maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

code reduction; added unit-tests for Certificates-Command; minor fixes here and there

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-03-05 23:35:00 +01:00
parent f5ec759d99
commit 864331d371
11 changed files with 285 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/lib/class.FroxlorInstall.php
View File

@@ -995,7 +995,7 @@ class FroxlorInstall
$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
}
// check for bstring-extension
// check for mbstring-extension
$content .= $this->_status_message('begin', $this->_lng['requirements']['phpmbstring']);
if (! extension_loaded('mbstring')) {

43
lib/classes/api/abstract.ApiCommand.php
View File

@@ -414,6 +414,49 @@ abstract class ApiCommand
return $json_response;
}
/**
* returns an array of customers the current user can access
*
* @param string $customer_hide_option optional, when called as customer, some options might be hidden due to the panel.customer_hide_options ettings
*
* @throws Exception
* @return array
*/
protected function getAllowedCustomerIds($customer_hide_option = '')
{
$customer_ids = array();
if ($this->isAdmin()) {
// if we're an admin, list all ftp-users of all the admins customers
// or optionally for one specific customer identified by id or loginname
$customerid = $this->getParam('customerid', true, 0);
$loginname = $this->getParam('loginname', true, '');
if (! empty($customerid) || ! empty($loginname)) {
$_result = $this->apiCall('Customers.get', array(
'id' => $customerid,
'loginname' => $loginname
));
$custom_list_result = array(
$_result
);
} else {
$_custom_list_result = $this->apiCall('Customers.listing');
$custom_list_result = $_custom_list_result['list'];
}
foreach ($custom_list_result as $customer) {
$customer_ids[] = $customer['customerid'];
}
} else {
if (!empty($customer_hide_option) && Settings::IsInList('panel.customer_hide_options', $customer_hide_option)) {
throw new Exception("You cannot access this resource", 405);
}
$customer_ids = array(
$this->getUserDetail('customerid')
);
}
return $customer_ids;
}
/**
* increase/decrease a resource field for customers/admins
*

19
lib/classes/api/commands/class.Certificates.php
View File

@@ -50,18 +50,27 @@ class Certificates extends ApiCommand implements ResourceEntity
'id' => $domainid,
'domainname' => $domainname
));
$domainid = $domain['id'];
// parameters
$ssl_cert_file = $this->getParam('ssl_cert_file');
$ssl_key_file = $this->getParam('ssl_key_file');
$ssl_ca_file = $this->getParam('ssl_ca_file', true, '');
$ssl_cert_chainfile = $this->getParam('ssl_cert_chainfile', true, '');
$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, true);
$idna_convert = new idna_convert_wrapper();
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added ssl-certificate for '" . $domain['domain'] . "'");
// validate whether the domain does not already have an entry
$result = $this->apiCall('Certificates.get', array(
'id' => $domain['id']
'id' => $domainid
));
return $this->response(200, "successfull", $result);
if (empty($result)) {
$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, true);
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added ssl-certificate for '" . $domain['domain'] . "'");
$result = $this->apiCall('Certificates.get', array(
'id' => $domain['id']
));
return $this->response(200, "successfull", $result);
}
throw new Exception("Domain '" . $domain['domain'] . "' already has a certificate. Did you mean to call update?", 406);
}
/**

33
lib/classes/api/commands/class.Ftps.php
View File

@@ -448,43 +448,14 @@ class Ftps extends ApiCommand implements ResourceEntity
*/
public function listing()
{
if ($this->isAdmin()) {
// if we're an admin, list all ftp-users of all the admins customers
// or optionally for one specific customer identified by id or loginname
$customerid = $this->getParam('customerid', true, 0);
$loginname = $this->getParam('loginname', true, '');
if (! empty($customerid) || ! empty($loginname)) {
$_result = $this->apiCall('Customers.get', array(
'id' => $customerid,
'loginname' => $loginname
));
$custom_list_result = array(
$_result
);
} else {
$_custom_list_result = $this->apiCall('Customers.listing');
$custom_list_result = $_custom_list_result['list'];
}
$customer_ids = array();
foreach ($custom_list_result as $customer) {
$customer_ids[] = $customer['customerid'];
}
} else {
if (Settings::IsInList('panel.customer_hide_options', 'ftp')) {
throw new Exception("You cannot access this resource", 405);
}
$customer_ids = array(
$this->getUserDetail('customerid')
);
}
$customer_ids = $this->getAllowedCustomerIds('ftp');
$result = array();
$params['customerid'] = implode(", ", $customer_ids);
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_FTP_USERS . "`
WHERE `customerid` IN (:customerid)
");
Database::pexecute($result_stmt, $params);
Database::pexecute($result_stmt, $params, true, true);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$result[] = $row;
}

