test parameter format in dedicated handler

bdb22db1 · Guillaume ROUSSE · fc788d00 · bdb22db1
Commit bdb22db1 authored 7 years ago by Guillaume ROUSSE
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -19,17 +19,11 @@ use AccountManager::Service;
 use AccountManager::Token;
 use AccountManager::Tools;

-## Defining parameters format
-my $urn_or_url_regex = '(http(s?):\/\/|urn:)[^\\\$\*\"\'\`\^\|\<\>\n\s]+'
-  ;    ## Format de type URL HTTP ou URN
-my $url_regex     = 'http(s?):\/\/[^\\\$\*\"\'\`\^\|\<\>\n\s]+';
-my $email_regex   = '([\w\-\_\.\/\+\=\'\&]+|\".*\")\@[\w\-]+(\.[\w\-]+)+';
-my $domains_regex = '[\w\.\-]+(,[\w\.\-]+)*';
-my %format        = (
-    ## URL
-    #'attributeauthority' => $url_regex,
-    'entityid' => $urn_or_url_regex,
-);
+# Format de type URL HTTP ou URN
+my $urn_or_url_regex = '(http(s?):\/\/|urn:)[^\\\$\*\"\'\`\^\|\<\>\n\s]+';
+my $url_regex        = 'http(s?):\/\/[^\\\$\*\"\'\`\^\|\<\>\n\s]+';
+my $email_regex      = '([\w\-\_\.\/\+\=\'\&]+|\".*\")\@[\w\-]+(\.[\w\-]+)+';
+my $domains_regex    = '[\w\.\-]+(,[\w\.\-]+)*';

 my %actions = (
    home               => 'req_home',
@@ -85,23 +79,6 @@ sub run {
        $parameters{$parameter} =~ s/\s+$//; # remove trailing spaces
        $parameters{$parameter} =~ s/^\s+//; # remove leading spaces

-        # format check
-        if (defined $format{$parameter}
-            && !ref($format{$parameter})) {
-            if ($parameters{$parameter} !~ /^$format{$parameter}$/) {
-                $self->{logger}->error(
-                    "Incorrect parameter format : $parameter"
-                );
-                $self->respond(
-                    template => 'index.tt2.html',
-                    data     => {
-                        content => 'errors.tt2.html',
-                        errors  => [ "format_$parameter" ]
-                    }
-                );
-            }
-        }
-
        # If action_xx parameter is set, set action parameter with value xx
        if ($parameter =~ /^action_(\w+)$/) {
            $parameters{action} = $1;
@@ -168,7 +145,6 @@ sub respond {
        printf "Content-type: text/plain\n\n Error: %s", $tt2->error();
        $self->{logger}->errorf("Web parser error : %s", $tt2->error());
    }
-
 }

 sub req_select_sp {
@@ -207,8 +183,8 @@ sub req_select_sp {
 sub req_select_email {
    my ($self) = @_;

-    unless ($self->{in}->{entityid}) {
-        $self->{logger}->error("Missing parameter entityid");
+    if (! $self->{in}->{entityid}) {
+        $self->{logger}->error("Missing parameter: entityid");
        $self->respond(
            template => 'index-nobanner.tt2.html',
            data     => {
@@ -218,6 +194,17 @@ sub req_select_email {
        );
    }

+    if ($self->{in}->{entityid} !~ m/^$urn_or_url_regex$/) {
+        $self->{logger}->error("Incorrect parameter format: entityid");
+        $self->respond(
+            template => 'index-nobanner.tt2.html',
+            data     => {
+                content => 'errors.tt2.html',
+                errors  => [ "format_entityid" ]
+            }
+        );
+    }
+
    # Create a persistent service provider object
    my $provider = AccountManager::Service->new(
        db       => $self->{db},