Add validation to login. #617
This commit is contained in:
Korina Cordero
parent
fc513a973b
commit
d863158dd6
1 changed files with 16 additions and 40 deletions
|
|
@ -125,19 +125,25 @@ class RiderAppController extends APIController
|
|||
RedisClientProvider $redis)
|
||||
{
|
||||
$required_params = [
|
||||
'user',
|
||||
'pass',
|
||||
];
|
||||
|
||||
// TODO: right now, no validation at all. Accept anything.
|
||||
$missing = $this->checkMissingParameters($req, $required_params);
|
||||
if (count($missing) > 0)
|
||||
{
|
||||
$params = implode(', ', $missing);
|
||||
return new APIResponse(false, 'Missing parameter(s): ' . $params);
|
||||
}
|
||||
|
||||
|
||||
// NOTE: we retain the username and password in rider for backward compatibility
|
||||
// NOTE: we retain the username and password in rider for backward compatibility
|
||||
// look for rider with username
|
||||
$rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]);
|
||||
if ($rider == null)
|
||||
return new APIResponse(false, 'Invalid username or password.');
|
||||
|
||||
// check if rider password is correct
|
||||
// NOTE: we use
|
||||
// NOTE: we use
|
||||
$encoder = $ef->getEncoder(new User());
|
||||
if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), ''))
|
||||
return new APIResponse(false, 'Invalid username or password.');
|
||||
|
|
@ -148,37 +154,6 @@ class RiderAppController extends APIController
|
|||
if ($user == null)
|
||||
return new APIResponse(false, 'Rider cannot login, no associated user.');
|
||||
|
||||
|
||||
/*
|
||||
$missing = $this->checkMissingParameters($req, $required_params);
|
||||
if (count($missing) > 0)
|
||||
{
|
||||
$params = implode(', ', $missing);
|
||||
return new APIResponse(false, 'Missing parameter(s): ' . $params);
|
||||
}
|
||||
|
||||
// get capi user to link to rider api user
|
||||
$capi_user_id = $this->getUser()->getID();
|
||||
|
||||
// check if capi user already has a rider api user
|
||||
$rapi_session = $em->getRepository(RiderAPISession::class)->findOneBy(['capi_user_id' => $capi_user_id]);
|
||||
|
||||
if ($rapi_session->hasRider())
|
||||
return new APIResponse(false, 'Another rider is already logged in. Please logout first.');
|
||||
|
||||
// look for rider with username
|
||||
$rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]);
|
||||
if ($rider == null)
|
||||
return new APIResponse(false, 'Invalid username or password.');
|
||||
|
||||
// check if rider password is correct
|
||||
$encoder = $ef->getEncoder(new User());
|
||||
if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), ''))
|
||||
return new APIResponse(false, 'Invalid username or password.');
|
||||
|
||||
// assign rider to api session
|
||||
$rapi_session->setRider($rider);
|
||||
|
||||
// set rider to available
|
||||
$rider->setAvailable(true);
|
||||
|
||||
|
|
@ -205,13 +180,14 @@ class RiderAppController extends APIController
|
|||
|
||||
$em->flush();
|
||||
|
||||
// NOTE; commenting this out since this doesn't seem to be needed.
|
||||
// this is being set in utils/mqtt_rider_convert/mqtt_rider_convert.py
|
||||
// update redis rider.id.<session id> with the rider id
|
||||
$redis_client = $redis->getRedisClient();
|
||||
$redis_key = 'rider.id.' . $rapi_session->getID();
|
||||
$rider_id = $rider->getID();
|
||||
//$redis_client = $redis->getRedisClient();
|
||||
//$redis_key = 'rider.id.' . $rapi_session->getID();
|
||||
//$rider_id = $rider->getID();
|
||||
|
||||
$redis_client->set($redis_key, $rider_id);
|
||||
*/
|
||||
//$redis_client->set($redis_key, $rider_id);
|
||||
|
||||
$rider_id = $rider->getID();
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue