rgutierrez/resq
1
0
Fork 0
Code Issues 126 Pull requests 49 Projects Releases 4 Packages Wiki Activity Actions

Modify confirmNumber and validateCode. #591

Browse source
This commit is contained in:
Korina Cordero 2021-07-01 09:28:25 +00:00
parent edaa514f57
commit f998187e8e
2 changed files with 99 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config/api_acl.yaml
View file

@ -68,8 +68,12 @@ access_keys:
- id: dealer.list
label: List
- id: mobile_customer
label: Mobile Customer
- id: mobile_user
label: Mobile User
acls:
- id: mobile_customer.register
label: Register Mobile Customer
- id: mobile_user.register
label: Register Mobile User
- id: mobile_user.confirm.number
label: Confirm Number
- id: mobile_user.validate.code
label: Validate Code

128
src/Controller/ResqAPI/CustomerController.php
View file

@ -13,11 +13,14 @@ use Catalyst\APIBundle\Controller\APIController;
use Catalyst\APIBundle\Response\APIResponse;
use App\Entity\MobileUser;
use App\Entity\Customer;
use App\Service\RisingTideGateway;
use Catalyst\APIBundle\Access\Generator as ACLGenerator;
use DateTime;
class CustomerController extends APIController
{
protected $acl_gen;
@ -29,7 +32,8 @@ class CustomerController extends APIController
public function register(Request $req, EntityManagerInterface $em)
{
// no need for access for register
$this->denyAccessUnlessGranted('mobile_user.register', null, 'No access.');
// confirm parameters
$required_params = [
'phone_model',
@ -38,6 +42,7 @@ class CustomerController extends APIController
'phone_id'
];
// check required parameters
$msg = $this->checkRequiredParameters($req, $required_params);
if ($msg)
return new APIResponse(false, $msg);
@ -100,47 +105,54 @@ class CustomerController extends APIController
public function confirmNumber(RisingTideGateway $rt, Request $req, EntityManagerInterface $em)
{
$this->denyAccessUnlessGranted('mobile_user.confirm.number', null, 'No access.');
// check parameters
$required_params = [
'phone_number',
];
// check required parameters and api key
$res = $this->checkParamsAndKey($req, $em, $required_params);
if ($res->isError())
return $res->getReturnResponse();
// check required parameters
$msg = $this->checkRequiredParameters($req, $required_params);
if ($msg)
return new APIResponse(false, $msg);
// get mobile user
$user_id = $this->getUser()->getID();
$mobile_user = $this->findMobileUser($user_id, $em);
if ($mobile_user == null)
return new APIResponse(false, 'No mobile user found.');
// phone number
$phone_number = $req->request->get('phone_number');
// get otp_mode from .env
$dotenv = new Dotenv();
$dotenv->loadEnv(__DIR__.'/../../.env');
$dotenv->loadEnv(__DIR__.'/../../../.env');
$otp_mode = $_ENV['OTP_MODE'];
// check for hardcoded phone number for app store testing
if ($phone_number == '639991112233')
if ($phone_number == '9221111111')
{
$code = '123456';
// TODO: mobile session no longer exists, use mobile_user
$this->session->setConfirmCode($code)
$mobile_user->setConfirmCode($code)
->setPhoneNumber($phone_number);
$em->flush();
return $res->getReturnResponse();
return new APIResponse(true, 'Number confirmed.');
}
// check if otp_mode is test
if ($otp_mode == 'test')
{
$code = '123456';
// TODO: mobile session no longer exists, use mobile_user
$this->session->setConfirmCode($code)
$mobile_user->setConfirmCode($code)
->setPhoneNumber($phone_number);
$em->flush();
return $res->getReturnResponse();
return new APIResponse(true, 'Number confirmed.');
}
// TODO: spam protection
@ -149,8 +161,7 @@ class CustomerController extends APIController
// generate code and save
$code = $this->generateConfirmCode();
// TODO: mobile session no longer exists, use mobile_user
$this->session->setConfirmCode($code)
$mobile_user->setConfirmCode($code)
->setPhoneNumber($phone_number);
$em->flush();
@ -161,58 +172,61 @@ class CustomerController extends APIController
}
// response
return $res->getReturnResponse();
return new APIResponse(true, 'Number confirmed.');
}
// TODO: needs to be modified for mobile user
public function validateCode(Request $req, EntityManagerInterface $em)
{
$this->denyAccessUnlessGranted('mobile_user.validate.code', null, 'No access.');
// check parameters
$required_params = [
'code',
];
// check required parameters and api key
$res = $this->checkParamsAndKey($req, $em, $required_params);
if ($res->isError())
return $res->getReturnResponse();
// check required parameters
$msg = $this->checkRequiredParameters($req, $required_params);
if ($msg)
return new APIResponse(false, $msg);
// get mobile user
$user_id = $this->getUser()->getID();
$mobile_user = $this->findMobileUser($user_id, $em);
if ($mobile_user == null)
return new APIResponse(false, 'No mobile user found.');
// code is wrong
$code = $req->request->get('code');
if ($this->session->getConfirmCode() != $code)
{
$res->setError(true)
->setErrorMessage('Wrong confirm code');
return $res->getReturnResponse();
}
if ($mobile_user->getConfirmCode() != $code)
return new APIResponse(false, 'Wrong confirm code');
// set confirm date
$date = new DateTime();
$this->session->setDateConfirmed($date)
$mobile_user->setDateConfirmed($date)
->setConfirmed();
// TODO: check if we have the number registered before and merge
$dupe_sess = $this->findNumberSession($this->session->getPhoneNumber());
if ($dupe_sess != null)
$dupe_user = $this->findNumberMobileUser($mobile_user->getPhoneNumber(), $em);
if ($dupe_user != null)
{
$dupe_cust = $dupe_sess->getCustomer();
$this->session->setCustomer($dupe_cust);
$dupe_cust = $dupe_user->getCustomer();
$mobile_user->setCustomer($dupe_cust);
}
// TODO: check if mobile matches mobile of customer
$customer = $this->findCustomerByNumber($this->session->getPhoneNumber());
$customer = $this->findCustomerByNumber($mobile_user->getPhoneNumber(), $em);
if ($customer != null)
{
// TODO: if there is a dupe_sess, do we need to check if
// dupe_cust is the same as the customer we found?
$this->session->setCustomer($customer);
$mobile_user->setCustomer($customer);
}
$em->flush();
// response
return $res->getReturnResponse();
return new APIResponse(true, 'Code validated');
}
// TODO: needs to be modified for mobile user
@ -475,11 +489,51 @@ class CustomerController extends APIController
protected function findMobileUser($user_id, $em)
{
$mobile_user = $em->getRepository(MobileUser::class)->findBy(['capi_user_id' => $user_id]);
$mobile_user = $em->getRepository(MobileUser::class)->findOneBy(['capi_user_id' => $user_id]);
return $mobile_user;
}
// TODO: find session customer by phone number
protected function findNumberMobileUser($number, $em)
{
$query = $em->getRepository(MobileUser::class)->createQueryBuilder('s')
->where('s.phone_number = :number')
->andWhere('s.customer is not null')
->andWhere('s.confirm_flag = 1')
->setParameter('number', $number)
->setMaxResults(1)
->getQuery();
// we just need one
$res = $query->getOneOrNullResult();
return $res;
}
protected function findCustomerByNumber($number, $em)
{
$customers = $em->getRepository(Customer::class)->findBy(['phone_mobile' => $number]);
// find the customer with the most number of cars
$car_count = 0;
$cust = null;
foreach($customers as $customer)
{
$vehicles = $customer->getVehicles();
if (count($vehicles) > $car_count)
{
$car_count = count($vehicles);
// "save" customer object
$cust = $customer;
}
}
return $cust;
}
// TODO: this might not be needed if we use APIController's checkRequiredParameters
// or we put this into a service?
protected function checkMissingParameters(Request $req, $params = [])