31
lib/classes/api/commands/class.Mysqls.php
View File

@@ -425,36 +425,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
{
$result = array();
$dbserver = $this->getParam('mysql_server', true, - 1);
if ($this->isAdmin()) {
// if we're an admin, list all databases of all the admins customers
// or optionally for one specific customer identified by id or loginname
$customerid = $this->getParam('customerid', true, 0);
$loginname = $this->getParam('loginname', true, '');
if (! empty($customer_id) || ! empty($loginname)) {
$customer = $this->apiCall('Customers.get', array(
'id' => $customerid,
'loginname' => $loginname
));
$custom_list_result = array(
$customer
);
} else {
$_custom_list_result = $this->apiCall('Customers.listing');
$custom_list_result = $_custom_list_result['list'];
}
$customer_ids = array();
foreach ($custom_list_result as $customer) {
$customer_ids[] = $customer['customerid'];
}
} else {
if (Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405);
}
$customer_ids = array(
$this->getUserDetail('customerid')
);
}
$customer_ids = $this->getAllowedCustomerIds('mysql');
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
WHERE `customerid`= :customerid AND `dbserver` = :dbserver

2
lib/classes/api/commands/class.SubDomains.php
View File

@@ -247,6 +247,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
$stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
`customerid` = :customerid,
`adminid` = :adminid,
`domain` = :domain,
`documentroot` = :documentroot,
`aliasdomain` = :aliasdomain,
@@ -268,6 +269,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
");
$params = array(
"customerid" => $customer['customerid'],
"adminid" => $customer['adminid'],
"domain" => $completedomain,
"documentroot" => $path,
"aliasdomain" => $aliasdomain != 0 ? $aliasdomain : null,

1
phpunit.xml
View File

@@ -14,6 +14,7 @@
<directory>tests/IpsAndPorts</directory>
<directory>tests/Domains</directory>
<directory>tests/SubDomains</directory>
<directory>tests/Certificates</directory>
<directory>tests/Ftps</directory>
</testsuite>
</testsuites>

194
tests/Certificates/CertificatesTest.php Normal file
View File

@@ -0,0 +1,194 @@
<?php
use PHPUnit\Framework\TestCase;
/**
* @covers ApiCommand
* @covers Certificates
*/
class CertificatesTest extends TestCase
{
public function testAdminCertificatesAdd()
{
global $admin_userdata;
$certdata = $this->generateKey();
$json_result = Certificates::getLocal($admin_userdata, array(
'domainname' => 'test2.local',
'ssl_cert_file' => $certdata['cert'],
'ssl_key_file' => $certdata['key']
))->add();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(3, $result['domainid']);
}
public function testResellerCertificatesAddAgain()
{
global $admin_userdata;
// get reseller
$json_result = Admins::getLocal($admin_userdata, array(
'loginname' => 'reseller'
))->get();
$reseller_userdata = json_decode($json_result, true)['data'];
$reseller_userdata['adminsession'] = 1;
$certdata = $this->generateKey();
$this->expectExceptionCode(406);
$this->expectExceptionMessage("Domain 'test2.local' already has a certificate. Did you mean to call update?");
$json_result = Certificates::getLocal($reseller_userdata, array(
'domainname' => 'test2.local',
'ssl_cert_file' => $certdata['cert'],
'ssl_key_file' => $certdata['key']
))->add();
}
public function testCustomerCertificatesAdd()
{
global $admin_userdata;
// get customer
$json_result = Customers::getLocal($admin_userdata, array(
'loginname' => 'test1'
))->get();
$customer_userdata = json_decode($json_result, true)['data'];
$certdata = $this->generateKey();
$json_result = Certificates::getLocal($customer_userdata, array(
'domainname' => 'mysub2.test2.local',
'ssl_cert_file' => $certdata['cert'],
'ssl_key_file' => $certdata['key']
))->add();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(5, $result['domainid']);
}
public function testAdminCertificatesList()
{
global $admin_userdata;
$json_result = Certificates::getLocal($admin_userdata)->listing();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(2, $result['count']);
}
public function testResellerCertificatesList()
{
global $admin_userdata;
// get reseller
$json_result = Admins::getLocal($admin_userdata, array(
'loginname' => 'reseller'
))->get();
$reseller_userdata = json_decode($json_result, true)['data'];
$reseller_userdata['adminsession'] = 1;
$json_result = Certificates::getLocal($reseller_userdata)->listing();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(2, $result['count']);
}
public function testCustomerCertificatesList()
{
global $admin_userdata;
// get customer
$json_result = Customers::getLocal($admin_userdata, array(
'loginname' => 'test1'
))->get();
$customer_userdata = json_decode($json_result, true)['data'];
$json_result = Certificates::getLocal($customer_userdata)->listing();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(2, $result['count']);
}
public function testAdminCertificatesUpdate()
{
global $admin_userdata;
$certdata = $this->generateKey();
$json_result = Certificates::getLocal($admin_userdata, array(
'domainname' => 'test2.local',
'ssl_cert_file' => $certdata['cert'],
'ssl_key_file' => $certdata['key']
))->update();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(3, $result['domainid']);
$this->assertEquals(str_replace("\n", "", $certdata['cert']), str_replace("\n", "", $result['ssl_cert_file']));
}
public function testCustomerCertificatesUpdate()
{
global $admin_userdata;
// get customer
$json_result = Customers::getLocal($admin_userdata, array(
'loginname' => 'test1'
))->get();
$customer_userdata = json_decode($json_result, true)['data'];
$certdata = $this->generateKey();
$json_result = Certificates::getLocal($customer_userdata, array(
'domainname' => 'mysub2.test2.local',
'ssl_cert_file' => $certdata['cert'],
'ssl_key_file' => $certdata['key']
))->update();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(5, $result['domainid']);
$this->assertEquals(str_replace("\n", "", $certdata['cert']), str_replace("\n", "", $result['ssl_cert_file']));
}
/**
* @depends testAdminCertificatesUpdate
*/
public function testCustomerCertificatesDelete()
{
global $admin_userdata;
// get customer
$json_result = Customers::getLocal($admin_userdata, array(
'loginname' => 'test1'
))->get();
$customer_userdata = json_decode($json_result, true)['data'];
$json_result = Certificates::getLocal($customer_userdata, array(
'id' => 1
))->delete();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(3, $result['domainid']);
}
private function generateKey()
{
$dn = array(
"countryName" => "DE",
"stateOrProvinceName" => "Hessen",
"localityName" => "Frankfurt",
"organizationName" => "Froxlor",
"organizationalUnitName" => "Testing",
"commonName" => "test2.local",
"emailAddress" => "team@froxlor.org"
);
// generate key pair
$privkey = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA
));
// generate csr
$csr = openssl_csr_new($dn, $privkey, array(
'digest_alg' => 'sha256'
));
// generate self-signed certificate
$sscert = openssl_csr_sign($csr, null, $privkey, 365, array(
'digest_alg' => 'sha256'
));
// export
openssl_csr_export($csr, $csrout);
openssl_x509_export($sscert, $certout);
openssl_pkey_export($privkey, $pkeyout, null);
return array(
'cert' => $certout,
'key' => $pkeyout
);
}
}

6
tests/Domains/DomainsTest.php
View File

@@ -77,10 +77,10 @@ class DomainsTest extends TestCase
public function testResellerDomainsAddWithCanEditPhpSettingsAllowedIp()
{
global $admin_userdata;
// first, allow reseller access to ip #3
// first, allow reseller access to ip #4
Admins::getLocal($admin_userdata, array(
'loginname' => 'reseller',
'ipaddress' => 3
'ipaddress' => 4
))->update();
// get reseller
$json_result = Admins::getLocal($admin_userdata, array(
@@ -91,7 +91,7 @@ class DomainsTest extends TestCase
$data = [
'domain' => 'test2.local',
'customerid' => 1,
'ipandport' => 3,
'ipandport' => 4,
'isemaildomain' => 1,
'subcanemaildomain' => 2
];

