Changeset 90 for trunk

Timestamp:

04/12/11 14:46:22 (14 years ago)

Author:

Kris Deugau

Message:

/trunk

Checkpoint

• Comment-docu-tweak on addUser()
• Disallow blank usernames on creation
• Add docucomment on updateUser()
• Update getRecLine() to handle long records, switch to more compact $dbh->do() instead of explicit prepare/execute/fetch
• Update getDomRecs() to handle long records. Clean up SQL formatting.
• Update addRec() to handle long records
• Update updateRec() to handle long records
• Add fixme reminder to handle VegaDNS encrypted passwords (hex-coded MD5)
• Use getRecData() instead of local SQL for "Edit record" page
• Log user add and update actions
• Remember to set $permissions{admin} to 1 on update if user type is "superuser"
• Uncomment page=deluser segment; this was not integrated with the rest of the user add/update pages
• HTML-comment "Customer ID" (uid) on log pages; having trouble seeing a use-case
• Nitpick tweaks on record add/edit page
• Use HTML::Template's HTML-escaping on the record value on record add/edit page - required for eg SPF records with quotation marks

Location:

trunk

Files:

• DNSDB.pm (modified) (7 diffs)
• dns.cgi (modified) (6 diffs)
• templates/log.tmpl (modified) (2 diffs)
• templates/record.tmpl (modified) (2 diffs)

trunk/DNSDB.pm

@@ -690 +690 @@
 #   last name                   - defaults to blank
 #   phone                       - defaults to blank (could put other data within column def)
-# Returns (OK,OK) on success, (FAIL,<message>) on failure
+# Returns (OK,<uid>) on success, (FAIL,<message>) on failure
 sub addUser {
   $errstr = '';
@@ -699 +699 @@
   my $state = shift;
 
-  return ('FAIL',"Missing one or more required entries") if !defined($state);
+  return ('FAIL', "Missing one or more required entries") if !defined($state);
+  return ('FAIL', "Username must not be blank") if !$username;
 
   my $type = shift || 'u';      # create limited users by default - fwiw, not sure yet how this will interact with ACLs
@@ -816 +817 @@
 
 ## DNSDB:: updateUser()
-#
+# Update general data about user
 sub updateUser {
   my $dbh = shift;
@@ -1020 +1021 @@
   my $id = shift;
 
-  my $sql = "SELECT record_id,host,type,val,distance,weight,port,ttl".
-        (($def eq 'def' or $def eq 'y') ? ',group_id FROM default_' : ',domain_id FROM ').
-        "records WHERE record_id=?";
-  my $sth = $dbh->prepare($sql);
-  $sth->execute($id);
-
-  my ($recid,$host,$rtype,$val,$distance,$weight,$port,$ttl,$parid) = $sth->fetchrow_array();
-
-  if ($sth->err) {
+  my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl,r.longrec_id,l.recdata".
+        (($def eq 'def' or $def eq 'y') ? ',r.group_id FROM default_' : ',r.domain_id FROM ').
+        "records r LEFT OUTER JOIN longrecs l ON r.longrec_id=l.longrec_id WHERE record_id=?";
+  my $ret = $dbh->selectrow_hashref($sql, undef, ($id) ) or warn $dbh->errstr;
+
+  if ($dbh->err) {
     $errstr = $DBI::errstr;
     return undef;
   }
-  my %ret;
-  $ret{recid}   = $recid;
-  $ret{host}    = $host;
-  $ret{type}    = $rtype;
-  $ret{val}     = $val;
-  $ret{distance}= $distance;
-  $ret{weight}  = $weight;
-  $ret{port}    = $port;
-  $ret{ttl}     = $ttl;
-  $ret{parid}   = $parid;
-
-  return %ret;
+
+  $ret->{val} = $ret->{recdata} if $ret->{longrec_id};  # put the long data in the real value space
+  delete $ret->{longrec_id};    # remove these since they shouldn't be exposed - the caller
+  delete $ret->{recdata};       # should not care about "long records" vs normal ones.
+
+  return $ret;
 }
 
@@ -1065 +1057 @@
   my $direction = shift || 'ASC';
 
