From 3f78bc8ea6a35b2e791952e8bc5a26ba63259942 Mon Sep 17 00:00:00 2001
From: Lukas Metzger <developer@lukas-metzger.com>
Date: Fri, 30 Mar 2018 14:31:44 +0200
Subject: [PATCH] Added validation for domain type

---
 backend/src/controllers/Domains.php |  8 +++-----
 backend/src/operations/Domains.php  |  4 ++++
 backend/test/tests/domains-crud.js  | 11 +++++++++++
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/backend/src/controllers/Domains.php b/backend/src/controllers/Domains.php
index 47d8718..3f03dea 100644
--- a/backend/src/controllers/Domains.php
+++ b/backend/src/controllers/Domains.php
@@ -60,11 +60,6 @@ class Domains
         $type = $body['type'];
         $master = isset($body['master']) ? $body['master'] : null;
 
-        if (!in_array($type, ['MASTER', 'NATIVE', 'SLAVE'])) {
-            $this->logger->info('Invalid type for new domain', ['type' => $type]);
-            return $res->withJson(['error' => 'Invalid type allowed are MASTER, NATIVE and SLAVE'], 422);
-        }
-
         $domains = new \Operations\Domains($this->c);
 
         try {
@@ -75,6 +70,9 @@ class Domains
         } catch (\Exceptions\AlreadyExistentException $e) {
             $this->logger->debug('Zone with name ' . $name . ' already exists.');
             return $res->withJson(['error' => 'Zone with name ' . $name . ' already exists.'], 409);
+        } catch (\Exceptions\SemanticException $e) {
+            $this->logger->info('Invalid type for new domain', ['type' => $type]);
+            return $res->withJson(['error' => 'Invalid type allowed are MASTER, NATIVE and SLAVE'], 400);
         }
     }
 
diff --git a/backend/src/operations/Domains.php b/backend/src/operations/Domains.php
index 5e28345..81c0330 100644
--- a/backend/src/operations/Domains.php
+++ b/backend/src/operations/Domains.php
@@ -122,6 +122,10 @@ class Domains
      */
     public function addDomain(string $name, string $type, ? string $master) : array
     {
+        if (!in_array($type, ['MASTER', 'SLAVE', 'NATIVE'])) {
+            throw new \Exceptions\SemanticException();
+        }
+
         $this->db->beginTransaction();
 
         $query = $this->db->prepare('SELECT id FROM domains WHERE name=:name');
diff --git a/backend/test/tests/domains-crud.js b/backend/test/tests/domains-crud.js
index e98f93f..a01f75f 100644
--- a/backend/test/tests/domains-crud.js
+++ b/backend/test/tests/domains-crud.js
@@ -24,6 +24,17 @@ test.run(async function () {
 
         assert.equal(res.status, 422, 'Missing master field for SLAVE domain should trigger error.');
 
+        var res = await req({
+            url: '/domains',
+            method: 'post',
+            data: {
+                name: 'abc.de',
+                type: 'FOO'
+            }
+        });
+
+        assert.equal(res.status, 400, 'Invalid domain type should trigger error.');
+
         var res = await req({
             url: '/domains',
             method: 'post',