disable rate limiter

dbarzin · Aug 4, 2023 · 95270f8 · 95270f8
1 parent eb99bf6
commit 95270f8
Show file tree

Hide file tree

Showing 17 changed files with 165 additions and 81 deletions.
diff --git a/INSTALL.fr.md b/INSTALL.fr.md
@@ -51,6 +51,9 @@ Vérifier que vous utilisez MySQL et pas MariaDB (Deming ne fonctionne pas avec
     sudo mysql --version
 
 Lancer MySQL avec les droits root
+php artisan db:seed --class=AttributeSeeder 
+php artisan db:seed --class=DomainSeeder 
+php artisan db:seed --class=MeasureSeeder
 
     sudo mysql
 
@@ -117,13 +120,11 @@ Si le une des commandes renvoie une erreur, la base de données n'était pas vid
 
 ### SQL
 
-Pour importer la base de données avec les mesures de sécurité de la norme 27001:2013
+Pour importer la base de données avec les mesures de sécurité de la norme 27001:2022
 
-    sudo mysql deming < deming-27001_2013.sql
-
-ou avec les mesures de sécurité de la norme 27001:2022
-
-    sudo mysql deming < deming-27001_2022.sql
+    php artisan db:seed --class=AttributeSeeder 
+    php artisan db:seed --class=DomainSeeder 
+    php artisan db:seed --class=MeasureSeeder
 
 Génrérer des données de test (optionnel)
 

diff --git a/INSTALL.md b/INSTALL.md
@@ -100,13 +100,11 @@ Create storage link
 
     php artisan storage:link
 
-To import the database with 27001:2013 security measures
+To import the database with 27001:2022 security measures
 
-    sudo mysql deming < deming-27001_2013.sql
-
-or with 27001:2022 security measures
-
-    sudo mysql deming < deming-27001_2022.sql
+    php artisan db:seed --class=AttributeSeeder 
+    php artisan db:seed --class=DomainSeeder 
+    php artisan db:seed --class=MeasureSeeder
 
 Generate test data (optional)
 

diff --git a/app/Http/Controllers/AttributeController.php b/app/Http/Controllers/AttributeController.php
@@ -2,9 +2,11 @@
 
 namespace App\Http\Controllers;
 
-use App\Models\Attribute;
 use App\Exports\AttributesExport;
+use App\Models\Attribute;
 use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Maatwebsite\Excel\Facades\Excel;
 
@@ -29,6 +31,9 @@ public function index()
      */
     public function create()
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         return view('attributes.create');
     }
 
@@ -41,6 +46,9 @@ public function create()
      */
     public function store(Request $request)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $this->validate(
             $request,
             [
@@ -77,6 +85,9 @@ public function show(Attribute $attribute)
      */
     public function edit(Attribute $attribute)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         return view('attributes.edit', compact('attribute'));
     }
 
@@ -90,6 +101,9 @@ public function edit(Attribute $attribute)
      */
     public function update(Request $request, Attribute $attribute)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $this->validate(
             $request,
             [
@@ -112,7 +126,11 @@ public function update(Request $request, Attribute $attribute)
      */
     public function destroy(Attribute $attribute)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $attribute->delete();
+
         return redirect('/attributes');
     }
 

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -2,8 +2,8 @@
 
 namespace App\Http\Controllers\Auth;
 
-use App\Models\User;
 use App\Http\Controllers\Controller;
+use App\Models\User;
 use Config;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
@@ -46,12 +46,37 @@ public function __construct()
     {
         $this->middleware('guest')->except('logout');
 
-         $this->username = $this->findUsername();
+        $this->username = $this->findUsername();
     }
 
     /**
-     * Login with LDAP
+     * Get the login username to be used by the controller.
      *
+     * @return string
+     */
+    public function findUsername()
+    {
+        $login = request()->input('login');
+
+        $fieldType = filter_var($login, FILTER_VALIDATE_EMAIL) ? 'email' : 'login';
+
+        request()->merge([$fieldType => $login]);
+
+        return $fieldType;
+    }
+
+    /**
+     * Get username property.
+     *
+     * @return string
+     */
+    public function username()
+    {
+        return $this->username;
+    }
+
+    /**
+     * Login with LDAP
      */
     protected function ldapLogin(string $userid, string $password)
     {
@@ -84,39 +109,12 @@ protected function attemptLogin(Request $request)
                 }
             } catch (\Exception $e) {
                 \Log::error($e->getMessage());
-            } 
+            }
             return false;
-        } else {
-            return $this->guard()->attempt(
-                $this->credentials($request),
-                $request->filled('remember')
-            );
         }
-    }
-
-    /**
-     * Get the login username to be used by the controller.
-     *
-     * @return string
-     */
-    public function findUsername()
-    {
-        $login = request()->input('login');
-
-        $fieldType = filter_var($login, FILTER_VALIDATE_EMAIL) ? 'email' : 'login';
-
-        request()->merge([$fieldType => $login]);
-
-        return $fieldType;
-    }
-
-    /**
-     * Get username property.
-     *
-     * @return string
-     */
-    public function username()
-    {
-        return $this->username;
+        return $this->guard()->attempt(
+            $this->credentials($request),
+            $request->filled('remember')
+        );
     }
 }
diff --git a/app/Http/Controllers/DomainController.php b/app/Http/Controllers/DomainController.php
@@ -5,6 +5,8 @@
 use App\Exports\DomainsExport;
 use App\Models\Domain;
 use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Maatwebsite\Excel\Facades\Excel;
 
@@ -36,6 +38,9 @@ public function index()
      */
     public function create()
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         return view('domains.create');
     }
 
@@ -48,6 +53,9 @@ public function create()
      */
     public function store(Request $request)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $this->validate(
             $request,
             [
@@ -86,6 +94,9 @@ public function show(int $id)
      */
     public function edit(int $id)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $domain = Domain::find($id);
 
         return view('domains.edit', compact('domain'));
@@ -101,6 +112,9 @@ public function edit(int $id)
      */
     public function update(Request $request, Domain $domain)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $this->validate(
             $request,
             [
@@ -123,7 +137,11 @@ public function update(Request $request, Domain $domain)
      */
     public function destroy(Domain $domain)
     {
+        // Only for administrator role
+        abort_if(Auth::User()->role !== 1, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $domain->delete();
+
         return redirect('/domains');
     }
 

diff --git a/app/Http/Controllers/MeasureController.php b/app/Http/Controllers/MeasureController.php
@@ -24,7 +24,6 @@ class MeasureController extends Controller
      */
     public function index(Request $request)
     {
-        // $measures = Measure::All();
         $domains = Domain::All();
 
         $domain = $request->get('domain');
@@ -74,6 +73,9 @@ public function index(Request $request)
      */
     public function create()
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         // get the list of domains
         $domains = Domain::All();
 
@@ -104,6 +106,9 @@ public function create()
      */
     public function store(Request $request)
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $this->validate(
             $request,
             [
@@ -153,6 +158,9 @@ public function show(Measure $measure)
      */
     public function edit(Measure $measure)
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         // get the list of domains
         $domains = Domain::All();
 
@@ -183,6 +191,9 @@ public function edit(Measure $measure)
      */
     public function update(Request $request, Measure $measure)
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $this->validate(
             $request,
             [
@@ -235,7 +246,11 @@ public function update(Request $request, Measure $measure)
      */
     public function destroy(Measure $measure)
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $measure->delete();
+
         return redirect('/measures');
     }
 
@@ -263,6 +278,9 @@ public function plan(Request $request)
      */
     public function unplan(Request $request)
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $control = Control
             ::whereNull('realisation_date')
                 ->where('measure_id', '=', $request->id)
@@ -292,6 +310,17 @@ public function unplan(Request $request)
      */
     public function activate(Request $request)
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
+        $this->validate(
+            $request,
+            [
+                'plan_date' => 'required',
+                'periodicity' => 'required',
+            ]
+        );
+
         $measure = Measure::find($request->id);
 
         // Check control is disabled
@@ -354,6 +383,9 @@ public function activate(Request $request)
      */
     public function disable(Request $request)
     {
+        // Not for Auditor
+        abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
+
         $control_id = DB::table('controls')
             ->select('id')
             ->where('measure_id', '=', $request->id)