties, %domains);
my $cs = session('creationSuccess'); my $cs = session('creationSuccess');
my $cf = session('creationFailure');
my $dn = session('domainName'); my $dn = session('domainName');
session creationSuccess => ''; session creationSuccess => '';
session creationFailure => '';
session domainName => ''; session domainName => '';
template home => { template home => {
login => session('login') login => session('login')
, admin => session('admin') , admin => session('admin')
, domains => [@domains] , domains => [@domains]
, zones_domains => \%domains , zones_domains => \%domains
, zone_properties => \%zone_properties , zone_properties => \%zone_properties
, creationSuccess => $cs , creationSuccess => $cs
, creationFailure => $cf , errmsg => get_errmsg
, domainName => $dn }; , domainName => $dn };
} }
else { else {
@ -115,6 +131,7 @@ prefix '/domain' => sub {
} }
else else
{ {
my $app = initco(); my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
param('password') ); param('password') );
@ -257,32 +274,32 @@ prefix '/domain' => sub {
else else
{ {
my $creationSuccess = false; my $creationSuccess = '';
my $creationFailure = false;
if( param('domain') =~ /^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$|^[a-zA-Z0-9]+$/ ) if( param('domain') =~ /^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$|^[a-zA-Z0-9]+$/ )
{ {
my $cfg = new Config::Simple(dirname(__FILE__).'/../conf/config.ini'); my $cfg = new Config::Simple(dirname(__FILE__).'/../conf/config.ini');
my $domain = param('domain').$cfg->param('tld'); my $domain = param('domain').$cfg->param('tld');
# $domain =~ s/\.{2,}/\./g;
# say "domain after sed : $domain";
# create domain
my $app = initco(); my $app = initco();
# Add tld my ($success) = $app->add_domain( session('login'), $domain );
# create domain
$app->add_domain( session('login'), $domain ); if ($success) {
$creationSuccess = true; $creationSuccess = q{Le nom de domaine a bien été réservé ! };
}
else {
session errmsg => q{Le nom de domaine est déjà pris.};
}
} }
else else
{ {
# say param('domain')." contains a char not valid"; session errmsg =>
$creationFailure = true; q{Le nom de domaine entré contient des caractères invalides};
} }
session 'creationSuccess' => $creationSuccess; session creationSuccess => $creationSuccess;
session 'creationFailure' => $creationFailure; session domainName => param('domain');
session 'domainName' => param('domain');
redirect '/home'; redirect '/home';
} }
@ -291,24 +308,39 @@ prefix '/domain' => sub {
get '/del/:domain' => sub { get '/del/:domain' => sub {
my $app = initco(); unless( defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>;
redirect get_route;
}
else {
my $app = initco();
# TODO tests des droits # TODO tests des droits
if( session('login') ) { if( session('login') ) {
$app->delete_domain(session('login'), param('domain')); if($app->delete_domain(session('login'), param('domain'))) {
if( request->referer =~ "/domain/details" ) { if( request->referer =~ "/domain/details" ) {
redirect '/home'; redirect '/home';
} }
else { else {
redirect request->referer; redirect request->referer;
}
}
else {
session errmsg => "Impossible de supprimer le domaine "
. param 'domain'
. '.' ;
redirect request->referer;
}
} }
} }
}; };
}; };
any ['get', 'post'] => '/admin' => sub { any ['get', 'post'] => '/admin' => sub {
@ -335,6 +367,7 @@ any ['get', 'post'] => '/admin' => sub {
template administration => { template administration => {
login => session('login') login => session('login')
, admin => session('admin') , admin => session('admin')
, errmsg => get_errmsg
, domains => [ @domains ] , domains => [ @domains ]
, alldomains => { %alldomains } , alldomains => { %alldomains }
, allusers => { %allusers } }; , allusers => { %allusers } };
@ -355,10 +388,18 @@ prefix '/user' => sub {
{ {
my $app = initco(); my $app = initco();
$app->register_user(param('login'), param('password')); my ($success) = $app->register_user(param('login')
session login => param('login'); , param('password'));
session password => param('password');
redirect '/home'; if($success) {
session login => param('login');
session password => param('password');
redirect '/home';
}
else {
session errmsg => q/Ce pseudo est déjà pris./;
redirect '/user/subscribe';
}
} }
else { else {
@ -376,11 +417,8 @@ prefix '/user' => sub {
} }
else { else {
my $errmsg = session 'errmsg' ;
session errmsg => '';
template subscribe => { template subscribe => {
errmsg => $errmsg errmsg => get_errmsg
}; };
} }
@ -392,12 +430,14 @@ prefix '/user' => sub {
{ {
# TODO ajouter une erreur à afficher # TODO ajouter une erreur à afficher
session errmsg => "L'administrateur n'est pas défini." ;
redirect request->referer; redirect request->referer;
} }
elsif(! defined session('login') ) elsif(! defined session('login') )
{ {
session errmsg => "Vous n'êtes pas connecté." ;
redirect '/'; redirect '/';
} }
@ -411,8 +451,16 @@ prefix '/user' => sub {
if ( $auth_ok && $isadmin ) { if ( $auth_ok && $isadmin ) {
$app->set_admin(param('user'), 0); $app->set_admin(param('user'), 0);
} }
else {
session errmsg => q/Vous n'êtes pas administrateur./;
}
redirect request->referer; if( request->referer =~ "/admin" ) {
redirect request->referer;
}
else {
redirect '/';
}
} }
@ -424,12 +472,14 @@ prefix '/user' => sub {
{ {
# TODO ajouter une erreur à afficher # TODO ajouter une erreur à afficher
session errmsg => "L'utilisateur n'est pas défini." ;
redirect request->referer; redirect request->referer;
} }
elsif(! defined session('login') ) elsif(! defined session('login') )
{ {
session errmsg => "Vous n'êtes pas connecté." ;
redirect '/'; redirect '/';
} }
@ -444,7 +494,12 @@ prefix '/user' => sub {
$app->set_admin(param('user'), 1); $app->set_admin(param('user'), 1);
} }
redirect request->referer; if( request->referer =~ "/admin" ) {
redirect request->referer;
}
else {
redirect '/';
}
} }
@ -452,16 +507,31 @@ prefix '/user' => sub {
get '/del/:user' => sub { get '/del/:user' => sub {
my $app = initco(); if(defined param 'user') {
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), my $app = initco();
session('password') );
if ( $auth_ok && $isadmin || session('login') eq param('user')) { my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
$app->delete_user(param('user')); session('password') );
if ( $auth_ok && $isadmin || session('login') eq param('user')) {
unless ( $app->delete_user(param('user'))) {
session errmsg => "L'utilisateur "
. param 'user'
. " n'a pas pu être supprimé.";
}
}
}
else {
session errmsg => q{Le nom d'utilisateur n'est pas renseigné.};
} }
redirect request->referer; if( defined request->referer) {
redirect request->referer;
}
else {
redirect '/';
}
}; };
@ -495,8 +565,10 @@ prefix '/user' => sub {
} }
else else
{ {
# User login and/or password are incorrect
session errmsg => q<Impossible de se connecter (login ou mot de passe incorrect).>;
redirect '/'; redirect '/';
} }
} }
} }