-  my $sql = "SELECT record_id,host,type,val,distance,weight,port,ttl FROM ";
-  if ($type eq 'def' or $type eq 'y') {
-    $sql .= " default_records where group_id=$id";
+  $type = 'y' if $type eq 'def';
+
+  my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl,r.longrec_id,l.recdata FROM ";
+  $sql .= "default_" if $type eq 'y';
+  $sql .= "records r ";
+  $sql .= "LEFT OUTER JOIN longrecs l ON r.longrec_id=l.longrec_id ";
+  if ($type eq 'y') {
+    $sql .= "WHERE r.group_id=?";
   } else {
-    $sql .= " records where domain_id=$id";
-  }
-  $sql .= " and not type=$reverse_typemap{SOA} order by $order $direction";
+    $sql .= "WHERE r.domain_id=?";
+  }
+  $sql .= " AND NOT r.type=$reverse_typemap{SOA} ORDER BY r.$order $direction";
 ##fixme:  need to set nstart properly (offset is not internally multiplied with limit)
-  $sql .= " limit $nrecs offset ".($nstart*$nrecs) if $nstart ne 'all';
-
-  my $sth = $dbh->prepare($sql);
-  $sth->execute;
+  $sql .= " LIMIT $nrecs OFFSET ".($nstart*$nrecs) if $nstart ne 'all';
+
+  my $sth = $dbh->prepare($sql) or warn $dbh->errstr;
+  $sth->execute($id) or warn "$sql: ".$sth->errstr;
 
   my @retbase;
   while (my $ref = $sth->fetchrow_hashref()) {
+    $ref->{val} = $ref->{recdata} if $ref->{longrec_id};        # put the long data in the real value space
+    delete $ref->{longrec_id};  # remove these since they shouldn't be exposed - the caller
+    delete $ref->{recdata};     # should not care about "long records" vs normal ones.
     push @retbase, $ref;
   }
@@ -1133 +1133 @@
   }
 
-  my $sql = "insert into ".($defrec eq 'y' ? 'default_' : '')."records ($fields) values ($vallen)";
-##fixme: use array for values, replace "vallist" with series of ?,?,? etc
-# something is bugging me about this...
-#warn "DEBUG: $sql";
-  my $sth = $dbh->prepare($sql);
-  $sth->execute(@vallist);
-
-  return ('FAIL',$sth->errstr) if $sth->err;
+  # Allow transactions, and raise an exception on errors so we can catch it later.
+  # Use local to make sure these get "reset" properly on exiting this block
+  local $dbh->{AutoCommit} = 0;
+  local $dbh->{RaiseError} = 1;
+
+  eval {
+    if (length($val) > 100 ) {
+      # extralong records get an entry in a separate table.
+      $dbh->do("INSERT INTO longrecs (recdata) VALUES (?)", undef, ($val) );
+      my ($longid) = $dbh->selectrow_array("SELECT longrec_id FROM longrecs WHERE recdata=?", undef, ($val) );
+      $fields .= ",longrec_id";
+      $vallen .= ",?";
+      push @vallist, $longid;
+      $vallist[3] = ''; # so we don't barf when we insert the main record
+    }
+    $dbh->do("INSERT INTO ".($defrec eq 'y' ? 'default_' : '')."records ($fields) VALUES ($vallen)",
+        undef, @vallist);
+    $dbh->commit;
+  };
+  if ($@) {
+    my $msg = $@;
+    eval { $dbh->rollback; };
+    return ('FAIL',$msg);
+  }
 
   return ('OK','OK');
+
 } # end addRec()
 
@@ -1179 +1196 @@
   }
 
-  my $sth = $dbh->prepare("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records ".
-        "SET host=?,type=?,val=?,ttl=?,distance=?,weight=?,port=? ".
-        "WHERE record_id=?");
-  $sth->execute($host,$type,$val,$ttl,$dist,$weight,$port,$id);
-
-  return ('FAIL',$sth->errstr."<br>\n$errstr<br>\n") if $sth->err;
+#  my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl,r.longrec_id,l.recdata FROM ";
+#  $sql .= "default_" if $type eq 'y';
+#  $sql .= "records r ";
+#  $sql .= "LEFT OUTER JOIN longrecs l ON r.longrec_id=l.longrec_id ";
+
+  # get the long record ID, if any
+  my ($longid) = $dbh->selectrow_array("SELECT longrec_id FROM ".($defrec eq 'y' ? 'default_' : '')."records ".
+        "WHERE record_id=?", undef, ($id) );
+
+  local $dbh->{AutoCommit} = 0;
+  local $dbh->{RaiseError} = 1;
+
+  eval {
+    # there's really no tidy way to squash this down.  :/
+    if (length($val) > 100) {
+      if ($longid) {
+        $dbh->do("UPDATE longrecs SET recdata=? WHERE longrec_id=?", undef, ($val, $longid) );
+      } else {
+##fixme:  has to be a better way to be sure we get the right recid back once inserted...
+        $dbh->do("INSERT INTO longrecs (recdata) VALUES (?)", undef, ($val) );
+        my ($newlongid) = $dbh->selectrow_array("SELECT currval('longrecs_longrec_id_seq')");
+        $dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records SET val=?,longrec_id=? ".
+                "WHERE record_id=?", undef, ('', $newlongid, $id) );
+      }
+    } else {
+      if ($longid) {
+        $dbh->do("DELETE FROM longrecs WHERE longrec_id=?", undef, ($longid) );
+        $dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records SET val=?,longrec_id=NULL ".
+                "WHERE record_id=?", undef, ($val, $id) );
+      } else {
+        $dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records SET val=? ".
+                "WHERE record_id=?", undef, ($val, $id) );
+      }
+    }
+
+    $dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records ".
+        "SET host=?,type=?,ttl=?,distance=?,weight=?,port=? ".
+        "WHERE record_id=?", undef, ($host, $type, $ttl, $dist, $weight, $port, $id) );
+
+  };
+  if ($@) {
+    my $msg = $@;
+    $dbh->rollback;
+    return ('FAIL', $msg);
+  }
+#  return ('FAIL',$sth->errstr."<br>\n$errstr<br>\n") if $sth->err;
 
