Add checking in hash service for invalid hashes. Add capi call to verify if hash belongs to customer. #641
This commit is contained in:
Korina Cordero
parent
b0de01ae1b
commit
5c03ccb1fb
4 changed files with 51 additions and 0 deletions
|
|
@ -57,6 +57,8 @@ access_keys:
|
|||
acls:
|
||||
- id: customer.register
|
||||
label: Register Customer
|
||||
- id: customer.verify
|
||||
label: Verify Customer
|
||||
- id: municipality
|
||||
label: Municipality
|
||||
acls:
|
||||
|
|
|
|||
|
|
@ -155,6 +155,12 @@ capi_customer_register:
|
|||
controller: App\Controller\CAPI\CustomerController::register
|
||||
methods: [POST]
|
||||
|
||||
# verify if resq customer
|
||||
capi_customer_verify:
|
||||
path: /capi/customer/{customer_hash}
|
||||
controller: App\Controller\CAPI\CustomerController::verifyCustomer
|
||||
methods: [GET]
|
||||
|
||||
# customer warranty api
|
||||
capi_cwarr_check:
|
||||
path: /capi/customer_warranty/{serial}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,8 @@ use App\Entity\Customer;
|
|||
use App\Entity\CustomerVehicle;
|
||||
use App\Entity\Vehicle;
|
||||
|
||||
use App\Service\HashGenerator;
|
||||
|
||||
use Catalyst\APIBundle\Access\Generator as ACLGenerator;
|
||||
|
||||
class CustomerController extends APIController
|
||||
|
|
@ -202,6 +204,43 @@ class CustomerController extends APIController
|
|||
return new APIResponse(true, $message, $data);
|
||||
}
|
||||
|
||||
public function verifyCustomer($customer_hash, EntityManagerInterface $em, HashGenerator $hash)
|
||||
{
|
||||
$this->denyAccessUnlessGranted('customer.verify', null, 'No access.');
|
||||
|
||||
// get customer id from customer_hash
|
||||
$cust_id = $hash->getID($customer_hash);
|
||||
|
||||
if ($cust_id == null)
|
||||
return new APIResponse(false, 'Invalid customer hash.');
|
||||
|
||||
// find customer using id
|
||||
$customer = $em->getRepository(Customer::class)->find($cust_id);
|
||||
|
||||
$data = [];
|
||||
$message = '';
|
||||
if ($customer == null)
|
||||
{
|
||||
$message = 'Customer not found.';
|
||||
$data[] = [
|
||||
'is_customer' => false,
|
||||
'first_name' => '',
|
||||
'last_name' => '',
|
||||
];
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = 'Customer found.';
|
||||
$data[] = [
|
||||
'is_customer' => true,
|
||||
'first_name' => $customer->getFirstName(),
|
||||
'last_name' => $customer->getLastName(),
|
||||
];
|
||||
}
|
||||
|
||||
return new APIResponse(true, $message, $data);
|
||||
}
|
||||
|
||||
protected function cleanPlateNumber($plate)
|
||||
{
|
||||
// remove spaces and make upper case
|
||||
|
|
|
|||
|
|
@ -21,6 +21,10 @@ class HashGenerator
|
|||
$hi = new Hashids($this->salt, $this->length);
|
||||
$id_array = $hi->decode($hash);
|
||||
|
||||
// return null if unable to decode aka invalid hash
|
||||
if (empty($id_array))
|
||||
return null;
|
||||
|
||||
// first one should be the id
|
||||
return $id_array[0];
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue