From d863158dd68f8a994e95015f5eb2e628859b54c0 Mon Sep 17 00:00:00 2001 From: Korina Cordero Date: Sat, 21 Aug 2021 09:17:14 +0000 Subject: [PATCH] Add validation to login. #617 --- src/Controller/CAPI/RiderAppController.php | 56 +++++++--------------- 1 file changed, 16 insertions(+), 40 deletions(-) diff --git a/src/Controller/CAPI/RiderAppController.php b/src/Controller/CAPI/RiderAppController.php index 4f3e95e1..f736faeb 100644 --- a/src/Controller/CAPI/RiderAppController.php +++ b/src/Controller/CAPI/RiderAppController.php @@ -125,19 +125,25 @@ class RiderAppController extends APIController RedisClientProvider $redis) { $required_params = [ + 'user', + 'pass', ]; - // TODO: right now, no validation at all. Accept anything. + $missing = $this->checkMissingParameters($req, $required_params); + if (count($missing) > 0) + { + $params = implode(', ', $missing); + return new APIResponse(false, 'Missing parameter(s): ' . $params); + } - - // NOTE: we retain the username and password in rider for backward compatibility + // NOTE: we retain the username and password in rider for backward compatibility // look for rider with username $rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]); if ($rider == null) return new APIResponse(false, 'Invalid username or password.'); // check if rider password is correct - // NOTE: we use + // NOTE: we use $encoder = $ef->getEncoder(new User()); if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), '')) return new APIResponse(false, 'Invalid username or password.'); @@ -148,37 +154,6 @@ class RiderAppController extends APIController if ($user == null) return new APIResponse(false, 'Rider cannot login, no associated user.'); - - /* - $missing = $this->checkMissingParameters($req, $required_params); - if (count($missing) > 0) - { - $params = implode(', ', $missing); - return new APIResponse(false, 'Missing parameter(s): ' . $params); - } - - // get capi user to link to rider api user - $capi_user_id = $this->getUser()->getID(); - - // check if capi user already has a rider api user - $rapi_session = $em->getRepository(RiderAPISession::class)->findOneBy(['capi_user_id' => $capi_user_id]); - - if ($rapi_session->hasRider()) - return new APIResponse(false, 'Another rider is already logged in. Please logout first.'); - - // look for rider with username - $rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]); - if ($rider == null) - return new APIResponse(false, 'Invalid username or password.'); - - // check if rider password is correct - $encoder = $ef->getEncoder(new User()); - if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), '')) - return new APIResponse(false, 'Invalid username or password.'); - - // assign rider to api session - $rapi_session->setRider($rider); - // set rider to available $rider->setAvailable(true); @@ -205,13 +180,14 @@ class RiderAppController extends APIController $em->flush(); + // NOTE; commenting this out since this doesn't seem to be needed. + // this is being set in utils/mqtt_rider_convert/mqtt_rider_convert.py // update redis rider.id. with the rider id - $redis_client = $redis->getRedisClient(); - $redis_key = 'rider.id.' . $rapi_session->getID(); - $rider_id = $rider->getID(); + //$redis_client = $redis->getRedisClient(); + //$redis_key = 'rider.id.' . $rapi_session->getID(); + //$rider_id = $rider->getID(); - $redis_client->set($redis_key, $rider_id); - */ + //$redis_client->set($redis_key, $rider_id); $rider_id = $rider->getID();