rgutierrez/resq
1
0
Fork 0
Code Issues 126 Pull requests 49 Projects Releases 4 Packages Wiki Activity Actions

Modify confirmNumber and validateCode. #591

Browse source
This commit is contained in:
Korina Cordero 2021-07-01 09:28:25 +00:00
parent edaa514f57
commit f998187e8e
2 changed files with 99 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config/api_acl.yaml
View file

@ -68,8 +68,12 @@ access_keys:
- id: dealer.list - id: dealer.list
label: List label: List
- id: mobile_customer - id: mobile_user
label: Mobile Customer label: Mobile User
acls: acls:
- id: mobile_customer.register - id: mobile_user.register
label: Register Mobile Customer label: Register Mobile User
- id: mobile_user.confirm.number
label: Confirm Number
- id: mobile_user.validate.code
label: Validate Code

128
src/Controller/ResqAPI/CustomerController.php
View file

@ -13,11 +13,14 @@ use Catalyst\APIBundle\Controller\APIController;
use Catalyst\APIBundle\Response\APIResponse; use Catalyst\APIBundle\Response\APIResponse;
use App\Entity\MobileUser; use App\Entity\MobileUser;
use App\Entity\Customer;
use App\Service\RisingTideGateway; use App\Service\RisingTideGateway;
use Catalyst\APIBundle\Access\Generator as ACLGenerator; use Catalyst\APIBundle\Access\Generator as ACLGenerator;
use DateTime;
class CustomerController extends APIController class CustomerController extends APIController
{ {
protected $acl_gen; protected $acl_gen;
@ -29,7 +32,8 @@ class CustomerController extends APIController
public function register(Request $req, EntityManagerInterface $em) public function register(Request $req, EntityManagerInterface $em)
{ {
// no need for access for register $this->denyAccessUnlessGranted('mobile_user.register', null, 'No access.');
// confirm parameters // confirm parameters
$required_params = [ $required_params = [
'phone_model', 'phone_model',
@ -38,6 +42,7 @@ class CustomerController extends APIController
'phone_id' 'phone_id'
]; ];
// check required parameters
$msg = $this->checkRequiredParameters($req, $required_params); $msg = $this->checkRequiredParameters($req, $required_params);
if ($msg) if ($msg)
return new APIResponse(false, $msg); return new APIResponse(false, $msg);
@ -100,47 +105,54 @@ class CustomerController extends APIController
public function confirmNumber(RisingTideGateway $rt, Request $req, EntityManagerInterface $em) public function confirmNumber(RisingTideGateway $rt, Request $req, EntityManagerInterface $em)
{ {
$this->denyAccessUnlessGranted('mobile_user.confirm.number', null, 'No access.');
// check parameters // check parameters
$required_params = [ $required_params = [
'phone_number', 'phone_number',
]; ];
// check required parameters and api key // check required parameters
$res = $this->checkParamsAndKey($req, $em, $required_params); $msg = $this->checkRequiredParameters($req, $required_params);
if ($res->isError()) if ($msg)
return $res->getReturnResponse(); return new APIResponse(false, $msg);
// get mobile user
$user_id = $this->getUser()->getID();
$mobile_user = $this->findMobileUser($user_id, $em);
if ($mobile_user == null)
return new APIResponse(false, 'No mobile user found.');
// phone number // phone number
$phone_number = $req->request->get('phone_number'); $phone_number = $req->request->get('phone_number');
// get otp_mode from .env // get otp_mode from .env
$dotenv = new Dotenv(); $dotenv = new Dotenv();
$dotenv->loadEnv(__DIR__.'/../../.env'); $dotenv->loadEnv(__DIR__.'/../../../.env');
$otp_mode = $_ENV['OTP_MODE']; $otp_mode = $_ENV['OTP_MODE'];
// check for hardcoded phone number for app store testing // check for hardcoded phone number for app store testing
if ($phone_number == '639991112233') if ($phone_number == '9221111111')
{ {
$code = '123456'; $code = '123456';
// TODO: mobile session no longer exists, use mobile_user $mobile_user->setConfirmCode($code)
$this->session->setConfirmCode($code)
->setPhoneNumber($phone_number); ->setPhoneNumber($phone_number);
$em->flush(); $em->flush();
return $res->getReturnResponse(); return new APIResponse(true, 'Number confirmed.');
} }
// check if otp_mode is test // check if otp_mode is test
if ($otp_mode == 'test') if ($otp_mode == 'test')
{ {
$code = '123456'; $code = '123456';
// TODO: mobile session no longer exists, use mobile_user $mobile_user->setConfirmCode($code)
$this->session->setConfirmCode($code)
->setPhoneNumber($phone_number); ->setPhoneNumber($phone_number);
$em->flush(); $em->flush();
return $res->getReturnResponse(); return new APIResponse(true, 'Number confirmed.');
} }
// TODO: spam protection // TODO: spam protection
@ -149,8 +161,7 @@ class CustomerController extends APIController
// generate code and save // generate code and save
$code = $this->generateConfirmCode(); $code = $this->generateConfirmCode();
