Add validation to login. #617

2021-08-21 09:17:14 +00:00 · 2021-08-21 09:17:14 +00:00 · d863158dd6
commit d863158dd6
parent fc513a973b
1 changed files with 16 additions and 40 deletions
--- a/src/Controller/CAPI/RiderAppController.php
+++ b/src/Controller/CAPI/RiderAppController.php
@ -125,19 +125,25 @@ class RiderAppController extends APIController
                          RedisClientProvider $redis)
    {
        $required_params = [
            'user',
            'pass',
        ];
-        // TODO: right now, no validation at all. Accept anything.
+        $missing = $this->checkMissingParameters($req, $required_params);
        if (count($missing) > 0)
        {
            $params = implode(', ', $missing);
            return new APIResponse(false, 'Missing parameter(s): ' . $params);
        }
-
+        // NOTE: we retain the username and password in rider for backward compatibility
 		// NOTE: we retain the username and password in rider for backward compatibility
        // look for rider with username
        $rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]);
        if ($rider == null)
            return new APIResponse(false, 'Invalid username or password.');
        // check if rider password is correct
-		// NOTE: we use 
+        // NOTE: we use 
        $encoder = $ef->getEncoder(new User());
        if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), ''))
            return new APIResponse(false, 'Invalid username or password.');
@ -148,37 +154,6 @@ class RiderAppController extends APIController
        if ($user == null)
            return new APIResponse(false, 'Rider cannot login, no associated user.');
        /*
        $missing = $this->checkMissingParameters($req, $required_params);
        if (count($missing) > 0)
        {
            $params = implode(', ', $missing);
            return new APIResponse(false, 'Missing parameter(s): ' . $params);
        }
        // get capi user to link to rider api user
        $capi_user_id = $this->getUser()->getID();
        // check if capi user already has a rider api user
        $rapi_session = $em->getRepository(RiderAPISession::class)->findOneBy(['capi_user_id' => $capi_user_id]);
        if ($rapi_session->hasRider())
            return new APIResponse(false, 'Another rider is already logged in. Please logout first.');
        // look for rider with username
        $rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]);
        if ($rider == null)
            return new APIResponse(false, 'Invalid username or password.');
        // check if rider password is correct
        $encoder = $ef->getEncoder(new User());
        if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), ''))
            return new APIResponse(false, 'Invalid username or password.');
        // assign rider to api session
        $rapi_session->setRider($rider);
        // set rider to available
        $rider->setAvailable(true);
@ -205,13 +180,14 @@ class RiderAppController extends APIController
        $em->flush();
        // NOTE; commenting this out since this doesn't seem to be needed.
        // this is being set in utils/mqtt_rider_convert/mqtt_rider_convert.py
        // update redis rider.id.<session id> with the rider id
-        $redis_client = $redis->getRedisClient();
+        //$redis_client = $redis->getRedisClient();
-        $redis_key = 'rider.id.' . $rapi_session->getID();
+        //$redis_key = 'rider.id.' . $rapi_session->getID();
-        $rider_id = $rider->getID();
+        //$rider_id = $rider->getID();
-        $redis_client->set($redis_key, $rider_id);
+        //$redis_client->set($redis_key, $rider_id);
        */
        $rider_id = $rider->getID();