cleanup _login page validation ・ 7a14910 ・ Gitprep

+37 -43

templates/auto/_login.html.ep

@@ -13,59 +13,53 @@
   
   # Login
   if ($op eq 'login') {
+  
+    # Paramerters
+    my $id = param('id');
+    my $password = param('password');
+    my $save = param('save');
     
-    # Validation
-    my $params = $api->params;
-    my $vc = $self->app->vc;
-    my $password_check = sub {
-      my $values = shift;
-      
-      my ($id, $password) = @$values;
-      
-      my $row
-        = $dbi->model('user')->select(['password', 'salt'], id => $id)->one;
-      
-      return unless defined $password;
-
+    # Validator
+    my $vc = app->vc;
+    
+    # Validation result
+    my $validation = $vc->validation;
+    
+    # "id"
+    $id = '' unless defined $id;
+    
+    # "user" and "password"
+    $password = '' unless defined $password;
+    my $user = $dbi->model('user')->select(
+      ['password', 'salt', 'admin'],
+      where => {id => $id}
+    )->one;
+    if (!$user) {
+      $validation->add_failed("User name or password is wrong");
+    }
+    else {
       my $is_valid = $api->check_password(
         $password,
-        $row->{salt},
-        $row->{password}
+        $user->{salt},
+        $user->{password}
       );
-      
-      return $is_valid;
-    };
-    my $rule = [
-      id => [
-        'any'
-      ],
-      password => [
-        'any'
-      ],
-      {password_check => [qw/id password/]}
-        => {copy => 0},
-        => [
-          $password_check
-        ],
-      save => {require => 0} => [
-        'defined'
-      ]
-    ];
-    my $vresult = $self->app->vc->validate($params, $rule);
+      if (!$is_valid) {
+        $validation->add_failed("User name or password is wrong");
+      }
+    }
+    
+    # "save"
+    $save = $save ? 1 : 0;
     
-    if ($vresult->is_ok) {
+    if ($validation->is_valid) {
       
       # Login success
-      my $safe_params = $vresult->data;
-      my $id = $safe_params->{id};
-      my $password = $safe_params ->{password};
-      my $row = $self->app->dbi->model('user')->select(['admin', 'password'], id => $id)->one;
-      my $password_encrypted = $row->{password};
-      my $admin = $row->{admin};
+      my $password_encrypted = $user->{password};
+      my $admin = $user->{admin};
       session(user => $id);
       session(password => $password_encrypted);
       
-      if ($safe_params->{save}) {
+      if ($save) {
         # 2 weeks save
         session(expires => time + 60 * 60 * 24 * 14);
       }

...	...	@@ -13,59 +13,53 @@
13	13
14	14	# Login
15	15	if ($op eq 'login') {
	16	+
	17	+ # Paramerters
	18	+ my $id = param('id');
	19	+ my $password = param('password');
	20	+ my $save = param('save');
16	21
17		- # Validation
18		- my $params = $api->params;
19		- my $vc = $self->app->vc;
20		- my $password_check = sub {
21		- my $values = shift;
22		-
23		- my ($id, $password) = @$values;
24		-
25		- my $row
26		- = $dbi->model('user')->select(['password', 'salt'], id => $id)->one;
27		-
28		- return unless defined $password;
29		-
	22	+ # Validator
	23	+ my $vc = app->vc;
	24	+
	25	+ # Validation result
	26	+ my $validation = $vc->validation;
	27	+
	28	+ # "id"
	29	+ $id = '' unless defined $id;
	30	+
	31	+ # "user" and "password"
	32	+ $password = '' unless defined $password;
	33	+ my $user = $dbi->model('user')->select(
	34	+ ['password', 'salt', 'admin'],
	35	+ where => {id => $id}
	36	+ )->one;
	37	+ if (!$user) {
	38	+ $validation->add_failed("User name or password is wrong");
	39	+ }
	40	+ else {
30	41	my $is_valid = $api->check_password(
31	42	$password,
32		- $row->{salt},
33		- $row->{password}
	43	+ $user->{salt},
	44	+ $user->{password}
34	45	);
35		-
36		- return $is_valid;
37		- };
38		- my $rule = [
39		- id => [
40		- 'any'
41		- ],
42		- password => [
43		- 'any'
44		- ],
45		- {password_check => [qw/id password/]}
46		- => {copy => 0},
47		- => [
48		- $password_check
49		- ],
50		- save => {require => 0} => [
51		- 'defined'
52		- ]
53		- ];
54		- my $vresult = $self->app->vc->validate($params, $rule);
	46	+ if (!$is_valid) {
	47	+ $validation->add_failed("User name or password is wrong");
	48	+ }
	49	+ }
	50	+
	51	+ # "save"
	52	+ $save = $save ? 1 : 0;
55	53
56		- if ($vresult->is_ok) {
	54	+ if ($validation->is_valid) {
57	55
58	56	# Login success
59		- my $safe_params = $vresult->data;
60		- my $id = $safe_params->{id};
61		- my $password = $safe_params ->{password};
62		- my $row = $self->app->dbi->model('user')->select(['admin', 'password'], id => $id)->one;
63		- my $password_encrypted = $row->{password};
64		- my $admin = $row->{admin};
	57	+ my $password_encrypted = $user->{password};
	58	+ my $admin = $user->{admin};
65	59	session(user => $id);
66	60	session(password => $password_encrypted);
67	61
68		- if ($safe_params->{save}) {
	62	+ if ($save) {
69	63	# 2 weeks save
70	64	session(expires => time + 60 * 60 * 24 * 14);
71	65	}