// TODO: mobile session no longer exists, use mobile_user $mobile_user->setConfirmCode($code)
$this->session->setConfirmCode($code)
->setPhoneNumber($phone_number); ->setPhoneNumber($phone_number);
$em->flush(); $em->flush();
@ -161,58 +172,61 @@ class CustomerController extends APIController
} }
// response // response
return $res->getReturnResponse(); return new APIResponse(true, 'Number confirmed.');
} }
// TODO: needs to be modified for mobile user
public function validateCode(Request $req, EntityManagerInterface $em) public function validateCode(Request $req, EntityManagerInterface $em)
{ {
$this->denyAccessUnlessGranted('mobile_user.validate.code', null, 'No access.');
// check parameters // check parameters
$required_params = [ $required_params = [
'code', 'code',
]; ];
// check required parameters and api key // check required parameters
$res = $this->checkParamsAndKey($req, $em, $required_params); $msg = $this->checkRequiredParameters($req, $required_params);
if ($res->isError()) if ($msg)
return $res->getReturnResponse(); return new APIResponse(false, $msg);
// get mobile user
$user_id = $this->getUser()->getID();
$mobile_user = $this->findMobileUser($user_id, $em);
if ($mobile_user == null)
return new APIResponse(false, 'No mobile user found.');
// code is wrong // code is wrong
$code = $req->request->get('code'); $code = $req->request->get('code');
if ($this->session->getConfirmCode() != $code) if ($mobile_user->getConfirmCode() != $code)
{ return new APIResponse(false, 'Wrong confirm code');
$res->setError(true)
->setErrorMessage('Wrong confirm code');
return $res->getReturnResponse();
}
// set confirm date // set confirm date
$date = new DateTime(); $date = new DateTime();
$this->session->setDateConfirmed($date) $mobile_user->setDateConfirmed($date)
->setConfirmed(); ->setConfirmed();
// TODO: check if we have the number registered before and merge // TODO: check if we have the number registered before and merge
$dupe_sess = $this->findNumberSession($this->session->getPhoneNumber()); $dupe_user = $this->findNumberMobileUser($mobile_user->getPhoneNumber(), $em);
if ($dupe_sess != null) if ($dupe_user != null)
{ {
$dupe_cust = $dupe_sess->getCustomer(); $dupe_cust = $dupe_user->getCustomer();
$this->session->setCustomer($dupe_cust); $mobile_user->setCustomer($dupe_cust);
} }
// TODO: check if mobile matches mobile of customer // TODO: check if mobile matches mobile of customer
$customer = $this->findCustomerByNumber($this->session->getPhoneNumber()); $customer = $this->findCustomerByNumber($mobile_user->getPhoneNumber(), $em);
if ($customer != null) if ($customer != null)
{ {
// TODO: if there is a dupe_sess, do we need to check if // TODO: if there is a dupe_sess, do we need to check if
// dupe_cust is the same as the customer we found? // dupe_cust is the same as the customer we found?
$this->session->setCustomer($customer); $mobile_user->setCustomer($customer);
} }
$em->flush(); $em->flush();
// response // response
return $res->getReturnResponse(); return new APIResponse(true, 'Code validated');
} }
// TODO: needs to be modified for mobile user // TODO: needs to be modified for mobile user
@ -475,11 +489,51 @@ class CustomerController extends APIController
protected function findMobileUser($user_id, $em) protected function findMobileUser($user_id, $em)
{ {
$mobile_user = $em->getRepository(MobileUser::class)->findBy(['capi_user_id' => $user_id]); $mobile_user = $em->getRepository(MobileUser::class)->findOneBy(['capi_user_id' => $user_id]);
return $mobile_user; return $mobile_user;
} }
// TODO: find session customer by phone number
protected function findNumberMobileUser($number, $em)
{
$query = $em->getRepository(MobileUser::class)->createQueryBuilder('s')
->where('s.phone_number = :number')
->andWhere('s.customer is not null')
->andWhere('s.confirm_flag = 1')
->setParameter('number', $number)
->setMaxResults(1)
->getQuery();
// we just need one
$res = $query->getOneOrNullResult();
return $res;
}
protected function findCustomerByNumber($number, $em)
{
$customers = $em->getRepository(Customer::class)->findBy(['phone_mobile' => $number]);
// find the customer with the most number of cars
$car_count = 0;
$cust = null;
foreach($customers as $customer)
{
$vehicles = $customer->getVehicles();
if (count($vehicles) > $car_count)
{
$car_count = count($vehicles);
// "save" customer object
$cust = $customer;
}
}
return $cust;
}
// TODO: this might not be needed if we use APIController's checkRequiredParameters // TODO: this might not be needed if we use APIController's checkRequiredParameters
// or we put this into a service? // or we put this into a service?
protected function checkMissingParameters(Request $req, $params = []) protected function checkMissingParameters(Request $req, $params = [])