swaggboi/guestbook-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Throw 400s for invalid input

Browse Source
This commit is contained in:
swag 2022-04-09 15:35:24 -04:00
parent cc622dbdf1
commit a6b170eca3
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
guestbook-ng.pl
View File

@ -64,7 +64,7 @@ get '/' => sub ($c) { $c->redirect_to(page => {page => 'view'}) };
any [qw{GET POST}], '/sign' => sub ($c) { any [qw{GET POST}], '/sign' => sub ($c) {
my $v = $c->validation() if $c->req->method eq 'POST'; my $v = $c->validation() if $c->req->method eq 'POST';
if ($c->req->method eq 'POST' && $v->has_data) { if ($v && $v->has_data) {
my $name = $c->param('name') || 'Anonymous'; my $name = $c->param('name') || 'Anonymous';
my $url = $c->param('url'); my $url = $c->param('url');
my $message = $c->param('message'); my $message = $c->param('message');
@ -78,7 +78,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
$v->optional('url', 'not_empty')->size(1, 255) $v->optional('url', 'not_empty')->size(1, 255)
->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/); ->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);
unless ($v->has_error) { if ($v->has_error) {
$c->stash(status => 400)
}
else {
$c->message->create_post($name, $message, $url, $spam); $c->message->create_post($name, $message, $url, $spam);
$c->flash(error => 'This message was flagged as spam') if $spam; $c->flash(error => 'This message was flagged as spam') if $spam;
@ -86,6 +89,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
return $c->redirect_to(page => {page => 'view'}); return $c->redirect_to(page => {page => 'view'});
} }
} }
# Throw a 400 for POST with null body too
elsif ($v) {
$c->stash(status => 400)
}
# Try to randomize things for the CAPTCHA challenge. The # Try to randomize things for the CAPTCHA challenge. The
# string 'false' actually evaluates to true so this is an # string 'false' actually evaluates to true so this is an

11
t/sign.t
View File

@ -26,18 +26,23 @@ my %valid_form = (
message => 'Ayy... lmao', message => 'Ayy... lmao',
answer => 'false' answer => 'false'
); );
# Null POST body
my %null_form;
$t->ua->max_redirects(1); $t->ua->max_redirects(1);
# Valid requests # Valid requests
$t->get_ok('/sign')->status_is(200)->text_is(h2 => 'Sign the Guestbook'); $t->get_ok('/sign')->status_is(200)->text_is(h2 => 'Sign the Guestbook');
$t->post_ok('/sign', form => \%valid_form)->status_is(200); $t->post_ok('/sign', form => \%valid_form)->status_is(200)
->text_is(h2 => 'Messages from the World Wide Web');
# Invalid input # Invalid input
$t->post_ok('/sign', form => \%invalid_form)->status_is(200) $t->post_ok('/sign', form => \%invalid_form)->status_is(400)
->content_like(qr/cannot be blank/); ->content_like(qr/cannot be blank/);
$t->post_ok('/sign', form => \%invalid_form)->status_is(200) $t->post_ok('/sign', form => \%invalid_form)->status_is(400)
->content_like(qr/URL does not appear to be/); ->content_like(qr/URL does not appear to be/);
$t->post_ok('/sign', form => \%null_form)->status_is(400)
->text_is(h2 => 'Sign the Guestbook');
# Spam test # Spam test
$t->post_ok('/sign', form => \%spam_form)->status_is(403) $t->post_ok('/sign', form => \%spam_form)->status_is(403)