maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

added DirProtections.update() and various unit-tests

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-03-15 11:01:17 +01:00
parent f2809c47ac
commit 858a9ba6a4
3 changed files with 158 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
customer_extras.php
View File

@@ -111,74 +111,15 @@ if ($page == 'overview') {
} }
} elseif ($action == 'add') { } elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$path = makeCorrectDir(validate($_POST['path'], 'path')); try {
$userpath = $path; DirProtections::getLocal($userinfo, $_POST)->add();
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); } catch (Exception $e) {
$username = validate($_POST['username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/'); dynamic_error($e->getMessage());
$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
validate($_POST['directory_password'], 'password');
$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
WHERE `username`= :username
AND `path`= :path
AND `customerid`= :customerid");
$params = array(
"username" => $username,
"path" => $path,
"customerid" => $userinfo['customerid']
);
Database::pexecute($username_path_check_stmt, $params);
$username_path_check = $username_path_check_stmt->fetch(PDO::FETCH_ASSOC);
if (CRYPT_STD_DES == 1) {
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$password = crypt($_POST['directory_password'], $saltfordescrypt);
} else {
$password = crypt($_POST['directory_password']);
} }
if (! $_POST['path']) {
standard_error('invalidpath');
}
if ($username == '') {
standard_error(array(
'stringisempty',
'myloginname'
));
} elseif ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
standard_error('userpathcombinationdupe');
} elseif ($_POST['directory_password'] == '') {
standard_error(array(
'stringisempty',
'mypassword'
));
} elseif ($path == '') {
standard_error('patherror');
} elseif ($_POST['directory_password'] == $username) {
standard_error('passwordshouldnotbeusername');
} else {
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
`customerid` = :customerid,
`username` = :username,
`password` = :password,
`path` = :path,
`authname` = :authname");
$params = array(
"customerid" => $userinfo['customerid'],
"username" => $username,
"password" => $password,
"path" => $path,
"authname" => $authname
);
Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
inserttask('1');
redirectTo($filename, array( redirectTo($filename, array(
'page' => $page, 'page' => $page,
's' => $s 's' => $s
)); ));
}
} else { } else {
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -191,65 +132,26 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";"); eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";");
} }
} elseif ($action == 'edit' && $id != 0) { } elseif ($action == 'edit' && $id != 0) {
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` try {
WHERE `customerid`= :customerid $json_result = DirProtections::getLocal($userinfo, array(
AND `id`= :id"); 'id' => $id
Database::pexecute($result_stmt, array( ))->get();
"customerid" => $userinfo['customerid'], } catch (Exception $e) {
"id" => $id dynamic_error($e->getMessage());
)); }
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') { if (isset($result['username']) && $result['username'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
validate($_POST['directory_password'], 'password'); try {
$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/'); DirProtections::getLocal($userinfo, $_POST)->update();
} catch (Exception $e) {
if (CRYPT_STD_DES == 1) { dynamic_error($e->getMessage());
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$password = crypt($_POST['directory_password'], $saltfordescrypt);
} else {
$password = crypt($_POST['directory_password']);
} }
if ($_POST['directory_password'] == $result['username']) {
standard_error('passwordshouldnotbeusername');
}
$params = array(
"customerid" => $userinfo['customerid'],
"id" => $id
);
$pwd_sql = '';
if ($_POST['directory_password'] != '') {
$pwd_sql = "`password`= :password ";
$params["password"] = $password;
}
$auth_sql = '';
if ($authname != $result['authname']) {
$auth_sql = "`authname`= :authname ";
$params["authname"] = $authname;
}
if ($pwd_sql != '' || $auth_sql != '') {
if ($pwd_sql != '' && $auth_sql != '') {
$pwd_sql .= ', ';
}
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
SET " . $pwd_sql . $auth_sql . "
WHERE `customerid`= :customerid
AND `id`= :id");
Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
inserttask('1');
redirectTo($filename, array( redirectTo($filename, array(
'page' => $page, 'page' => $page,
's' => $s 's' => $s
)); ));
}
} else { } else {
if (strpos($result['path'], $userinfo['documentroot']) === 0) { if (strpos($result['path'], $userinfo['documentroot']) === 0) {
$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']); $result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);

