diff --git a/Netdisco/lib/App/Netdisco/Web/AdminTask.pm b/Netdisco/lib/App/Netdisco/Web/AdminTask.pm index 91859061..a7e9211e 100644 --- a/Netdisco/lib/App/Netdisco/Web/AdminTask.pm +++ b/Netdisco/lib/App/Netdisco/Web/AdminTask.pm @@ -11,8 +11,8 @@ sub add_job { if ($device) { $device = NetAddr::IP::Lite->new($device); - return unless $device - and $device->addr ne '0.0.0.0'; + return send_error('Bad device', 400) + if ! $device or $device->addr eq '0.0.0.0'; } try { @@ -24,7 +24,7 @@ sub add_job { username => session('user'), userip => request->remote_address, }); - } + }; } # we have a separate list for jobs needing a device to avoid queueing @@ -42,18 +42,22 @@ my %jobs_all = map {$_ => 1} qw/ foreach my $jobtype (keys %jobs_all, keys %jobs) { ajax "/ajax/control/admin/$jobtype" => sub { - return unless var('user') and var('user')->admin; - return if exists $jobs{$jobtype} and not param('device'); + send_error('Forbidden', 403) + unless var('user')->admin; + send_error('Missing device', 400) + if exists $jobs{$jobtype} and not param('device'); + add_job($jobtype, param('device')); }; post "/admin/$jobtype" => sub { - return unless var('user') and var('user')->admin; - return if exists $jobs{$jobtype} and not param('device'); - add_job($jobtype, param('device')); + send_error('Forbidden', 403) + unless var('user')->admin; + send_error('Missing device', 400) + if exists $jobs{$jobtype} and not param('device'); - status(302); - header(Location => uri_for('/admin/jobqueue')->path_query()); + add_job($jobtype, param('device')); + redirect uri_for('/admin/jobqueue')->path_query; }; } @@ -61,9 +65,7 @@ get '/admin/*' => sub { my ($tag) = splat; if (! eval { var('user')->admin }) { - status(302); - header(Location => uri_for('/')->path_query()); - return; + return redirect uri_for('/')->path_query; } # trick the ajax into working as if this were a tabbed page diff --git a/Netdisco/lib/App/Netdisco/Web/AuthN.pm b/Netdisco/lib/App/Netdisco/Web/AuthN.pm index 7e645fe9..12afd6ef 100644 --- a/Netdisco/lib/App/Netdisco/Web/AuthN.pm +++ b/Netdisco/lib/App/Netdisco/Web/AuthN.pm @@ -18,32 +18,31 @@ hook 'before' => sub { if (session('user') && session->id) { var(user => schema('netdisco')->resultset('User') ->find(session('user'))); - var('user')->port_control(0) - if setting('no_port_control'); + + # really just for dev work, to quieten the logs + var('user')->port_control(0) if setting('no_port_control'); } }; post '/login' => sub { - status(302); - if (param('username') and param('password')) { my $user = schema('netdisco')->resultset('User')->find(param('username')); + if ($user) { my $sum = Digest::MD5::md5_hex(param('password')); if (($sum and $user->password) and ($sum eq $user->password)) { session(user => $user->username); - header(Location => uri_for('/inventory')->path_query()); - return; + return redirect uri_for('/inventory')->path_query; } } } - header(Location => uri_for('/', {failed => 1})->path_query()); + + redirect uri_for('/', {failed => 1})->path_query; }; get '/logout' => sub { session->destroy; - status(302); - header(Location => uri_for('/', {logout => 1})->path_query()); + redirect uri_for('/', {logout => 1})->path_query; }; true; diff --git a/Netdisco/lib/App/Netdisco/Web/Device.pm b/Netdisco/lib/App/Netdisco/Web/Device.pm index 0d333310..dbd93bed 100644 --- a/Netdisco/lib/App/Netdisco/Web/Device.pm +++ b/Netdisco/lib/App/Netdisco/Web/Device.pm @@ -116,9 +116,7 @@ get '/device' => sub { }); if (!defined $dev) { - status(302); - header(Location => uri_for('/', {nosuchdevice => 1})->path_query()); - return; + return redirect uri_for('/', {nosuchdevice => 1})->path_query; } params->{'tab'} ||= 'details'; diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin.pm b/Netdisco/lib/App/Netdisco/Web/Plugin.pm index 37b147c8..29dc5ba2 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin.pm @@ -23,8 +23,7 @@ register 'register_template_path' => sub { my ($self, $path) = plugin_args(@_); if (!length $path) { - error "bad template path to register_template_paths"; - return; + return error "bad template path to register_template_paths"; } unshift @@ -36,13 +35,11 @@ sub _register_include { my ($type, $plugin) = @_; if (!length $type) { - error "bad type to _register_include"; - return; + return error "bad type to _register_include"; } if (!length $plugin) { - error "bad plugin name to register_$type"; - return; + return error "bad plugin name to register_$type"; } push @{ setting("_additional_$type") }, $plugin; @@ -64,8 +61,7 @@ register 'register_device_port_column' => sub { $config->{position} ||= 'right'; if (!length $config->{name} or !length $config->{label}) { - error "bad config to register_device_port_column"; - return; + return error "bad config to register_device_port_column"; } foreach my $item (@{ setting('_extra_device_port_cols') }) { @@ -85,8 +81,7 @@ register 'register_navbar_item' => sub { or !length $config->{path} or !length $config->{label}) { - error "bad config to register_navbar_item"; - return; + return error "bad config to register_navbar_item"; } foreach my $item (@{ setting('_navbar_items') }) { @@ -105,8 +100,7 @@ register 'register_admin_task' => sub { if (!length $config->{tag} or !length $config->{label}) { - error "bad config to register_admin_task"; - return; + return error "bad config to register_admin_task"; } setting('_admin_tasks')->{ $config->{tag} } = $config; @@ -119,8 +113,7 @@ sub _register_tab { if (!length $config->{tag} or !length $config->{label}) { - error "bad config to register_${nav}_item"; - return; + return error "bad config to register_${nav}_item"; } foreach my $item (@{ $stash }) { @@ -152,8 +145,7 @@ register 'register_report' => sub { or !length $config->{label} or 0 == scalar grep {$config->{category} eq $_} @categories) { - error "bad config to register_report"; - return; + return error "bad config to register_report"; } foreach my $item (@{setting('_reports_menu')->{ $config->{category} }}) { diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/JobQueue.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/JobQueue.pm index 8a67a359..c932c55c 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/JobQueue.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/JobQueue.pm @@ -12,8 +12,8 @@ register_admin_task({ }); ajax '/ajax/control/admin/jobqueue/del' => sub { - return unless var('user') and var('user')->admin; - return unless length param('job'); + send_error('Forbidden', 403) unless var('user')->admin; + send_error('Missing job', 400) unless length param('job'); schema('netdisco')->txn_do(sub { my $device = schema('netdisco')->resultset('Admin') @@ -22,7 +22,7 @@ ajax '/ajax/control/admin/jobqueue/del' => sub { }; ajax '/ajax/content/admin/jobqueue' => sub { - return unless var('user') and var('user')->admin; + send_error('Forbidden', 403) unless var('user')->admin; my $set = schema('netdisco')->resultset('Admin') ->with_times diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/PseudoDevice.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/PseudoDevice.pm index 64fe8b06..6a4d9300 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/PseudoDevice.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/PseudoDevice.pm @@ -29,7 +29,7 @@ sub _sanity_ok { } ajax '/ajax/control/admin/pseudodevice/add' => sub { - return unless _sanity_ok(); + send_error('Bad Request', 400) unless _sanity_ok(); schema('netdisco')->txn_do(sub { my $device = schema('netdisco')->resultset('Device') @@ -49,7 +49,7 @@ ajax '/ajax/control/admin/pseudodevice/add' => sub { }; ajax '/ajax/control/admin/pseudodevice/del' => sub { - return unless _sanity_ok(); + send_error('Bad Request', 400) unless _sanity_ok(); schema('netdisco')->txn_do(sub { my $device = schema('netdisco')->resultset('Device') @@ -61,7 +61,7 @@ ajax '/ajax/control/admin/pseudodevice/del' => sub { }; ajax '/ajax/control/admin/pseudodevice/update' => sub { - return unless _sanity_ok(); + send_error('Bad Request', 400) unless _sanity_ok(); schema('netdisco')->txn_do(sub { my $device = schema('netdisco')->resultset('Device') @@ -86,7 +86,7 @@ ajax '/ajax/control/admin/pseudodevice/update' => sub { }; ajax '/ajax/content/admin/pseudodevice' => sub { - return unless var('user') and var('user')->admin; + send_error('Forbidden', 403) unless var('user')->admin; my $set = schema('netdisco')->resultset('Device') ->search( diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm index 97284f65..c0dbd2ac 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm @@ -28,7 +28,7 @@ sub _sanity_ok { } ajax '/ajax/control/admin/topology/add' => sub { - return unless _sanity_ok(); + send_error('Bad Request', 400) unless _sanity_ok(); my $device = schema('netdisco')->resultset('Topology') ->create({ @@ -75,7 +75,7 @@ ajax '/ajax/control/admin/topology/add' => sub { }; ajax '/ajax/control/admin/topology/del' => sub { - return unless _sanity_ok(); + send_error('Bad Request', 400) unless _sanity_ok(); schema('netdisco')->txn_do(sub { my $device = schema('netdisco')->resultset('Topology') @@ -89,7 +89,7 @@ ajax '/ajax/control/admin/topology/del' => sub { }; ajax '/ajax/content/admin/topology' => sub { - return unless var('user') and var('user')->admin; + send_error('Forbidden', 403) unless var('user')->admin; my $set = schema('netdisco')->resultset('Topology') ->search({},{order_by => [qw/dev1 dev2 port1/]}); diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Addresses.