20
tests/IpsAndPorts/IpsAndPortsTest.php
View File

@@ -13,7 +13,7 @@ class IpsAndPortsTest extends TestCase
global $admin_userdata;
$json_result = IpsAndPorts::getLocal($admin_userdata)->listing();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(1, $result['count']);
$this->assertEquals(2, $result['count']);
$this->assertEquals('82.149.225.46', $result['list'][0]['ip']);
}
@@ -40,7 +40,7 @@ class IpsAndPortsTest extends TestCase
];
$json_result = IpsAndPorts::getLocal($admin_userdata, $data)->add();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(2, $result['id']);
$this->assertEquals(3, $result['id']);
$this->assertEquals(80, $result['port']);
}
@@ -66,7 +66,7 @@ class IpsAndPortsTest extends TestCase
];
$json_result = IpsAndPorts::getLocal($admin_userdata, $data)->add();
$result = json_decode($json_result, true)['data'];
$this->assertEquals(3, $result['id']);
$this->assertEquals(4, $result['id']);
$this->assertEquals('/var/www/html/', $result['docroot']);
}
@@ -84,10 +84,10 @@ class IpsAndPortsTest extends TestCase
public function testResellerIpsAndPortsList()
{
global $admin_userdata;
// update reseller to allow ip access to ip id #2
// update reseller to allow ip access to ip id #3
$json_result = Admins::getLocal($admin_userdata, array(
'loginname' => 'reseller',
'ipaddress' => array(2)
'ipaddress' => array(3)
))->update();
$reseller_userdata = json_decode($json_result, true)['data'];
$reseller_userdata['adminsession'] = 1;
@@ -109,7 +109,7 @@ class IpsAndPortsTest extends TestCase
))->get();
$reseller_userdata = json_decode($json_result, true)['data'];
$reseller_userdata['adminsession'] = 1;
$json_result = IpsAndPorts::getLocal($reseller_userdata, array('id' => 2))->get();
$json_result = IpsAndPorts::getLocal($reseller_userdata, array('id' => 3))->get();
$result = json_decode($json_result, true)['data'];
$this->assertEquals('82.149.225.47', $result['ip']);
}
@@ -120,7 +120,7 @@ class IpsAndPortsTest extends TestCase
public function testResellerIpsAndPortsGetRestrictedNotOwned()
{
global $admin_userdata;
// update reseller to allow ip access to ip id #2
// get reseller
$json_result = Admins::getLocal($admin_userdata, array(
'loginname' => 'reseller'
))->get();
@@ -134,7 +134,7 @@ class IpsAndPortsTest extends TestCase
public function testResellerIpsAndPortsAdd()
{
global $admin_userdata;
// update reseller to allow ip access to ip id #2
// get reseller
$json_result = Admins::getLocal($admin_userdata, array(
'loginname' => 'reseller'
))->get();
@@ -230,7 +230,7 @@ class IpsAndPortsTest extends TestCase
$reseller_userdata = json_decode($json_result, true)['data'];
$reseller_userdata['adminsession'] = 1;
$data = [
'id' => 2,
'id' => 3,
'ip' => '82.149.225.46'
];
$this->expectExceptionMessage("This IP/Port combination already exists.");
@@ -251,7 +251,7 @@ class IpsAndPortsTest extends TestCase
{
global $admin_userdata;
$data = [
'id' => 2
'id' => 3
];
$json_result = IpsAndPorts::getLocal($admin_userdata, $data)->delete();
$result = json_decode($json_result, true)['data'];

14
tests/bootstrap.php
View File

@@ -103,6 +103,20 @@ Database::query("INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "` SET
$defaultip = Database::lastInsertId();
Settings::Set('system.defaultip', $defaultip, true);
// add ssl ip (system default)
Database::query("INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "` SET
`ip` = '82.149.225.56',
`port` = '443',
`listen_statement` = '0',
`namevirtualhost_statement` = '0',
`vhostcontainer` = '1',
`vhostcontainer_servername_statement` = '1',
`specialsettings` = '',
`ssl` = '1'
");
$defaultip = Database::lastInsertId();
Settings::Set('system.defaultsslip', $defaultip, true);
// get userdata of admin 'admin'
$sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = '1'");
$admin_userdata = Database::pexecute_first($sel_stmt);