From 5c03ccb1fbe806bb0153b1e4b433ca2e510b51f2 Mon Sep 17 00:00:00 2001
From: Korina Cordero <cordero.korina@gmail.com>
Date: Wed, 24 Nov 2021 08:23:48 +0000
Subject: [PATCH 1/2] Add checking in hash service for invalid hashes. Add capi
 call to verify if hash belongs to customer. #641

---
 config/api_acl.yaml                        |  2 ++
 config/routes/capi.yaml                    |  6 ++++
 src/Controller/CAPI/CustomerController.php | 39 ++++++++++++++++++++++
 src/Service/HashGenerator.php              |  4 +++
 4 files changed, 51 insertions(+)

diff --git a/config/api_acl.yaml b/config/api_acl.yaml
index 2e5bbdd3..ae1a9bfb 100644
--- a/config/api_acl.yaml
+++ b/config/api_acl.yaml
@@ -57,6 +57,8 @@ access_keys:
       acls:
         - id: customer.register
           label: Register Customer
+        - id: customer.verify
+          label: Verify Customer
     - id: municipality
       label: Municipality
       acls:
diff --git a/config/routes/capi.yaml b/config/routes/capi.yaml
index 40e7b975..472da5c2 100644
--- a/config/routes/capi.yaml
+++ b/config/routes/capi.yaml
@@ -155,6 +155,12 @@ capi_customer_register:
     controller: App\Controller\CAPI\CustomerController::register
     methods: [POST]
 
+# verify if resq customer
+capi_customer_verify:
+    path: /capi/customer/{customer_hash}
+    controller: App\Controller\CAPI\CustomerController::verifyCustomer
+    methods: [GET]
+
 # customer warranty api
 capi_cwarr_check:
     path: /capi/customer_warranty/{serial}
diff --git a/src/Controller/CAPI/CustomerController.php b/src/Controller/CAPI/CustomerController.php
index 9148321e..f95179a8 100644
--- a/src/Controller/CAPI/CustomerController.php
+++ b/src/Controller/CAPI/CustomerController.php
@@ -15,6 +15,8 @@ use App\Entity\Customer;
 use App\Entity\CustomerVehicle;
 use App\Entity\Vehicle;
 
+use App\Service\HashGenerator;
+
 use Catalyst\APIBundle\Access\Generator as ACLGenerator;
 
 class CustomerController extends APIController
@@ -202,6 +204,43 @@ class CustomerController extends APIController
         return new APIResponse(true, $message, $data);
     }
 
+    public function verifyCustomer($customer_hash, EntityManagerInterface $em, HashGenerator $hash)
+    {
+        $this->denyAccessUnlessGranted('customer.verify', null, 'No access.');
+
+        // get customer id from customer_hash
+        $cust_id = $hash->getID($customer_hash);
+
+	if ($cust_id == null)
+            return new APIResponse(false, 'Invalid customer hash.');
+
+        // find customer using id
+        $customer = $em->getRepository(Customer::class)->find($cust_id);
+
+        $data = [];
+        $message = '';
+        if ($customer == null)
+        {
+            $message = 'Customer not found.';
+            $data[] = [
+                'is_customer' => false,
+                'first_name' => '',
+                'last_name' => '',
+            ];
+        }
+        else
+        {
+            $message = 'Customer found.';
+            $data[] = [
+                'is_customer' => true,
+                'first_name' => $customer->getFirstName(),
+                'last_name' => $customer->getLastName(),
+            ];
+        }
+
+        return new APIResponse(true, $message, $data);
+    }
+
     protected function cleanPlateNumber($plate)
     {
          // remove spaces and make upper case
diff --git a/src/Service/HashGenerator.php b/src/Service/HashGenerator.php
index 0e06f4f5..abcb5137 100644
--- a/src/Service/HashGenerator.php
+++ b/src/Service/HashGenerator.php
@@ -21,6 +21,10 @@ class HashGenerator
         $hi = new Hashids($this->salt, $this->length);
         $id_array = $hi->decode($hash);
 
+        // return null if unable to decode aka invalid hash
+        if (empty($id_array))
+            return null;
+
         // first one should be the id
         return $id_array[0];
     }

From 8c057c216eb02e9e13a4ba1f408c78c7a8bdbd50 Mon Sep 17 00:00:00 2001
From: Korina Cordero <cordero.korina@gmail.com>
Date: Thu, 25 Nov 2021 02:28:49 +0000
Subject: [PATCH 2/2] Add mobile number to response. #641

---
 src/Controller/CAPI/CustomerController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Controller/CAPI/CustomerController.php b/src/Controller/CAPI/CustomerController.php
index f95179a8..dd3f7256 100644
--- a/src/Controller/CAPI/CustomerController.php
+++ b/src/Controller/CAPI/CustomerController.php
@@ -226,6 +226,7 @@ class CustomerController extends APIController
                 'is_customer' => false,
                 'first_name' => '',
                 'last_name' => '',
+                'mobile_number' => '',
             ];
         }
         else
@@ -235,6 +236,7 @@ class CustomerController extends APIController
                 'is_customer' => true,
                 'first_name' => $customer->getFirstName(),
                 'last_name' => $customer->getLastName(),
+                'mobile_number' => $customer->getPhoneMobile(),
             ];
         }