added DirProtections.update() and various unit-tests
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -111,74 +111,15 @@ if ($page == 'overview') {
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
$path = makeCorrectDir(validate($_POST['path'], 'path'));
|
||||
$userpath = $path;
|
||||
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
|
||||
$username = validate($_POST['username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/');
|
||||
$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
|
||||
validate($_POST['directory_password'], 'password');
|
||||
|
||||
$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||
WHERE `username`= :username
|
||||
AND `path`= :path
|
||||
AND `customerid`= :customerid");
|
||||
$params = array(
|
||||
"username" => $username,
|
||||
"path" => $path,
|
||||
"customerid" => $userinfo['customerid']
|
||||
);
|
||||
Database::pexecute($username_path_check_stmt, $params);
|
||||
$username_path_check = $username_path_check_stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (CRYPT_STD_DES == 1) {
|
||||
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
|
||||
$password = crypt($_POST['directory_password'], $saltfordescrypt);
|
||||
} else {
|
||||
$password = crypt($_POST['directory_password']);
|
||||
try {
|
||||
DirProtections::getLocal($userinfo, $_POST)->add();
|
||||
} catch (Exception $e) {
|
||||
dynamic_error($e->getMessage());
|
||||
}
|
||||
|
||||
if (! $_POST['path']) {
|
||||
standard_error('invalidpath');
|
||||
}
|
||||
|
||||
if ($username == '') {
|
||||
standard_error(array(
|
||||
'stringisempty',
|
||||
'myloginname'
|
||||
));
|
||||
} elseif ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
|
||||
standard_error('userpathcombinationdupe');
|
||||
} elseif ($_POST['directory_password'] == '') {
|
||||
standard_error(array(
|
||||
'stringisempty',
|
||||
'mypassword'
|
||||
));
|
||||
} elseif ($path == '') {
|
||||
standard_error('patherror');
|
||||
} elseif ($_POST['directory_password'] == $username) {
|
||||
standard_error('passwordshouldnotbeusername');
|
||||
} else {
|
||||
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
|
||||
`customerid` = :customerid,
|
||||
`username` = :username,
|
||||
`password` = :password,
|
||||
`path` = :path,
|
||||
`authname` = :authname");
|
||||
$params = array(
|
||||
"customerid" => $userinfo['customerid'],
|
||||
"username" => $username,
|
||||
"password" => $password,
|
||||
"path" => $path,
|
||||
"authname" => $authname
|
||||
);
|
||||
Database::pexecute($stmt, $params);
|
||||
$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
|
||||
inserttask('1');
|
||||
redirectTo($filename, array(
|
||||
'page' => $page,
|
||||
's' => $s
|
||||
));
|
||||
}
|
||||
} else {
|
||||
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
|
||||
|
||||
@@ -191,65 +132,26 @@ if ($page == 'overview') {
|
||||
eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";");
|
||||
}
|
||||
} elseif ($action == 'edit' && $id != 0) {
|
||||
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||
WHERE `customerid`= :customerid
|
||||
AND `id`= :id");
|
||||
Database::pexecute($result_stmt, array(
|
||||
"customerid" => $userinfo['customerid'],
|
||||
"id" => $id
|
||||
));
|
||||
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
|
||||
try {
|
||||
$json_result = DirProtections::getLocal($userinfo, array(
|
||||
'id' => $id
|
||||
))->get();
|
||||
} catch (Exception $e) {
|
||||
dynamic_error($e->getMessage());
|
||||
}
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['username']) && $result['username'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
validate($_POST['directory_password'], 'password');
|
||||
$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
|
||||
|
||||
if (CRYPT_STD_DES == 1) {
|
||||
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
|
||||
$password = crypt($_POST['directory_password'], $saltfordescrypt);
|
||||
} else {
|
||||
$password = crypt($_POST['directory_password']);
|
||||
try {
|
||||
DirProtections::getLocal($userinfo, $_POST)->update();
|
||||
} catch (Exception $e) {
|
||||
dynamic_error($e->getMessage());
|
||||
}
|
||||
|
||||
if ($_POST['directory_password'] == $result['username']) {
|
||||
standard_error('passwordshouldnotbeusername');
|
||||
}
|
||||
|
||||
$params = array(
|
||||
"customerid" => $userinfo['customerid'],
|
||||
"id" => $id
|
||||
);
|
||||
|
||||
$pwd_sql = '';
|
||||
if ($_POST['directory_password'] != '') {
|
||||
$pwd_sql = "`password`= :password ";
|
||||
$params["password"] = $password;
|
||||
}
|
||||
|
||||
$auth_sql = '';
|
||||
if ($authname != $result['authname']) {
|
||||
$auth_sql = "`authname`= :authname ";
|
||||
$params["authname"] = $authname;
|
||||
}
|
||||
|
||||
if ($pwd_sql != '' || $auth_sql != '') {
|
||||
if ($pwd_sql != '' && $auth_sql != '') {
|
||||
$pwd_sql .= ', ';
|
||||
}
|
||||
|
||||
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
|
||||
SET " . $pwd_sql . $auth_sql . "
|
||||
WHERE `customerid`= :customerid
|
||||
AND `id`= :id");
|
||||
Database::pexecute($stmt, $params);
|
||||
$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
|
||||
inserttask('1');
|
||||
redirectTo($filename, array(
|
||||
'page' => $page,
|
||||
's' => $s
|
||||
));
|
||||
}
|
||||
} else {
|
||||
if (strpos($result['path'], $userinfo['documentroot']) === 0) {
|
||||
$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
|
||||
|
||||
@@ -166,7 +166,70 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
}
|
||||
|
||||
public function update()
|
||||
{}
|
||||
{
|
||||
