From 0db0201087d44a567e82708270d9e6ecbb546a2b Mon Sep 17 00:00:00 2001 From: Bent Bisballe Nyeng Date: Wed, 23 Nov 2011 11:44:53 +0100 Subject: Bugfix: Terminate sessions without template names (discard) so that they are not used by future connections. Some sanity checks with corresponding error responses. --- server/src/client_connection.cc | 60 +++++++++++++++++++++++++++++++---------- 1 file changed, 46 insertions(+), 14 deletions(-) (limited to 'server') diff --git a/server/src/client_connection.cc b/server/src/client_connection.cc index 1ec7e7c..fe55efc 100644 --- a/server/src/client_connection.cc +++ b/server/src/client_connection.cc @@ -141,6 +141,18 @@ void ClientConnection::discard(Session *session) bool ClientConnection::handle(const char *data, size_t size) { + if(patientid == "") { + response = error_box(xml_encode("Missing patientid.")); + parser_complete = true; + return true; + } + + if(request.course == "") { + response = error_box(xml_encode("Missing course.")); + parser_complete = true; + return true; + } + Session *session = NULL; try { if(sessionid == "") { @@ -159,12 +171,14 @@ bool ClientConnection::handle(const char *data, size_t size) ERR(connection, "Session already active.\n"); parser_complete = true; response = error_box(xml_encode("Session "+e.sessionid+" already active.")); + parser_complete = true; return true; } if(session == NULL) { ERR(connection, "New session could not be created.\n"); response = error_box(xml_encode("New session could not be created.")); + parser_complete = true; return true; } @@ -180,6 +194,9 @@ bool ClientConnection::handle(const char *data, size_t size) return true; } + // Force session discard on empty template name. + if(templ == "") dodiscard = true; + if(size == 0 || parser.parse(data, size)) { parser_complete = true; @@ -195,7 +212,7 @@ bool ClientConnection::handle(const char *data, size_t size) return true; } } catch(...) { - ERR(server, "Failed to parse data!\n"); + ERR(connection, "Failed to parse data!\n"); response = error_box(xml_encode("XML Parse error.")); return true; } @@ -221,9 +238,9 @@ void ClientConnection::getReply(Httpd::Reply &reply) } #ifdef TEST_CLIENT_CONNECTION -//deps: debug.cc transactionparser.cc session.cc xml_encode_decode.cc saxparser.cc transactionhandler.cc journal.cc mutex.cc templateparser.cc exception.cc configuration.cc macroparser.cc semaphore.cc entitylist.cc luaquerymapper.cc inotify.cc log.cc queryhandlerpentominos.cc widgetgenerator.cc queryhandlerpracro.cc resumeparser.cc journal_commit.cc versionstr.cc luaresume.cc luautil.cc artefact.cc environment.cc database.cc macrolist.cc templatelist.cc pracrodao.cc templateheaderparser.cc macroheaderparser.cc pracrodaotest.cc pracrodaopgsql.cc journal_uploadserver.cc sessionserialiser.cc sessionparser.cc widgetvalue.cc -//cflags: -DWITHOUT_DATABASE -DWITHOUT_ARTEFACT -I.. $(LUA_CFLAGS) $(EXPAT_CFLAGS) $(PTHREAD_CFLAGS) $(PQXX_CXXFLAGS) -//libs: $(LUA_LIBS) $(EXPAT_LIBS) $(PTHREAD_LIBS) $(PQXX_LIBS) +//deps: debug.cc transactionparser.cc session.cc xml_encode_decode.cc saxparser.cc transactionhandler.cc journal.cc mutex.cc templateparser.cc exception.cc configuration.cc macroparser.cc semaphore.cc entitylist.cc luaquerymapper.cc inotify.cc log.cc queryhandlerpentominos.cc widgetgenerator.cc queryhandlerpracro.cc resumeparser.cc journal_commit.cc versionstr.cc luaresume.cc luautil.cc artefact.cc environment.cc database.cc macrolist.cc templatelist.cc pracrodao.cc templateheaderparser.cc macroheaderparser.cc pracrodaotest.cc pracrodaopgsql.cc journal_uploadserver.cc sessionserialiser.cc sessionparser.cc widgetvalue.cc courseparser.cc praxisd.cc luapraxisd.cc courselist.cc +//cflags: -DWITHOUT_DATABASE -DWITHOUT_ARTEFACT -I.. $(LUA_CFLAGS) $(EXPAT_CFLAGS) $(PTHREAD_CFLAGS) $(PQXX_CXXFLAGS) $(CURL_CFLAGS) +//libs: $(LUA_LIBS) $(EXPAT_LIBS) $(PTHREAD_LIBS) $(PQXX_LIBS) $(CURL_LIBS) #include "test.h" /* static char xml_request[] = @@ -258,8 +275,20 @@ static char xml_commit_p2[] = "\n" ; */ + +static const char empty_reply[] = + "\n" + "\n" + "\n"; + +#include "configuration.h" + TEST_BEGIN; +debug_parse("-all,+connection,+session"); + +Conf::xml_basedir = "../xml"; + Environment env; Httpd::Reply reply; std::string sid; @@ -267,28 +296,30 @@ std::string sid; // Without data { headers_t hdrs; - ClientConnection con(env, hdrs); + ClientConnection con(env, hdrs, hdrs, "/test"); TEST_TRUE(con.handle("", 0), "Test handler return value."); con.getReply(reply); - TEST_EQUAL_STR(reply.data, "", "Test response value."); - TEST_NOTEQUAL_STR(reply.headers["SessionID"], "", "Test new session id."); + TEST_NOTEQUAL_STR(reply.data, empty_reply, "Did we get nonemtpy reply?"); + TEST_NOTEQUAL_STR(reply.headers["SessionID"], "", + "Did we get a new session id?"); + sid = reply.headers["SessionID"]; TEST_FALSE(did_commit, "No commit."); } { headers_t hdrs; - ClientConnection con(env, hdrs); + ClientConnection con(env, hdrs, hdrs, "/test/test"); TEST_TRUE(con.handle("", 0), "Test handler return value."); con.getReply(reply); - TEST_EQUAL_STR(reply.data, "", "Test response value."); - TEST_NOTEQUAL_STR(reply.headers["SessionID"], "", "Test existing session id."); - TEST_EQUAL_STR(reply.headers["SessionID"], sid, "Test existing session id."); + TEST_EQUAL_STR(reply.data, empty_reply, "Did we get an empty reponse?"); + TEST_NOTEQUAL_STR(reply.headers["SessionID"], "", "Non empty session id?"); + TEST_NOTEQUAL_STR(reply.headers["SessionID"], sid, "Not the same id!"); TEST_FALSE(did_commit, "No commit."); } - +/* { headers_t hdrs; - ClientConnection con(env, hdrs); + ClientConnection con(env, hdrs, hdrs, ""); TEST_TRUE(con.handle("", 0), "Test handler return value."); con.getReply(reply); TEST_EQUAL_STR(reply.data, "", "Test response value."); @@ -298,7 +329,7 @@ std::string sid; { headers_t hdrs; - ClientConnection con(env, hdrs); + ClientConnection con(env, hdrs, hdrs, ""); TEST_TRUE(con.handle("", 0), "Test handler return value."); con.getReply(reply); TEST_EQUAL_STR(reply.data, "", "Test response value."); @@ -306,6 +337,7 @@ std::string sid; TEST_NOTEQUAL_STR(reply.headers["SessionID"], sid, "Test new session id."); TEST_FALSE(did_commit, "No commit."); } +*/ /* // With commit partial data { -- cgit v1.2.3