From d347901597f785723099c6c2c50d3b5b64701b77 Mon Sep 17 00:00:00 2001 From: codekaar Date: Sun, 4 Nov 2018 21:01:11 +0545 Subject: [PATCH 1/6] fix the usage of validation library --- .../Controllers/AbstractController.php | 1 + .../Controllers/AdministrationController.php | 24 +++++++++---------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/GraphJS/Controllers/AbstractController.php b/src/GraphJS/Controllers/AbstractController.php index c98fbcd..a20c125 100644 --- a/src/GraphJS/Controllers/AbstractController.php +++ b/src/GraphJS/Controllers/AbstractController.php @@ -27,6 +27,7 @@ */ abstract class AbstractController extends \Pho\Server\Rest\Controllers\AbstractController { + protected $validator; public function __construct() { diff --git a/src/GraphJS/Controllers/AdministrationController.php b/src/GraphJS/Controllers/AdministrationController.php index 2a73fbf..c0999f7 100644 --- a/src/GraphJS/Controllers/AdministrationController.php +++ b/src/GraphJS/Controllers/AdministrationController.php @@ -45,13 +45,13 @@ protected function requireAdministrativeRights(Request $request, Response $respo error_log("founder password is: ".getenv("FOUNDER_PASSWORD")); error_log("hash is: ".$hash); $data = $request->getQueryParams(); - $this->validator->make($data, [ + $validation = $this->validator->make($data, [ "hash" => "required" ]); //$v->rule('length', [['hash', 32]]); //error_log($founder->getEmail().":".$founder->getPassword().":".$hash); error_log("data hash is: ".$data["hash"]); - if(!$this->validator->validate()||($data["hash"]!=$hash&&$data["hash"]!=$this->superadmin_hash)) { + if($validation->fails()||($data["hash"]!=$hash&&$data["hash"]!=$this->superadmin_hash)) { return false; } return true; @@ -96,10 +96,10 @@ public function approvePendingComment(Request $request, Response $response, Kern if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $this->validator->make($data, [ + $validation = $this->validator->make($data, [ "comment_id" => "required" ]); - if(!$this->validator->validate()) { + if($validation->fails()) { $this->fail($response, "comment_id required"); return; } @@ -121,11 +121,11 @@ public function setCommentModeration(Request $request, Response $response, Kerne if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $this->validator->make($data, [ + $validation = $this->validator->make($data, [ "moderator" => "required" ]); //$v->rule('boolean', ['moderated']); - if(!$this->validator->validate()) { + if($validation->fails()) { return $this->fail($response, "A boolean 'moderated' field is required"); } $is_moderated = (bool) $data["moderated"]; @@ -159,10 +159,10 @@ public function disapprovePendingComment(Request $request, Response $response,Ke if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $this->validator->make($data, [ + $validation = $this->validator->make($data, [ "comment_id" => "required" ]); - if(!$this->validator->validate()) { + if($validation->fails()) { $this->fail($response, "comment_id required"); return; } @@ -183,10 +183,10 @@ public function setFounderPassword(Request $request, Response $response,Kernel $ if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $this->validator->make($data, [ + $validation = $this->validator->make($data, [ "password" => "required" ]); - if(!$this->validator->validate()) { + if($validation->fails()) { $this->fail($response, "password required"); return; } @@ -206,10 +206,10 @@ public function deleteMember(Request $request, Response $response, Kernel $kerne return $this->fail($response, "Invalid hash"); } $data = $request->getQueryParams(); - $this->validator->make($data, [ + $validation = $this->validator->make($data, [ "id" => "required" ]); - if(!$this->validator->validate()) { + if($validation->fails()) { return $this->fail($response, "User ID unavailable."); } try { From b8d460db6da521caa0eae3473dcaed5362cca95f Mon Sep 17 00:00:00 2001 From: codekaar Date: Sun, 4 Nov 2018 22:22:10 +0545 Subject: [PATCH 2/6] change validation library --- .../Controllers/AuthenticationController.php | 56 ++++++------ src/GraphJS/Controllers/ContentController.php | 86 ++++++++++--------- src/GraphJS/Controllers/FeedController.php | 9 +- src/GraphJS/Controllers/ForumController.php | 40 +++++---- src/GraphJS/Controllers/GroupController.php | 52 ++++++----- src/GraphJS/Controllers/MembersController.php | 19 ++-- .../Controllers/MessagingController.php | 27 +++--- 7 files changed, 158 insertions(+), 131 deletions(-) diff --git a/src/GraphJS/Controllers/AuthenticationController.php b/src/GraphJS/Controllers/AuthenticationController.php index da34ec4..4cf62e9 100644 --- a/src/GraphJS/Controllers/AuthenticationController.php +++ b/src/GraphJS/Controllers/AuthenticationController.php @@ -15,14 +15,13 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use Mailgun\Mailgun; use Defuse\Crypto\Crypto; use Defuse\Crypto\Key; -/** + /** * Takes care of Authentication * * @author Emre Sokullu @@ -38,10 +37,12 @@ public function signupViaToken(Request $request, Response $response, Session $se } $token_key = Key::loadFromAsciiSafeString($token_key); $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['username', 'token', 'email']); - $v->rule('email', 'email'); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'username' => 'required', + 'email' => 'required|email', + 'token' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Valid username, email are required."); return; } @@ -77,10 +78,12 @@ public function signupViaToken(Request $request, Response $response, Session $se public function signup(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['username', 'email', 'password']); - $v->rule('email', 'email'); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'username' => 'required', + 'email' => 'required|email', + 'password' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Valid username, email and password required."); return; } @@ -128,10 +131,11 @@ protected function actualSignup(Request $request, Response $response, Session $s public function login(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['username', 'password']); - //$v->rule('email', 'email'); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'username' => 'required', + 'password' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Username and password fields are required."); return; } @@ -179,9 +183,10 @@ public function loginViatoken(Request $request, Response $response, Session $ses } $token_key = Key::loadFromAsciiSafeString($token_key); $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['token']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'token' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Token field is required."); return; } @@ -248,10 +253,10 @@ public function whoami(Request $request, Response $response, Session $session) public function reset(Request $request, Response $response) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['email']); - $v->rule('email', 'email'); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'email' => 'required|email', + ]); + if($validation->fails()) { $this->fail($response, "Valid email required."); return; } @@ -271,10 +276,11 @@ public function reset(Request $request, Response $response) public function verify(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['email', 'code']); - $v->rule('email', 'email'); - if(!$v->validate()||!preg_match("/^[0-9]{6}$/", $data["code"])) { + $validation = $this->validator->make($data, [ + 'email' => 'required|email', + 'code' => 'required', + ]); + if($validation->fails()||!preg_match("/^[0-9]{6}$/", $data["code"])) { $this->fail($response, "Valid email and code required."); return; } diff --git a/src/GraphJS/Controllers/ContentController.php b/src/GraphJS/Controllers/ContentController.php index 59be2b1..3920530 100644 --- a/src/GraphJS/Controllers/ContentController.php +++ b/src/GraphJS/Controllers/ContentController.php @@ -15,7 +15,6 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use PhoNetworksAutogenerated\Page; use PhoNetworksAutogenerated\UserOut\Star; @@ -49,10 +48,10 @@ public function star(Request $request, Response $response, Session $session, Ker return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['url']); - $v->rule('url', ['url']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'url' => 'required|url', + ]); + if($validation->fails()) { $this->fail($response, "Url required."); return; } @@ -96,10 +95,10 @@ protected function _fromUrlToNode(Kernel $kernel, string $url) public function isStarred(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['url']); - $v->rule('url', ['url']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'url' => 'required|url', + ]); + if($validation->fails()) { $this->fail($response, "Url required."); return; } @@ -120,9 +119,11 @@ public function edit(Request $request, Response $response, Session $session, Ker return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id', 'content']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + 'content' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Comment ID and Content are required."); return; } @@ -148,10 +149,11 @@ public function comment(Request $request, Response $response, Session $session, return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['url', 