Added validation for group creation

fb9dad6b · Ted Trask · 5d25b383 · fb9dad6b
Commit fb9dad6b authored Dec 23, 2013 by Ted Trask
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 34 deletions

vmail-model.lua vmail-model.lua +61 -34

No files found.
--- a/vmail-model.lua
+++ b/vmail-model.lua
@@ -322,6 +322,20 @@ local delete_user = function(username)
 	return true
 end

+local validateentry = function(entry)
+	local success = true
+	-- Validate the settings
+	if entry.value["vm-password"] and not string.match(entry.value["vm-password"].value, "^%d%d%d+$") then
+		success = false
+		entry.value["vm-password"].errtxt = "Passwords must be all numbers and at least three digits"
+	end
+	if entry.value["vm-password"] and entry.value["vm-password-confirm"] and entry.value["vm-password"].value ~= entry.value["vm-password-confirm"].value then
+		success = false
+		entry.value["vm-password-confirm"].errtxt = "Password does not match"
+	end
+	return success
+end
+
 -- ################################################################################
 -- PUBLIC FUNCTIONS

@@ -707,32 +721,54 @@ mymodule.set_bunchsettings = function (self, bunchdata)
 	
 		local sql = "BEGIN TRANSACTION"
 		vmaildb.runsqlcommand(sql)
-		
-		for line in string.gmatch(bunchdata.value.bunch.value, "[^\n]+") do
-			local username, firstname, lastname, password = string.match(line, "(%w+):(%w+):(%w+):(%w+)")
-			if username then
-				sql = "INSERT INTO voicemail_users VALUES(null, '"..vmaildb.escape(username).."')"
-				vmaildb.runsqlcommand(sql)
-
-				sql = "SELECT uid FROM voicemail_users where username ='"..vmaildb.escape(username).."'";
-				uid = vmaildb.getselectresponse(sql)
-
-				sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '2', '"..vmaildb.escape(tostring(firstname)).."')"
-				vmaildb.runsqlcommand(sql)
-
-				sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '3', '"..vmaildb.escape(tostring(lastname)).."')"
-				vmaildb.runsqlcommand(sql)
-		
-				sql = "INSERT INTO voicemail_prefs (username, domain, password) VALUES ('"..vmaildb.escape(username).."', '"..config.domain.."', '"..vmaildb.escape(password).."')"
-				vmaildb.runsqlcommand(sql)
-			else
-				bunchdata.value.bunch.errtxt = "Invalid syntax"
-				bunchdata.errtxt = "Failed to create users"
-				vmaildb.runsqlcommand("ROLLBACK")
-				break
+	
+		for i,line in ipairs(format.string_to_table(format.dostounix(bunchdata.value.bunch.value), '\n')) do
+			if string.find(line, "%S") then
+				local username, firstname, lastname, password = string.match(line, "(%w+):(%w+):(%w+):(%w+)")
+				if not username then
+					bunchdata.value.bunch.errtxt = "Invalid syntax on line "..i
+					bunchdata.errtxt = "Failed to create users"
+					vmaildb.runsqlcommand("ROLLBACK")
+					break
+				elseif validuser(username) then
+					bunchdata.value.bunch.errtxt = "Username already exists on line "..i
+					bunchdata.errtxt = "Failed to create users"
+					vmaildb.runsqlcommand("ROLLBACK")
+					break
+				else
+					local entry = cfe({value={}})
+					entry.value.username = cfe({value=username}) 
+					entry.value.firstname = cfe({value=firstname}) 
+					entry.value.lastname = cfe({value=lastname}) 
+					entry.value["vm-password"] = cfe({value=password}) 
+					if validateentry(entry) then
+						sql = "INSERT INTO voicemail_users VALUES(null, '"..vmaildb.escape(username).."')"
+						vmaildb.runsqlcommand(sql)
+						sql = "SELECT uid FROM voicemail_users where username ='"..vmaildb.escape(username).."'";
+						uid = vmaildb.getselectresponse(sql)
+						sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '2', '"..vmaildb.escape(tostring(firstname)).."')"
+						vmaildb.runsqlcommand(sql)
+						sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '3', '"..vmaildb.escape(tostring(lastname)).."')"
+						vmaildb.runsqlcommand(sql)
+	
+						sql = "INSERT INTO voicemail_prefs (username, domain, password) VALUES ('"..vmaildb.escape(username).."', '"..config.domain.."', '"..vmaildb.escape(password).."')"
+						vmaildb.runsqlcommand(sql)
+					else
+						bunchdata.value.bunch.errtxt = {"Error on line "..i}
+						for n,v in pairs(entry.value) do
+							bunchdata.value.bunch.errtxt[#bunchdata.value.bunch.errtxt+1] = v.errtxt
+						end
+						bunchdata.value.bunch.errtxt = table.concat(bunchdata.value.bunch.errtxt, '\n')
+						bunchdata.errtxt = "Failed to create users"
+						vmaildb.runsqlcommand("ROLLBACK")
+						break
+					end
+				end
 			end
 		end
-		vmaildb.runsqlcommand("COMMIT")
+		if not bunchdata.errtxt then
+			vmaildb.runsqlcommand("COMMIT")
+		end

 		if connected then vmaildb.databasedisconnect() end
 	end)
@@ -764,17 +800,8 @@ mymodule.create_usersettings = function(self, usersettings, action)
 end

 mymodule.update_usersettings = function(self, usersettings, action, create)
-	local success = true
 	local errtxt
-	-- Validate the settings
-	if usersettings.value["vm-password"] and not string.match(usersettings.value["vm-password"].value, "^%d%d%d+$") then
-		success = false
-		usersettings.value["vm-password"].errtxt = "Passwords must be all numbers and at least three digits"
-	end
-	if usersettings.value["vm-password"] and usersettings.value["vm-password-confirm"] and usersettings.value["vm-password"].value ~= usersettings.value["vm-password-confirm"].value then
-		success = false
-		usersettings.value["vm-password-confirm"].errtxt = "Password does not match"
-	end
+	local success = validateentry(usersettings)
 	if success then
        	local res, err = pcall(function()
 			local connected = vmaildb.databaseconnect()