diff --git a/app/routes/ApiRtes.js b/app/routes/ApiRtes.js index 7545958..3370b8f 100644 --- a/app/routes/ApiRtes.js +++ b/app/routes/ApiRtes.js @@ -10,6 +10,9 @@ var api = express(); // Authentication reqAuth = function () { return function (req, res, next) { + if (!req.cookies) { + res.status(401).end(); + } SessionsServ.use(req.cookies.session, function (err, session) { if (err) { res.status(500).send(err); @@ -51,22 +54,32 @@ reqPerm = function (perm) { assert = function (test) { return function (req, res, next) { - reqAuth()(req, res, function () { - test(req, res, function (err, verified) { - if (err) { - res.status(500).send(err); + test(req, res, function (err, verified) { + if (err) { + res.status(500).send(err); + } else { + if (verified) { + next(); } else { - if (verified) { - next(); - } else { - res.status(400).end(); - } + res.status(400).end(); } - }); + } }); }; }; +decrypt = function () { + return function (req, res, next) { + assert(function (req, res, cb) { + cb(null, req.body && typeof req.body[0] == 'string' && req.body[0] !== ''); + })(req, res, function () { + DecryptServ.decrypt(req.body[0], function (data) { + req.body = JSON.parse(data); + next(); + }); + }); + }; +}; // Sessions api.get('/session', function (req, res) { // Informations sur la session @@ -84,16 +97,16 @@ api.get('/session', function (req, res) { // Informations sur la session } }); -api.post('/session', function (req, res) { // Se connecter - DecryptServ.decrypt(req.body[0], function (data) { - SessionsServ.open(JSON.parse(data), function (err, session) { - if (err) { - res.status(500).send(err); - } else { - res.cookie('session', session._id); - res.send(session); - } - }); +api.post('/session', decrypt(), assert(function (req, res, cb) { + cb(null, req.body && typeof req.body.login == 'string' && req.body.login !== '' && typeof req.body.pass == 'string' && req.body.pass !== ''); +}), function (req, res) { // Se connecter + SessionsServ.open(req.body, function (err, session) { + if (err) { + res.status(500).send(err); + } else { + res.cookie('session', session._id); + res.send(session); + } }); }); diff --git a/app/services/MembresServ.js b/app/services/MembresServ.js index 5a53681..f7fa136 100644 --- a/app/services/MembresServ.js +++ b/app/services/MembresServ.js @@ -49,10 +49,8 @@ MembresServ.estBureau = function (login, cb) { }, function (err, data) { if (!err && data && data.role != 'Membre') { cb(true); - console.log(true); } else { cb(false); - console.log(false); } }); }; diff --git a/public/js/controllers/ConnectCtrl.js b/public/js/controllers/ConnectCtrl.js index 7eadaa7..72ef8a5 100644 --- a/public/js/controllers/ConnectCtrl.js +++ b/public/js/controllers/ConnectCtrl.js @@ -7,7 +7,7 @@ angular.module('ConnectCtrl', ['SessionsServ', 'EncryptServ', 'angular-ladda']). $scope.connect = { connect: function () { $scope.connecting = true; - SessionServ.connect($scope.connect.login, $scope.connect.pass, function(err) { + SessionServ.connect($scope.connect.login, $scope.connect.pass, function (err) { $scope.connecting = false; if (!err) { window.history.back(); diff --git a/public/js/controllers/MembreCtrl.js b/public/js/controllers/MembreCtrl.js index 0697910..5987176 100644 --- a/public/js/controllers/MembreCtrl.js +++ b/public/js/controllers/MembreCtrl.js @@ -14,14 +14,18 @@ angular.module('MembreCtrl', ['SessionsServ', 'ApiServ']).controller('MembreCtrl $scope.createMembre = function () { ApiServ("création du membre", 'post', 'membres', $scope.formData, function (err, membre) { - $scope.formData = {}; - $scope.membres.push(membre); + if (!err) { + $scope.formData = {}; + $scope.membres.push(membre); + } }); }; $scope.deleteMembre = function (index) { ApiServ("création du membre", 'delete', 'membres', $scope.membres[index]._id, function (err, data) { - $scope.membres.splice(index, 1); + if (!err) { + $scope.membres.splice(index, 1); + } }); }; } diff --git a/public/js/services/ApiServ.js b/public/js/services/ApiServ.js index a365b92..753b93f 100644 --- a/public/js/services/ApiServ.js +++ b/public/js/services/ApiServ.js @@ -26,7 +26,7 @@ angular.module('ApiServ', ['NotifyServ']).service('ApiServ', ['$http', 'NotifySe }) .error(function (data, status) { cb(status); - NotifyServ.error("Échec : ", name, status + (data ? ' : ' + data : '')); + NotifyServ.error("Échec : ", name, status + (data ? ' : ' + JSON.stringify(data) : '')); // console.error(name, status, data); }); }; diff --git a/public/js/services/SessionServ.js b/public/js/services/SessionServ.js index e860826..319a6ae 100644 --- a/public/js/services/SessionServ.js +++ b/public/js/services/SessionServ.js @@ -47,18 +47,17 @@ angular.module('SessionsServ', ['NotifyServ', 'EncryptServ']).service('SessionSe _this.updateSessionInfos(body); if (_this.cur) { not.success("Connecté en tant que " + _this.cur.nom + ""); - if (cb) - cb(null); + cb(null); } else { if (body === 'invalid') { not.warn("Identifiants invalides"); } - if (cb) - cb(body); + cb(body); } - }).error(function (body) { - not.error("Impossible de se connecter", body); - cb(body); + }).error(function (data, status) { + err = status + (data ? ' : ' + JSON.stringify(data) : ''); + not.error("Impossible de se connecter", err); + cb(err); }); }); }, -- libgit2 0.21.2