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Addresses.pm index ad55025b..66013836 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Addresses.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Addresses.pm @@ -13,7 +13,7 @@ ajax '/ajax/content/device/addresses' => sub { my $q = param('q'); my $device = schema('netdisco')->resultset('Device') - ->search_for_device($q) or return; + ->search_for_device($q) or send_error('Bad device', 400); my $set = $device->device_ips->search({}, {order_by => 'alias'}); return unless $set->count; diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Details.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Details.pm index 6e6d30a4..e40113fb 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Details.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Details.pm @@ -12,7 +12,7 @@ register_device_tab({ tag => 'details', label => 'Details' }); ajax '/ajax/content/device/details' => sub { my $q = param('q'); my $device = schema('netdisco')->resultset('Device') - ->with_times()->search_for_device($q) or return; + ->with_times()->search_for_device($q) or send_error('Bad device', 400); content_type('text/html'); template 'ajax/device/details.tt', { diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Neighbors.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Neighbors.pm index 106919e8..e43fb1da 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Neighbors.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Neighbors.pm @@ -43,7 +43,7 @@ get '/ajax/data/device/netmap' => sub { my $q = param('q'); my $device = schema('netdisco')->resultset('Device') - ->search_for_device($q) or return; + ->search_for_device($q) or send_error('Bad device', 400); my $start = $device->ip; my @devices = schema('netdisco')->resultset('Device')->search({}, { @@ -72,7 +72,7 @@ get '/ajax/data/device/netmap' => sub { _add_children($tree{children}, var('links')->{$start}); content_type('application/json'); - return to_json(\%tree); + to_json(\%tree); }; ajax '/ajax/data/device/alldevicelinks' => sub { @@ -93,7 +93,7 @@ ajax '/ajax/data/device/alldevicelinks' => sub { } content_type('application/json'); - return to_json(\%tree); + to_json(\%tree); }; true; diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Ports.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Ports.pm index 12ac58a7..6163b941 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Ports.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Device/Ports.pm @@ -14,7 +14,7 @@ ajax '/ajax/content/device/ports' => sub { my $q = param('q'); my $device = schema('netdisco')->resultset('Device') - ->search_for_device($q) or return; + ->search_for_device($q) or send_error('Bad device', 400); my $set = $device->ports; # refine by ports if requested diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Device.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Device.pm index 47cfdae4..58c933a1 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Device.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Device.pm @@ -21,7 +21,7 @@ ajax '/ajax/content/search/device' => sub { } else { my $q = param('q'); - return unless $q; + send_error('Missing query', 400) unless $q; $set = schema('netdisco')->resultset('Device')->search_fuzzy($q); } diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Node.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Node.pm index beaec028..ace6ecbb 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Node.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Node.pm @@ -14,7 +14,7 @@ register_search_tab({ tag => 'node', label => 'Node' }); # nodes matching the param as an IP or DNS hostname or MAC ajax '/ajax/content/search/node' => sub { my $node = param('q'); - return unless $node; + send_error('Missing node', 400) unless $node; content_type('text/html'); my $mac = Net::MAC->new(mac => $node, 'die' => 0, verbose => 0); diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Port.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Port.pm index 047ce6ce..2415d359 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Port.