From 61430dd1d468418dac607082a6f64925989dccf6 Mon Sep 17 00:00:00 2001 From: Lukas Metzger Date: Sat, 31 Mar 2018 12:59:12 +0200 Subject: [PATCH] Added GET /records/{recordId}/credentials --- backend/src/controllers/Credentials.php | 46 +++++++++++++++++ backend/src/operations/Credentials.php | 68 +++++++++++++++++++++++++ backend/src/public/index.php | 2 + backend/test/db.sql | 48 +++++++++++++++-- backend/test/tests/credentials-get.js | 25 +++++++++ 5 files changed, 184 insertions(+), 5 deletions(-) create mode 100644 backend/src/controllers/Credentials.php create mode 100644 backend/src/operations/Credentials.php create mode 100644 backend/test/tests/credentials-get.js diff --git a/backend/src/controllers/Credentials.php b/backend/src/controllers/Credentials.php new file mode 100644 index 0000000..14374b1 --- /dev/null +++ b/backend/src/controllers/Credentials.php @@ -0,0 +1,46 @@ +logger = $c->logger; + $this->c = $c; + } + + public function getList(Request $req, Response $res, array $args) + { + $userId = $req->getAttribute('userId'); + $recordId = intval($args['recordId']); + + $ac = new \Operations\AccessControl($this->c); + if (!$ac->canAccessRecord($userId, $recordId)) { + $this->logger->info('Non admin user tries to get credentials for record without permission.'); + return $res->withJson(['error' => 'You have no permissions for this record.'], 403); + } + + $credentials = new \Operations\Credentials($this->c); + + $paging = new \Utils\PagingInfo($req->getQueryParam('page'), $req->getQueryParam('pagesize')); + + $results = $credentials->getCredentials($paging, $recordId); + + return $res->withJson([ + 'paging' => $paging->toArray(), + 'results' => $results + ], 200); + } +} diff --git a/backend/src/operations/Credentials.php b/backend/src/operations/Credentials.php new file mode 100644 index 0000000..15d55be --- /dev/null +++ b/backend/src/operations/Credentials.php @@ -0,0 +1,68 @@ +logger = $c->logger; + $this->db = $c->db; + $this->c = $c; + } + + /** + * Get a list of credentials + * + * @param $pi PageInfo object, which is also updated with total page number + * @param $recordId Id of the record for which the table should be retrieved + * + * @return array Array with credentials + */ + public function getCredentials(\Utils\PagingInfo &$pi, int $recordId) : array + { + //Count elements + if ($pi->pageSize === null) { + $pi->totalPages = 1; + } else { + $query = $this->db->prepare(' + SELECT COUNT(*) AS total + FROM remote + WHERE record=:recordId + '); + + $query->bindValue(':recordId', $recordId, \PDO::PARAM_INT); + $query->execute(); + $record = $query->fetch(); + + $pi->totalPages = ceil($record['total'] / $pi->pageSize); + } + + $pageStr = \Services\Database::makePagingString($pi); + + $query = $this->db->prepare('SELECT id,description,type FROM remote WHERE record=:recordId ORDER BY id ASC' . $pageStr); + $query->bindValue(':recordId', $recordId, \PDO::PARAM_INT); + $query->execute(); + + $data = $query->fetchAll(); + + return array_map(function ($item) { + $item['id'] = intval($item['id']); + return $item; + }, $data); + } +} diff --git a/backend/src/public/index.php b/backend/src/public/index.php index 49dfb1d..dbe1faa 100644 --- a/backend/src/public/index.php +++ b/backend/src/public/index.php @@ -41,6 +41,8 @@ $app->group('/v1', function () { $this->delete('/records/{recordId}', '\Controllers\Records:delete'); $this->get('/records/{recordId}', '\Controllers\Records:getSingle'); $this->put('/records/{recordId}', '\Controllers\Records:put'); + + $this->get('/records/{recordId}/credentials', '\Controllers\Credentials:getList'); })->add('\Middlewares\Authentication'); }); diff --git a/backend/test/db.sql b/backend/test/db.sql index d2ea5e9..111c570 100644 --- a/backend/test/db.sql +++ b/backend/test/db.sql @@ -3,11 +3,10 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Generation Time: Mar 24, 2018 at 01:13 PM +-- Generation Time: Mar 31, 2018 at 12:51 PM -- Server version: 5.7.21-0ubuntu0.16.04.1 -- PHP Version: 7.0.28-0ubuntu0.16.04.1 -SET FOREIGN_KEY_CHECKS=0; SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET time_zone = "+00:00"; @@ -17,6 +16,10 @@ SET time_zone = "+00:00"; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8mb4 */; +-- +-- Database: `pdnsnew` +-- + -- -------------------------------------------------------- -- @@ -144,6 +147,31 @@ INSERT INTO `records` (`id`, `domain_id`, `name`, `type`, `content`, `ttl`, `pri -- -------------------------------------------------------- +-- +-- Table structure for table `remote` +-- + +DROP TABLE IF EXISTS `remote`; +CREATE TABLE `remote` ( + `id` int(11) NOT NULL, + `record` int(11) NOT NULL, + `description` varchar(255) NOT NULL, + `type` varchar(20) NOT NULL, + `security` varchar(2000) NOT NULL, + `nonce` varchar(255) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Dumping data for table `remote` +-- + +INSERT INTO `remote` (`id`, `record`, `description`, `type`, `security`, `nonce`) VALUES +(1, 1, 'Password Test', 'password', '$2y$10$5Gxh6yus9yi/FHpKD4k8Zez.OAhGZoa7JgwOWZ059/kDyBP3vI9aK', NULL), +(2, 4, 'Key Test', 'key', '-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5mu3aH90uSXY9sVLgVSz\nKj4FEctrpFDPyVC4ufbJa/44fuLABFe+IizgZUheNBBO7FjpLJYvsL24o6TEeht4\no5j0KHrRHXqp4WQuAL3ZREv/AhNaOC9/xyjoGwUkKkdC2bIfh0J/ACkezxvUrPsh\nbzhzY+co/M9PqlgTbjKjvlv/pRj2dSp98FzUme3HCh7Nn1EOM3yPMtaKNA9Qkkz1\noalfR3xmJjIanoS9zcK77/yyQ8VwI//CgxvnpnWbORZG0B9W2ZBoI8Bj4zprbbFG\nKNmrb403wfDijYF3MXpSMjKvJ5YVuZsn35EWIi5tqFc0oV7Ryy9nBHzKeoYN7Szs\nrXIS5+ZcQDLuN+pqJ7ByVaw4aVn85py8IdO0IYD5xeKd1i0iqm+KSoFTS1jiNSZu\n6iVl4odixWtW7oPLYBbd/vD2F7Ua5cLd12Rs+6kEVtlpnIf7txyFQL4QHYJxB7fI\ny+m70mfufVvKbFh/mHkhe+Arv71ERDMfAV3AD8++axLqYfU/LLFzanjwIBctAA9a\nj++G0lwl1adURwnBeq8+YrMU4/wg9efquKXLR40dU9nkMJOm5tPm+XHt4o3wio4X\n2FqnD57I7qJCWVc00HtpeWno5vHL+eJu0TdxjBuYXnQfwa1z9pWvGaoBtg7tyHgv\ng7YZJzF1MW5N9ZqnkdFJVEsCAwEAAQ==\n-----END PUBLIC KEY-----', NULL), +(3, 1, 'Key Test 2', 'key', '-----BEGIN PUBLIC KEY-----\r\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5mu3aH90uSXY9sVLgVSz\r\nKj4FEctrpFDPyVC4ufbJa/44fuLABFe+IizgZUheNBBO7FjpLJYvsL24o6TEeht4\r\no5j0KHrRHXqp4WQuAL3ZREv/AhNaOC9/xyjoGwUkKkdC2bIfh0J/ACkezxvUrPsh\r\nbzhzY+co/M9PqlgTbjKjvlv/pRj2dSp98FzUme3HCh7Nn1EOM3yPMtaKNA9Qkkz1\r\noalfR3xmJjIanoS9zcK77/yyQ8VwI//CgxvnpnWbORZG0B9W2ZBoI8Bj4zprbbFG\r\nKNmrb403wfDijYF3MXpSMjKvJ5YVuZsn35EWIi5tqFc0oV7Ryy9nBHzKeoYN7Szs\r\nrXIS5+ZcQDLuN+pqJ7ByVaw4aVn85py8IdO0IYD5xeKd1i0iqm+KSoFTS1jiNSZu\r\n6iVl4odixWtW7oPLYBbd/vD2F7Ua5cLd12Rs+6kEVtlpnIf7txyFQL4QHYJxB7fI\r\ny+m70mfufVvKbFh/mHkhe+Arv71ERDMfAV3AD8++axLqYfU/LLFzanjwIBctAA9a\r\nj++G0lwl1adURwnBeq8+YrMU4/wg9efquKXLR40dU9nkMJOm5tPm+XHt4o3wio4X\r\n2FqnD57I7qJCWVc00HtpeWno5vHL+eJu0TdxjBuYXnQfwa1z9pWvGaoBtg7tyHgv\r\ng7YZJzF1MW5N9ZqnkdFJVEsCAwEAAQ==\r\n-----END PUBLIC KEY-----', NULL); + +-- -------------------------------------------------------- + -- -- Table structure for table `supermasters` -- @@ -229,7 +257,7 @@ ALTER TABLE `domains` -- Indexes for table `permissions` -- ALTER TABLE `permissions` - ADD PRIMARY KEY (`user_id`, `domain_id`); + ADD PRIMARY KEY (`user_id`,`domain_id`); -- -- Indexes for table `records` @@ -240,6 +268,12 @@ ALTER TABLE `records` ADD KEY `domain_id` (`domain_id`), ADD KEY `ordername` (`ordername`); +-- +-- Indexes for table `remote` +-- +ALTER TABLE `remote` + ADD PRIMARY KEY (`id`); + -- -- Indexes for table `supermasters` -- @@ -289,6 +323,11 @@ ALTER TABLE `domains` ALTER TABLE `records` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=5; -- +-- AUTO_INCREMENT for table `remote` +-- +ALTER TABLE `remote` + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4; +-- -- AUTO_INCREMENT for table `tsigkeys` -- ALTER TABLE `tsigkeys` @@ -297,8 +336,7 @@ ALTER TABLE `tsigkeys` -- AUTO_INCREMENT for table `users` -- ALTER TABLE `users` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=8;SET FOREIGN_KEY_CHECKS=1; - + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=8; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; diff --git a/backend/test/tests/credentials-get.js b/backend/test/tests/credentials-get.js new file mode 100644 index 0000000..1adda76 --- /dev/null +++ b/backend/test/tests/credentials-get.js @@ -0,0 +1,25 @@ +const test = require('../testlib'); + +test.run(async function () { + await test('admin', async function (assert, req) { + //Test query + var res = await req({ + url: '/records/1/credentials', + method: 'get' + }); + + assert.equal(res.status, 200, 'Status should be OK'); + assert.equal(res.data.results, [ + { + id: 1, + description: 'Password Test', + type: 'password' + }, + { + id: 3, + description: 'Key Test 2', + type: 'key' + } + ], 'Result fail for ' + res.config.url); + }); +}); \ No newline at end of file