   return ('OK','OK');

trunk/dns.cgi

@@ -116 +116 @@
     $webvar{loginfailed} = 1 if !defined($uid);
 
+##fixme:  allow imported VegaDNS passwords.  hash is hex-coded MD5.
+#perl -e 'use Digest::MD5 qw(md5 md5_hex md5_base64); print md5_hex("test")."\n";'
+#098f6bcd4621d373cade4e832627b4f6
+
     if ($pass =~ m|^\$1\$([A-Za-z0-9/.]+)\$|) {
       $webvar{loginfailed} = 1 if $pass ne unix_md5_crypt($webvar{password},$1);
@@ -343 +347 @@
     $page->param(id             => $webvar{id});
     $page->param(defrec         => $webvar{defrec});
-##fixme: SQL does not belong!
-    my $sth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl FROM ".
-        ($webvar{defrec} eq 'y' ? 'default_' : '')."records WHERE record_id=?");
-    $sth->execute($webvar{id});
-    my ($host,$type,$val,$distance,$weight,$port,$ttl) = $sth->fetchrow_array;
-    $page->param(name           => $host);
-    $page->param(address        => $val);
-    $page->param(distance       => $distance);
-    $page->param(weight         => $weight);
-    $page->param(port           => $port);
-    $page->param(ttl            => $ttl);
-    fill_rectypes($type);
+    my $recdata = getRecLine($dbh, $webvar{defrec}, $webvar{id});
+    $page->param(name           => $recdata->{host});
+    $page->param(address        => $recdata->{val});
+    $page->param(distance       => $recdata->{distance});
+    $page->param(weight         => $recdata->{weight});
+    $page->param(port           => $recdata->{port});
+    $page->param(ttl            => $recdata->{ttl});
+    fill_rectypes($recdata->{type});
 
   } elsif ($webvar{recact} eq 'update') {
@@ -660 +660 @@
                 ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
                 $webvar{fname}, $webvar{lname}, $webvar{phone});
+        logaction(0, $session->param("username"), $curgroup, "Added user $webvar{uname} (uid $msg)")
+                if $code eq 'OK';
       } else {
 # User update is icky.  I'd really like to do this in one atomic
@@ -670 +672 @@
 ##fixme - need to actually get a correct permission set to pass in here,
 # also a flag to revert custom permissions to inherited
+          $newperms{admin} = 1 if $webvar{accttype} eq 'S';
           ($code,$msg) = changePermissions($dbh, 'user', $webvar{uid}, \%newperms, ($permstring eq 'i'));
         }
+        logaction(0, $session->param("username"), $curgroup,
+                "Updated uid $webvar{uid}, user $webvar{uname} ($webvar{fname} $webvar{lname})");
       }
     }
@@ -677 +682 @@
     if ($code eq 'OK') {
 