View File

@ -1,5 +1,6 @@
<% include header.tt %> <% include header.tt %>
<% include sidebar.tt %> <% include sidebar.tt %>
<% include error.tt %>
<div id="page"> <div id="page">

View File

@ -1,5 +1,6 @@
<% include header.tt %> <% include header.tt %>
<% include sidebar.tt %> <% include sidebar.tt %>
<% include error.tt %>
<div id="page"> <div id="page">

10
www/views/error.tt Normal file
View File

@ -0,0 +1,10 @@
<% IF errmsg.defined && errmsg.length > 0 %>
<div id="errmsg" >
<div class="alert alert-danger">
<p><strong>Oh !</strong>
<% errmsg %>
<span class="glyphicon glyphicon-remove"></span>
</p>
</div>
</div>
<% END %>

View File

@ -1,21 +1,17 @@
<% include header.tt %> <% include header.tt %>
<% include sidebar.tt %> <% include sidebar.tt %>
<% include error.tt %>
<div id="page"> <div id="page">
<!-- Permettra une mise en forme plus propre. --> <!-- Permettra une mise en forme plus propre. -->
<% IF creationSuccess == 1 %> <% IF creationSuccess.defined && creationSuccess.length > 0 %>
<div class="alert alert-success"> <div class="alert alert-success">
<p><strong>Bien !</strong> Le domaine « <% domainName %> » a bien été créé. <p><strong>Bien !</strong>
<% creationSuccess %>
<span class="glyphicon glyphicon-ok"></span> <span class="glyphicon glyphicon-ok"></span>
</p> </p>
</div> </div>
<% ELSIF creationFailure == 1 %>
<div class="alert alert-danger">
<p><strong>Oh !</strong> Le domaine « <% domainName %> » n'a pu être créé.
<span class="glyphicon glyphicon-remove"></span>
</p>
</div>
<% END %> <% END %>
<% IF domains && domains.size %> <% IF domains && domains.size %>
@ -46,7 +42,11 @@
<h3>Ajouter un nouveau domaine :</h3> <h3>Ajouter un nouveau domaine :</h3>
<form class="form" action='/domain/add/' method="post" > <form class="form" action='/domain/add/' method="post" >
<input type='text' name='domain'/> <% IF domainName.defined %>
<input type='text' name='domain' value="<% domainName %>" />
<% ELSE %>
<input type='text' name='domain' />
<% END %>
<input type='submit' name='submit' value="Créer mon domaine!" /> <input type='submit' name='submit' value="Créer mon domaine!" />
</form> </form>

View File

@ -1,5 +1,6 @@
<% include header.tt %> <% include header.tt %>
<% include sidebar.tt %> <% include sidebar.tt %>
<% include error.tt %>
<div id="page"> <div id="page">

View File

@ -1,10 +1,9 @@
<% include header.tt %> <% include header.tt %>
<% include sidebar.tt %> <% include sidebar.tt %>
<% include error.tt %>
<div id="page"> <div id="page">
<% errmsg %> <br />
<h3>S'enregistrer</h3> <h3>S'enregistrer</h3>
<hr /> <hr />