67
lib/classes/api/commands/class.DirProtections.php
View File

@@ -166,7 +166,70 @@ class DirProtections extends ApiCommand implements ResourceEntity
} }
public function update() public function update()
{} {
$id = $this->getParam('id', true, 0);
$un_optional = ($id <= 0 ? false : true);
$username = $this->getParam('username', $un_optional, '');
// validation
$result = $this->apiCall('DirProtections.get', array(
'id' => $id,
'username' => $username
));
$id = $result['id'];
// parameters
$password = $this->getParam('directory_password', true, '');
$authname = $this->getParam('directory_authname', true, $result['authname']);
// get needed customer info
$customer = $this->getCustomerData();
// validation
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
validate($password, 'password', '', '', array(), true);
$upd_query = "";
$upd_params = array(
"id" => $result['id'],
"cid" => $customer['customerid']
);
if (! empty($password)) {
if ($password == $result['username']) {
standard_error('passwordshouldnotbeusername', '', true);
}
if (CRYPT_STD_DES == 1) {
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$password_enc = crypt($password, $saltfordescrypt);
} else {
$password_enc = crypt($password);
}
$upd_query .= "`password`= :password_enc";
$upd_params['password_enc'] = $password_enc;
}
if ($authname != $result['authname']) {
if (! empty($upd_query)) {
$upd_query .= ", ";
}
$upd_query .= "`authname` = :authname";
$upd_params['authname'] = $authname;
}
// build update query
if (! empty($upd_query)) {
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_HTPASSWDS . "` SET " . $upd_query . " WHERE `id` = :id AND `customerid`= :cid
");
Database::pexecute($upd_stmt, $upd_params, true, true);
inserttask('1');
}
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] updated directory-protection '" . $result['username'] . " (" . $result['path'] . ")'");
$result = $this->apiCall('DirProtections.get', array(
'id' => $result['id']
));
return $this->response(200, "successfull", $result);
}
/** /**
* list all directory-protections, if called from an admin, list all directory-protections of all customers you are allowed to view, or specify id or loginname for one specific customer * list all directory-protections, if called from an admin, list all directory-protections of all customers you are allowed to view, or specify id or loginname for one specific customer
@@ -192,7 +255,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
WHERE `customerid` IN (:customerids) WHERE `customerid` IN (:customerids)
"); ");
Database::pexecute($result_stmt, array( Database::pexecute($result_stmt, array(
"customerids" => $customer_ids "customerids" => implode(', ', $customer_ids)
), true, true); ), true, true);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$result[] = $row; $result[] = $row;

69
tests/Extras/ExtrasTest.php
View File

@@ -117,4 +117,73 @@ class ExtrasTest extends TestCase
$this->assertEquals($customer_userdata['documentroot'] . 'test/', $result['path']); $this->assertEquals($customer_userdata['documentroot'] . 'test/', $result['path']);
$this->assertEquals('test1', $result['authname']); $this->assertEquals('test1', $result['authname']);
} }
/**
* @depends testCustomerDirProtectionsAdd
*/
public function testCustomerDirProtectionsUpdate()
{
global $admin_userdata;
// get customer
$json_result = Customers::getLocal($admin_userdata, array(
'loginname' => 'test1'
))->get();
$customer_userdata = json_decode($json_result, true)['data'];
$json_result = DirProtections::getLocal($customer_userdata, array('id' => 1))->get();
$data_old = json_decode($json_result, true)['data'];
$data = [
'id' => 1,
'directory_password' => generatePassword(),
'directory_authname' => 'test1337'
];
$json_result = DirProtections::getLocal($customer_userdata, $data)->update();
$result = json_decode($json_result, true)['data'];
$this->assertTrue($data_old['password'] != $result['password']);
$this->assertTrue($data_old['authname'] != $result['authname']);
$this->assertEquals('test1337', $result['authname']);
}
/**
* @depends testCustomerDirProtectionsAdd
*/
public function testCustomerDirProtectionsList()
{
global $admin_userdata;
// get customer
$json_result = Customers::getLocal($admin_userdata, array(
'loginname' => 'test1'
))->get();
$customer_userdata = json_decode($json_result, true)['data'];
$json_result = DirProtections::getLocal($customer_userdata)->listing();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(2, $result['count']);
$this->assertEquals('test1', $result['list'][0]['username']);
$this->assertEquals('testing', $result['list'][1]['username']);
}
/**
* @depends testCustomerDirProtectionsList
*/
public function testCustomerDirProtectionsDelete()
{
global $admin_userdata;
// get customer
$json_result = Customers::getLocal($admin_userdata, array(
'loginname' => 'test1'
))->get();
$customer_userdata = json_decode($json_result, true)['data'];
DirProtections::getLocal($customer_userdata, array('username' => 'testing'))->delete();
$json_result = DirProtections::getLocal($customer_userdata)->listing();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(1, $result['count']);
$this->assertEquals('test1', $result['list'][0]['username']);
}
} }