-##fixme:  log doesn't log.  WTF?  O_o
-      logaction(0, $session->param("username"), $webvar{group},
-        ($webvar{action} eq 'add' ? 'Added' : 'Updated')." uid $webvar{uid}, user $webvar{uname} ($webvar{fname} $webvar{lname})");
       if ($alterperms) {
         changepage(page => "useradmin", warnmsg =>
@@ -810 +812 @@
 ##  $page->param(add_failed => 1);
 #
-#} elsif ($webvar{page} eq 'deluser') {
-#
-#  $page->param(id => $webvar{id});
-#  # first pass = confirm y/n (sorta)
-#  if (!defined($webvar{del})) {
-#    $page->param(del_getconf => 1);
-#    $page->param(user => userFullName($dbh,$webvar{id}));
-#  } elsif ($webvar{del} eq 'ok') {
-###fixme: find group id user is in (for logging) *before* we delete the user
-#    my ($code,$msg) = delUser($dbh, $webvar{id});
-#    if ($code ne 'OK') {
-## need to find failure mode
-#      $page->param(del_failed => 1);
-#      $page->param(errmsg => $msg);
-#      list_users($curgroup);
-#    } else {
-#      # success.  go back to the user list, do not pass "GO"
-###log
-#      logaction(0, $session->param("username"), $webvar{group}, "Added domain $webvar{domain}");
-#      changepage(page => "useradmin");
-#    }
-#  } else {
-#    # cancelled.  whee!
-#    changepage(page => "useradmin");
-#  }
-#
+
+} elsif ($webvar{page} eq 'deluser') {
+
+  $page->param(id => $webvar{id});
+  # first pass = confirm y/n (sorta)
+  if (!defined($webvar{del})) {
+    $page->param(del_getconf => 1);
+    $page->param(user => userFullName($dbh,$webvar{id}));
+  } elsif ($webvar{del} eq 'ok') {
+##fixme: find group id user is in (for logging) *before* we delete the user
+##fixme: get other user data too for log
+    my ($code,$msg) = delUser($dbh, $webvar{id});
+    if ($code ne 'OK') {
+# need to find failure mode
+      $page->param(del_failed => 1);
+      $page->param(errmsg => $msg);
+      list_users($curgroup);
+    } else {
+      # success.  go back to the user list, do not pass "GO"
+##log
+      logaction(0, $session->param("username"), $curgroup, "Deleted user $webvar{id}");
+      changepage(page => "useradmin");
+    }
+  } else {
+    # cancelled.  whee!
+    changepage(page => "useradmin");
+  }
+
 #} elsif ($webvar{page} eq 'edituser') {
 

trunk/templates/log.tmpl

@@ -11 +11 @@
   <tr class="darkrowheader">
       <td>Name</td>
-      <td>Customer ID</td>
-      <td>Email</td>
+      <!-- Not sure "Customer ID" (filled with uid) is of any use... -->
+      <!-- td>Customer ID</td -->
+      <td>Username/Email</td>
       <td>Log Entry</td>
       <td>Date / Time</td>
@@ -20 +21 @@
     <tr class="datalinelight">
         <td><TMPL_VAR NAME=userfname></td>
-        <td><TMPL_VAR NAME=userid></td>
+        <!-- td><TMPL_VAR NAME=userid></td -->
         <td><TMPL_VAR NAME=useremail></td>
         <td><TMPL_VAR NAME=logentry></td>

trunk/templates/record.tmpl

@@ -19 +19 @@
 
     <table border="0" cellspacing="2" cellpadding="2" width="100%">
-<TMPL_IF failed><tr><td class="errhead" colspan="2">Error <TMPL_VAR NAME=wastrying> record: <TMPL_VARNAME=errmsg></td></tr></TMPL_IF>
+<TMPL_IF failed>        <tr><td class="errhead" colspan="2">Error <TMPL_VAR NAME=wastrying> record: <TMPL_VARNAME=errmsg></td></tr></TMPL_IF>
         <tr class="tableheader"><td align="center" colspan="2"><TMPL_VAR NAME=todo>: <TMPL_VAR NAME=dohere></td></tr>
         <tr class="datalinelight">
@@ -28 +28 @@
                 <td>Type</td>
                 <td><select name="type">
-        <TMPL_LOOP NAME=typelist>
+<TMPL_LOOP NAME=typelist>
                         <option value="<TMPL_VAR NAME=recval>"<TMPL_IF NAME=tselect> selected="selected"</TMPL_IF>><TMPL_VAR NAME=recname></option>
-        </TMPL_LOOP>
+</TMPL_LOOP>
                 </select></td>
         </tr>
         <tr class="datalinelight">
                 <td>Address</td>
-                <td><input type="text" name="address" value="<TMPL_VAR NAME=address>" /></td>
+                <td><input type="text" name="address" value="<TMPL_VAR ESCAPE=HTML NAME=address>" /></td>
         </tr>
         <tr class="datalinelight">