'content']); - $v->rule('url', ['url']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'url' => 'required|url', + 'content' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Url and content fields are required."); return; } @@ -172,10 +174,10 @@ public function comment(Request $request, Response $response, Session $session, public function fetchComments(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['url']); - $v->rule('url', ['url']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'url' => 'required|url', + ]); + if($validation->fails()) { $this->fail($response, "Url field is required."); return; } @@ -210,9 +212,10 @@ public function delComment(Request $request, Response $response, Session $sessio return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['comment_id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'comment_id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Comment_id field is required."); return; } @@ -232,10 +235,10 @@ public function unstar(Request $request, Response $response, Session $session, K return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['url']); - $v->rule('url', ['url']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'url' => 'required|url', + ]); + if($validation->fails()) { $this->fail($response, "Url required."); return; } @@ -312,9 +315,10 @@ public function addPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['data']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'data' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Data field is required."); return; } @@ -334,9 +338,11 @@ public function editPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id', 'data']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + 'data' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "ID and Data fields are required."); return; } @@ -357,9 +363,10 @@ public function getPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { return $this->fail($response, "ID is required."); } try { @@ -380,9 +387,10 @@ public function delPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "ID is required."); return; } diff --git a/src/GraphJS/Controllers/FeedController.php b/src/GraphJS/Controllers/FeedController.php index 3ec1603..ac3e60e 100644 --- a/src/GraphJS/Controllers/FeedController.php +++ b/src/GraphJS/Controllers/FeedController.php @@ -15,7 +15,6 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use PhoNetworksAutogenerated\Thread; use PhoNetworksAutogenerated\UserOut\Start; @@ -36,9 +35,11 @@ class FeedController extends AbstractController public function generate(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['type','id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + 'type' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Type and/or id fields unavailable."); return; } diff --git a/src/GraphJS/Controllers/ForumController.php b/src/GraphJS/Controllers/ForumController.php index 16c46bf..0e391ee 100644 --- a/src/GraphJS/Controllers/ForumController.php +++ b/src/GraphJS/Controllers/ForumController.php @@ -15,7 +15,6 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use PhoNetworksAutogenerated\Thread; use PhoNetworksAutogenerated\UserOut\Start; @@ -39,9 +38,10 @@ public function delete(Request $request, Response $response, Session $session, K return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Entity ID unavailable."); return; } @@ -91,10 +91,11 @@ public function startThread(Request $request, Response $response, Session $sessi return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['title', 'message']); - $v->rule('lengthMax', ['title'], 80); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'title' => 'required|max:80', + 'message' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Title (up to 80 chars) and Message are required."); return; } @@ -125,9 +126,11 @@ public function replyThread(Request $request, Response $response, Session $sessi return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id', 'message']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + 'message' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Thread ID and Message are required."); return; } @@ -152,9 +155,11 @@ public function edit(Request $request, Response $response, Session $session, Ker return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id', 'content']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + 'content' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Message ID and Content are required."); return; } @@ -250,9 +255,10 @@ function (string $key): bool { public function getThread(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Thread ID required."); return; } diff --git a/src/GraphJS/Controllers/GroupController.php b/src/GraphJS/Controllers/GroupController.php index 338b24f..d701796 100644 --- a/src/GraphJS/Controllers/GroupController.php +++ b/src/GraphJS/Controllers/GroupController.php @@ -15,7 +15,6 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use PhoNetworksAutogenerated\UserOut\Create; use PhoNetworksAutogenerated\Group; @@ -48,10 +47,11 @@ public function createGroup(Request $request, Response $response, Session $sessi return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['title', 'description']); - $v->rule('lengthMax', ['title'], 80); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'title' => 'required|max:80', + 'description' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Title (up to 80 chars) and Description are required."); return; } @@ -71,9 +71,10 @@ public function setGroup(Request $request, Response $response, Session $session, } // Avatar, Birthday, About, Username, Email $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Group ID is required."); return; } @@ -148,9 +149,10 @@ public function leaveGroup(Request $request, Response $response, Session $sessio return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Group ID required."); return; } @@ -189,9 +191,10 @@ public function joinGroup(Request $request, Response $response, Session $session return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Group ID required."); return; } @@ -222,9 +225,10 @@ public function joinGroup(Request $request, Response $response, Session $session public function listMemberships(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "User ID required."); return; } @@ -284,9 +288,10 @@ public function listGroups(Request $request, Response $response, Kernel $kernel) function fetchGroup(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Group ID required."); return; } @@ -329,9 +334,10 @@ function (/*mixed*/ $value): bool { public function listMembers(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Group ID required."); return; } diff --git a/src/GraphJS/Controllers/MembersController.php b/src/GraphJS/Controllers/MembersController.php index 468c3ec..2883ca9 100644 --- a/src/GraphJS/Controllers/MembersController.php +++ b/src/GraphJS/Controllers/MembersController.php @@ -15,7 +15,6 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use PhoNetworksAutogenerated\UserOut\Follow; use Pho\Lib\Graph\ID; @@ -55,8 +54,6 @@ public function getMembers(Request $request, Response $response, Kernel $kernel) public function getFollowers(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); if(!isset($data["id"])||!preg_match("/^[0-9a-fA-F][0-9a-fA-F]{30}[0-9a-fA-F]$/", $data["id"])) { if(is_null($id = $this->dependOnSession(...\func_get_args()))) { return $this->fail($response, "Either session required or a valid ID must be entered."); @@ -87,8 +84,6 @@ function (string $key): bool { public function getFollowing(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); if(!isset($data["id"])||!preg_match("/^[0-9a-fA-F][0-9a-fA-F]{30}[0-9a-fA-F]$/", $data["id"])) { if(is_null($id = $this->dependOnSession(...\func_get_args()))) { return $this->fail($response, "Either session required or a valid ID must be entered."); @@ -132,9 +127,10 @@ public function follow(Request $request, Response $response, Session $session, K return $this->fail($response, "Session required"); } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Valid user ID required."); return; } @@ -177,9 +173,10 @@ public function unfollow(Request $request, Response $response, Session $session, return $this->fail($response, "Session required"); } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Valid user ID required."); return; } diff --git a/src/GraphJS/Controllers/MessagingController.php b/src/GraphJS/Controllers/MessagingController.php index b93951d..ea4cce5 100644 --- a/src/GraphJS/Controllers/MessagingController.php +++ b/src/GraphJS/Controllers/MessagingController.php @@ -15,7 +15,6 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use Pho\Lib\Graph\ID; use Mailgun\Mailgun; @@ -47,12 +46,14 @@ public function message(Request $request, Response $response, Session $session, $this->dependOnSession(...\func_get_args()); } $data = $request->getQueryParams(); - $v = new Validator($data); + $rules = [ + 'to' => 'required', + 'message' => 'required', + ]; if($anonymous && is_null($id)) - $v->rule('required', ['sender', 'to', 'message']); - else - $v->rule('required', ['to', 'message']); - if(!