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/Port.pm @@ -11,7 +11,7 @@ register_search_tab({ tag => 'port', label => 'Port' }); # device ports with a description (er, name) matching ajax '/ajax/content/search/port' => sub { my $q = param('q'); - return unless $q; + send_error('Missing query', 400) unless $q; my $set; if ($q =~ m/^\d+$/) { diff --git a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/VLAN.pm b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/VLAN.pm index 46b8ba44..f204c4e5 100644 --- a/Netdisco/lib/App/Netdisco/Web/Plugin/Search/VLAN.pm +++ b/Netdisco/lib/App/Netdisco/Web/Plugin/Search/VLAN.pm @@ -11,7 +11,7 @@ register_search_tab({ tag => 'vlan', label => 'VLAN' }); # devices carrying vlan xxx ajax '/ajax/content/search/vlan' => sub { my $q = param('q'); - return unless $q; + send_error('Missing query', 400) unless $q; my $set; if ($q =~ m/^\d+$/) { diff --git a/Netdisco/lib/App/Netdisco/Web/PortControl.pm b/Netdisco/lib/App/Netdisco/Web/PortControl.pm index 604bb935..d2defc0a 100644 --- a/Netdisco/lib/App/Netdisco/Web/PortControl.pm +++ b/Netdisco/lib/App/Netdisco/Web/PortControl.pm @@ -5,8 +5,10 @@ use Dancer::Plugin::Ajax; use Dancer::Plugin::DBIC; ajax '/ajax/portcontrol' => sub { - return unless var('user')->port_control; - return unless param('device') and param('port') and param('field'); + send_error('Forbidden', 403) + unless var('user')->port_control; + send_error('No device/port/field', 400) + unless param('device') and param('port') and param('field'); my $log = sprintf 'd:[%s] p:[%s] f:[%s]. a:[%s] v[%s]', param('device'), (param('port') || ''), param('field'), @@ -21,7 +23,8 @@ ajax '/ajax/portcontrol' => sub { 'c_power' => 'power', ); - return unless (param('action') or param('value')); + send_error('No action/value', 400) + unless (param('action') or param('value')); my $action = $action_map{ param('field') }; my $subaction = ($action =~ m/^(?:power|portcontrol)/ @@ -45,7 +48,7 @@ ajax '/ajax/portcontrol' => sub { ajax '/ajax/userlog' => sub { my $user = session('user'); - send_error('No username') unless $user; + send_error('No username', 400) unless $user; my $rs = schema('netdisco')->resultset('Admin')->search({ username => $user, diff --git a/Netdisco/lib/App/Netdisco/Web/Search.pm b/Netdisco/lib/App/Netdisco/Web/Search.pm index 939e071b..b623ab0c 100644 --- a/Netdisco/lib/App/Netdisco/Web/Search.pm +++ b/Netdisco/lib/App/Netdisco/Web/Search.pm @@ -65,9 +65,7 @@ get '/search' => sub { if (not param('tab')) { if (not $q) { - status(302); - header(Location => uri_for('/')->path_query()); - return; + return redirect uri_for('/')->path_query; } # pick most likely tab for initial results @@ -80,13 +78,11 @@ get '/search' => sub { if ($nd and $nd->count) { if ($nd->count == 1) { # redirect to device details for the one device - status(302); - header(Location => uri_for('/device', { + return redirect uri_for('/device', { tab => 'details', q => ($nd->first->dns || $nd->first->ip), f => '', - })->path_query()); - return; + })->path_query; } # multiple devices diff --git a/Netdisco/lib/App/Netdisco/Web/TypeAhead.pm b/Netdisco/lib/App/Netdisco/Web/TypeAhead.pm index 6ccd37f8..38033796 100644 --- a/Netdisco/lib/App/Netdisco/Web/TypeAhead.pm +++ b/Netdisco/lib/App/Netdisco/Web/TypeAhead.pm @@ -11,7 +11,7 @@ ajax '/ajax/data/devicename/typeahead' => sub { my $set = schema('netdisco')->resultset('Device')->search_fuzzy($q); content_type 'application/json'; - return to_json [map {$_->dns || $_->name || $_->ip} $set->all]; + to_json [map {$_->dns || $_->name || $_->ip} $set->all]; }; ajax '/ajax/data/deviceip/typeahead' => sub { @@ -29,27 +29,26 @@ ajax '/ajax/data/deviceip/typeahead' => sub { } content_type 'application/json'; - return to_json \@data; + to_json \@data; }; ajax '/ajax/data/port/typeahead' => sub { my $dev = param('dev1') || param('dev2'); my $port = param('port1') || param('port2'); - return unless length $dev; + send_error('Missing device', 400) unless length $dev; my $device = schema('netdisco')->resultset('Device') ->find({ip => $dev}); - return unless $device; + send_error('Bad device', 400) unless $device; my $set = $device->ports({},{order_by => 'port'}); $set = $set->search({port => { -ilike => "\%$port\%" }}) if length $port; my $results = [ sort { &App::Netdisco::Util::Web::sort_port($a->port, $b->port) } $set->all ]; - return unless scalar @$results; content_type 'application/json'; - return to_json [map {$_->port} @$results]; + to_json [map {$_->port} @$results]; }; true;