From e7fb5014ffecd0e52951b428e69a9c1f0af7ef02 Mon Sep 17 00:00:00 2001
From: Kendrick Chan <kc@jankstudio.com>
Date: Sat, 21 Aug 2021 00:05:46 +0800
Subject: [PATCH] Fix new rider api login #617

---
 config/packages/security.yaml              | 10 +++---
 src/Controller/CAPI/RiderAppController.php | 36 +++++++++++++---------
 2 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 80852b2a..2eecd1e8 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -16,13 +16,13 @@ security:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
 
-        login:
-            pattern: ^\/login$
-            methods: [GET]
-            security: false
-
         new_rider_api_login:
             pattern: ^\/rider_api\/login$
+            methods: [POST]
+            security: false
+
+        login:
+            pattern: ^\/login$
             methods: [GET]
             security: false
 
diff --git a/src/Controller/CAPI/RiderAppController.php b/src/Controller/CAPI/RiderAppController.php
index 6fc3adab..c515709b 100644
--- a/src/Controller/CAPI/RiderAppController.php
+++ b/src/Controller/CAPI/RiderAppController.php
@@ -128,15 +128,26 @@ class RiderAppController extends APIController
         ];
 
         // TODO: right now, no validation at all. Accept anything.
-        // get capi user
-        $capi_user = $this->getCAPIUser($this->getUser()->getID(), $em);
-        if ($capi_user == null)
-            return new APIResponse(false, 'User not found.');
 
-        // get rider id from capi user metadata
-        $rider = $this->getRiderFromCAPI($capi_user, $em);
+
+		// NOTE: we retain the username and password in rider for backward compatibility
+        // look for rider with username
+        $rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]);
         if ($rider == null)
-            return new APIResponse(false, 'No rider found.');
+            return new APIResponse(false, 'Invalid username or password.');
+
+        // check if rider password is correct
+		// NOTE: we use 
+        $encoder = $ef->getEncoder(new User());
+        if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), ''))
+            return new APIResponse(false, 'Invalid username or password.');
+
+        // user will be the one linked to the rider
+        $user = $rider->getAPIUser();
+        // no linked user, cannot login
+        if ($user == null)
+            return new APIResponse(false, 'Rider cannot login, no associated user.');
+
 
         /*
         $missing = $this->checkMissingParameters($req, $required_params);
@@ -225,8 +236,8 @@ class RiderAppController extends APIController
         */
 
         $data = [
-            'api_key' => $capi_user->getAPIKey(),
-            'secret_key' => $capi_user->getSecretKey(),
+            'api_key' => $user->getAPIKey(),
+            'secret_key' => $user->getSecretKey(),
         ];
 
         return new APIResponse(true, 'Rider logged in.', $data);
@@ -1245,16 +1256,13 @@ class RiderAppController extends APIController
 
     protected function getRiderFromCAPI($capi_user, $em)
     {
-        // TODO: uncomment once getMetadata is available
-        /*
-        $metadata = $capi_user->getMetadata();
         //get rider id from metadata
+        $metadata = $capi_user->getMetadata();
         $rider_id = $metadata['rider_id'];
+
         // get rider
         $rider = $em->getRepository(Rider::class)->find($rider_id);
         return $rider;
-        */
-        
     }
 
     protected function checkMissingParameters(Request $req, $params = [])