$v->validate()) { + $rules += [ 'sender' => 'required' ]; + $validation = $this->validator->make($data, $rules); + if($validation->fails()) { $this->fail($response, "Valid recipient and message are required."); return; } @@ -247,9 +248,10 @@ public function fetchConversation(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['with']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'with' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Valid user Id (with) required."); return; } @@ -312,9 +314,10 @@ public function fetchMessage(Request $request, Response $response, Session $sess return; } $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['msgid']); - if(!$v->validate()) { + $validation = $this->validator->make($data, [ + 'msgid' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Valid message id required."); return; } From c8be15f0a27dcfd0acc4eab20916ac90cbaf04ed Mon Sep 17 00:00:00 2001 From: codekaar Date: Sun, 4 Nov 2018 23:10:46 +0545 Subject: [PATCH 3/6] fix use of validation library --- .../Controllers/AdministrationController.php | 12 ++++---- .../Controllers/AuthenticationController.php | 12 ++++---- src/GraphJS/Controllers/ContentController.php | 28 +++++++++---------- src/GraphJS/Controllers/FeedController.php | 2 +- src/GraphJS/Controllers/ForumController.php | 10 +++---- src/GraphJS/Controllers/GroupController.php | 14 +++++----- src/GraphJS/Controllers/MembersController.php | 4 +-- .../Controllers/MessagingController.php | 6 ++-- src/GraphJS/Controllers/ProfileController.php | 27 ++++++++++-------- 9 files changed, 60 insertions(+), 55 deletions(-) diff --git a/src/GraphJS/Controllers/AdministrationController.php b/src/GraphJS/Controllers/AdministrationController.php index c0999f7..c017d5a 100644 --- a/src/GraphJS/Controllers/AdministrationController.php +++ b/src/GraphJS/Controllers/AdministrationController.php @@ -45,7 +45,7 @@ protected function requireAdministrativeRights(Request $request, Response $respo error_log("founder password is: ".getenv("FOUNDER_PASSWORD")); error_log("hash is: ".$hash); $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ "hash" => "required" ]); //$v->rule('length', [['hash', 32]]); @@ -96,7 +96,7 @@ public function approvePendingComment(Request $request, Response $response, Kern if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ "comment_id" => "required" ]); if($validation->fails()) { @@ -121,7 +121,7 @@ public function setCommentModeration(Request $request, Response $response, Kerne if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ "moderator" => "required" ]); //$v->rule('boolean', ['moderated']); @@ -159,7 +159,7 @@ public function disapprovePendingComment(Request $request, Response $response,Ke if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ "comment_id" => "required" ]); if($validation->fails()) { @@ -183,7 +183,7 @@ public function setFounderPassword(Request $request, Response $response,Kernel $ if(!$this->requireAdministrativeRights(...\func_get_args())) return $this->fail($response, "Invalid hash"); $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ "password" => "required" ]); if($validation->fails()) { @@ -206,7 +206,7 @@ public function deleteMember(Request $request, Response $response, Kernel $kerne return $this->fail($response, "Invalid hash"); } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ "id" => "required" ]); if($validation->fails()) { diff --git a/src/GraphJS/Controllers/AuthenticationController.php b/src/GraphJS/Controllers/AuthenticationController.php index 4cf62e9..8f5fd13 100644 --- a/src/GraphJS/Controllers/AuthenticationController.php +++ b/src/GraphJS/Controllers/AuthenticationController.php @@ -37,7 +37,7 @@ public function signupViaToken(Request $request, Response $response, Session $se } $token_key = Key::loadFromAsciiSafeString($token_key); $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'username' => 'required', 'email' => 'required|email', 'token' => 'required', @@ -78,7 +78,7 @@ public function signupViaToken(Request $request, Response $response, Session $se public function signup(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'username' => 'required', 'email' => 'required|email', 'password' => 'required', @@ -131,7 +131,7 @@ protected function actualSignup(Request $request, Response $response, Session $s public function login(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'username' => 'required', 'password' => 'required', ]); @@ -183,7 +183,7 @@ public function loginViatoken(Request $request, Response $response, Session $ses } $token_key = Key::loadFromAsciiSafeString($token_key); $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'token' => 