$id = $this->getParam('id', true, 0);
|
||||
$un_optional = ($id <= 0 ? false : true);
|
||||
$username = $this->getParam('username', $un_optional, '');
|
||||
|
||||
// validation
|
||||
$result = $this->apiCall('DirProtections.get', array(
|
||||
'id' => $id,
|
||||
'username' => $username
|
||||
));
|
||||
$id = $result['id'];
|
||||
|
||||
// parameters
|
||||
$password = $this->getParam('directory_password', true, '');
|
||||
$authname = $this->getParam('directory_authname', true, $result['authname']);
|
||||
|
||||
// get needed customer info
|
||||
$customer = $this->getCustomerData();
|
||||
|
||||
// validation
|
||||
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
|
||||
validate($password, 'password', '', '', array(), true);
|
||||
|
||||
$upd_query = "";
|
||||
$upd_params = array(
|
||||
"id" => $result['id'],
|
||||
"cid" => $customer['customerid']
|
||||
);
|
||||
if (! empty($password)) {
|
||||
if ($password == $result['username']) {
|
||||
standard_error('passwordshouldnotbeusername', '', true);
|
||||
}
|
||||
if (CRYPT_STD_DES == 1) {
|
||||
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
|
||||
$password_enc = crypt($password, $saltfordescrypt);
|
||||
} else {
|
||||
$password_enc = crypt($password);
|
||||
}
|
||||
$upd_query .= "`password`= :password_enc";
|
||||
$upd_params['password_enc'] = $password_enc;
|
||||
}
|
||||
if ($authname != $result['authname']) {
|
||||
if (! empty($upd_query)) {
|
||||
$upd_query .= ", ";
|
||||
}
|
||||
$upd_query .= "`authname` = :authname";
|
||||
$upd_params['authname'] = $authname;
|
||||
}
|
||||
|
||||
// build update query
|
||||
if (! empty($upd_query)) {
|
||||
$upd_stmt = Database::prepare("
|
||||
UPDATE `" . TABLE_PANEL_HTPASSWDS . "` SET " . $upd_query . " WHERE `id` = :id AND `customerid`= :cid
|
||||
");
|
||||
Database::pexecute($upd_stmt, $upd_params, true, true);
|
||||
inserttask('1');
|
||||
}
|
||||
|
||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] updated directory-protection '" . $result['username'] . " (" . $result['path'] . ")'");
|
||||
$result = $this->apiCall('DirProtections.get', array(
|
||||
'id' => $result['id']
|
||||
));
|
||||
return $this->response(200, "successfull", $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* list all directory-protections, if called from an admin, list all directory-protections of all customers you are allowed to view, or specify id or loginname for one specific customer
|
||||
@@ -192,7 +255,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
WHERE `customerid` IN (:customerids)
|
||||
");
|
||||
Database::pexecute($result_stmt, array(
|
||||
"customerids" => $customer_ids
|
||||
"customerids" => implode(', ', $customer_ids)
|
||||
), true, true);
|
||||
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$result[] = $row;
|
||||
|
||||
@@ -117,4 +117,73 @@ class ExtrasTest extends TestCase
|
||||
$this->assertEquals($customer_userdata['documentroot'] . 'test/', $result['path']);
|
||||
$this->assertEquals('test1', $result['authname']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testCustomerDirProtectionsAdd
|
||||
*/
|
||||
public function testCustomerDirProtectionsUpdate()
|
||||
{
|
||||
global $admin_userdata;
|
||||
|
||||
// get customer
|
||||
$json_result = Customers::getLocal($admin_userdata, array(
|
||||
'loginname' => 'test1'
|
||||
))->get();
|
||||
$customer_userdata = json_decode($json_result, true)['data'];
|
||||
|
||||
$json_result = DirProtections::getLocal($customer_userdata, array('id' => 1))->get();
|
||||
$data_old = json_decode($json_result, true)['data'];
|
||||
|
||||
$data = [
|
||||
'id' => 1,
|
||||
'directory_password' => generatePassword(),
|
||||
'directory_authname' => 'test1337'
|
||||
];
|
||||
$json_result = DirProtections::getLocal($customer_userdata, $data)->update();
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
$this->assertTrue($data_old['password'] != $result['password']);
|
||||
$this->assertTrue($data_old['authname'] != $result['authname']);
|
||||
$this->assertEquals('test1337', $result['authname']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testCustomerDirProtectionsAdd
|
||||
*/
|
||||
public function testCustomerDirProtectionsList()
|
||||
{
|
||||
global $admin_userdata;
|
||||
|
||||
// get customer
|
||||
$json_result = Customers::getLocal($admin_userdata, array(
|
||||
'loginname' => 'test1'
|
||||
))->get();
|
||||
$customer_userdata = json_decode($json_result, true)['data'];
|
||||
|
||||
$json_result = DirProtections::getLocal($customer_userdata)->listing();
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
$this->assertEquals(2, $result['count']);
|
||||
$this->assertEquals('test1', $result['list'][0]['username']);
|
||||
$this->assertEquals('testing', $result['list'][1]['username']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testCustomerDirProtectionsList
|
||||
*/
|
||||
public function testCustomerDirProtectionsDelete()
|
||||
{
|
||||
global $admin_userdata;
|
||||
|
||||
// get customer
|
||||
$json_result = Customers::getLocal($admin_userdata, array(
|
||||
'loginname' => 'test1'
|
||||
))->get();
|
||||
$customer_userdata = json_decode($json_result, true)['data'];
|
||||
|
||||
DirProtections::getLocal($customer_userdata, array('username' => 'testing'))->delete();
|
||||
|
||||
$json_result = DirProtections::getLocal($customer_userdata)->listing();
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
$this->assertEquals(1, $result['count']);
|
||||
$this->assertEquals('test1', $result['list'][0]['username']);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user