From cb9819aa2e40d6f3e363d86fd0e2931fffc228f4 Mon Sep 17 00:00:00 2001 From: Tom Bloor Date: Sat, 8 Apr 2017 15:10:05 +0100 Subject: [PATCH] Added validation on Token adding and editing --- lib/Pear/LocalLoop/Controller/Admin/Tokens.pm | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/lib/Pear/LocalLoop/Controller/Admin/Tokens.pm b/lib/Pear/LocalLoop/Controller/Admin/Tokens.pm index 6cc0ead..982aca8 100644 --- a/lib/Pear/LocalLoop/Controller/Admin/Tokens.pm +++ b/lib/Pear/LocalLoop/Controller/Admin/Tokens.pm @@ -17,12 +17,17 @@ sub index { # POST sub create { my $c = shift; + my $validation = $c->validation; + $validation->required('token-name', 'trim')->like(qr/^[\w]*$/); - my $token_name = $c->param('token-name'); + my $token_name = $validation->param('token-name'); my $token_rs = $c->result_set; - if ( $token_rs->find({ accounttokenname => $token_name }) ) { + if ( $validation->has_error ) { + # Only one validator, fairly obvious whats broke + $c->flash( error => 'Token name not valid - Alphanumeric characters and Underscore only' ); + } elsif ( $token_rs->find({ accounttokenname => $token_name }) ) { $c->flash( error => 'Token Already Exists' ); } else { $c->flash( success => 'Token Created' ); @@ -48,13 +53,20 @@ sub read { # POST sub update { my $c = shift; + my $validation = $c->validation; + $validation->required('token-name', 'trim')->like(qr/^[\w]*$/); + $validation->required('token-used')->in( qw/ 0 1 / ); my $id = $c->param('id'); - if ( my $token = $c->result_set->find($id) ) { + if ( $validation->has_error ) { + my $names = $validation->failed; + $c->flash( error => 'Error in submitted data: ' . join(', ', @$names) ); + $c->redirect_to( '/admin/tokens/' . $id ); + } elsif ( my $token = $c->result_set->find($id) ) { $token->update({ - accounttokenname => $c->param('token-name'), - used => $c->param('token-used'), + accounttokenname => $validation->param('token-name'), + used => $validation->param('token-used'), }); $c->flash( success => 'Token Updated' ); $c->redirect_to( '/admin/tokens/' . $id );