'required', ]); if($validation->fails()) { @@ -253,7 +253,7 @@ public function whoami(Request $request, Response $response, Session $session) public function reset(Request $request, Response $response) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'email' => 'required|email', ]); if($validation->fails()) { @@ -276,7 +276,7 @@ public function reset(Request $request, Response $response) public function verify(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'email' => 'required|email', 'code' => 'required', ]); diff --git a/src/GraphJS/Controllers/ContentController.php b/src/GraphJS/Controllers/ContentController.php index 3920530..7726751 100644 --- a/src/GraphJS/Controllers/ContentController.php +++ b/src/GraphJS/Controllers/ContentController.php @@ -48,7 +48,7 @@ public function star(Request $request, Response $response, Session $session, Ker return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'url' => 'required|url', ]); if($validation->fails()) { @@ -95,7 +95,7 @@ protected function _fromUrlToNode(Kernel $kernel, string $url) public function isStarred(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'url' => 'required|url', ]); if($validation->fails()) { @@ -119,7 +119,7 @@ public function edit(Request $request, Response $response, Session $session, Ker return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', 'content' => 'required', ]); @@ -149,7 +149,7 @@ public function comment(Request $request, Response $response, Session $session, return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'url' => 'required|url', 'content' => 'required', ]); @@ -174,7 +174,7 @@ public function comment(Request $request, Response $response, Session $session, public function fetchComments(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'url' => 'required|url', ]); if($validation->fails()) { @@ -212,7 +212,7 @@ public function delComment(Request $request, Response $response, Session $sessio return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'comment_id' => 'required', ]); if($validation->fails()) { @@ -235,7 +235,7 @@ public function unstar(Request $request, Response $response, Session $session, K return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'url' => 'required|url', ]); if($validation->fails()) { @@ -279,7 +279,7 @@ public function fetchStarredContent(Request $request, Response $response, Kernel } if(count($array)==0) { $this->fail($response, "No content starred yet"); - } + } $this->succeed($response, ["pages"=>$ret]); } @@ -305,7 +305,7 @@ public function fetchMyStars(Request $request, Response $response, Session $sess } if(count($array)==0) { $this->fail($response, "No content starred yet"); - } + } $this->succeed($response, ["pages"=>$ret]); } @@ -315,7 +315,7 @@ public function addPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'data' => 'required', ]); if($validation->fails()) { @@ -326,7 +326,7 @@ public function addPrivateContent(Request $request, Response $response, Session try { $private_content = $i->post("http://private/?".bin2hex(random_bytes(16)), $data["data"]); ; return $this->succeed($response, ["id"=>(string) $private_content->id()]); - } + } catch (\Exception $e) { return $this->fail($response, "Unknown error creating private content. Try again later."); } @@ -338,7 +338,7 @@ public function editPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', 'data' => 'required', ]); @@ -363,7 +363,7 @@ public function getPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -387,7 +387,7 @@ public function delPrivateContent(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { diff --git a/src/GraphJS/Controllers/FeedController.php b/src/GraphJS/Controllers/FeedController.php index ac3e60e..f0de800 100644 --- a/src/GraphJS/Controllers/FeedController.php +++ b/src/GraphJS/Controllers/FeedController.php @@ -35,7 +35,7 @@ class FeedController extends AbstractController public function generate(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', 'type' => 'required', ]); diff --git a/src/GraphJS/Controllers/ForumController.php b/src/GraphJS/Controllers/ForumController.php index 0e391ee..52e1f4d 100644 --- a/src/GraphJS/Controllers/ForumController.php +++ b/src/GraphJS/Controllers/ForumController.php @@ -38,7 +38,7 @@ public function delete(Request $request, Response $response, Session $session, K return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -91,7 +91,7 @@ public function startThread(Request $request, Response $response, Session $sessi return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'title' => 'required|max:80', 'message' => 'required', ]); @@ -126,7 +126,7 @@ public function replyThread(Request $request, Response $response, Session $sessi return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', 'message' => 'required', ]); @@ -155,7 +155,7 @@ public function edit(Request $request, Response $response, Session $session, Ker return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', 'content' => 'required', ]); @@ -255,7 +255,7 @@ function (string $key): bool { public function getThread(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { diff --git a/src/GraphJS/Controllers/GroupController.php b/src/GraphJS/Controllers/GroupController.php index d701796..6450622 100644 --- a/src/GraphJS/Controllers/GroupController.php +++ b/src/GraphJS/Controllers/GroupController.php @@ -47,7 +47,7 @@ public function createGroup(Request $request, Response $response, Session $sessi return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'title' => 'required|max:80', 'description' => 'required', ]); @@ -71,7 +71,7 @@ public function setGroup(Request $request, Response $response, Session $session, } // Avatar, Birthday, About, Username, Email $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -149,7 +149,7 @@ public function leaveGroup(Request $request, Response $response, Session $sessio return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -191,7 +191,7 @@ public function joinGroup(Request $request, Response $response, Session $session return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -225,7 +225,7 @@ public function joinGroup(Request $request, Response $response, Session $session public function listMemberships(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -288,7 +288,7 @@ public function listGroups(Request $request, Response $response, Kernel $kernel) function fetchGroup(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -334,7 +334,7 @@ function (/*mixed*/ $value): bool { public function listMembers(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { diff --git a/src/GraphJS/Controllers/MembersController.php b/src/GraphJS/Controllers/MembersController.php index 2883ca9..0ac9af2 100644 --- a/src/GraphJS/Controllers/MembersController.php +++ b/src/GraphJS/Controllers/MembersController.php @@ -127,7 +127,7 @@ public function follow(Request $request, Response $response, Session $session, K return $this->fail($response, "Session required"); } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { @@ -173,7 +173,7 @@ public function unfollow(Request $request, Response $response, Session $session, return $this->fail($response, "Session required"); } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'id' => 'required', ]); if($validation->fails()) { diff --git a/src/GraphJS/Controllers/MessagingController.php b/src/GraphJS/Controllers/MessagingController.php index ea4cce5..60f2e70 100644 --- a/src/GraphJS/Controllers/MessagingController.php +++ b/src/GraphJS/Controllers/MessagingController.php @@ -52,7 +52,7 @@ public function message(Request $request, Response $response, Session $session, ]; if($anonymous && is_null($id)) $rules += [ 'sender' => 'required' ]; - $validation = $this->validator->make($data, $rules); + $validation = $this->validator->validate($data, $rules); if($validation->fails()) { $this->fail($response, "Valid recipient and message are required."); return; @@ -248,7 +248,7 @@ public function fetchConversation(Request $request, Response $response, Session return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'with' => 'required', ]); if($validation->fails()) { @@ -314,7 +314,7 @@ public function fetchMessage(Request $request, Response $response, Session $sess return; } $data = $request->getQueryParams(); - $validation = $this->validator->make($data, [ + $validation = $this->validator->validate($data, [ 'msgid' => 'required', ]); if($validation->fails()) { diff --git a/src/GraphJS/Controllers/ProfileController.php b/src/GraphJS/Controllers/ProfileController.php index aea9c38..e167920 100644 --- a/src/GraphJS/Controllers/ProfileController.php +++ b/src/GraphJS/Controllers/ProfileController.php @@ -15,7 +15,6 @@ use CapMousse\ReactRestify\Http\Response; use CapMousse\ReactRestify\Http\Session; use Pho\Kernel\Kernel; -use Valitron\Validator; use PhoNetworksAutogenerated\User; use PhoNetworksAutogenerated\UserOut\Follow; use Pho\Lib\Graph\ID; @@ -42,9 +41,10 @@ class ProfileController extends AbstractController public function getProfile(Request $request, Response $response, Kernel $kernel) { $data = $request->getQueryParams(); - $v = new Validator($data); - $v->rule('required', ['id']); - if(!$v->validate()) { + $validation = $this->validator->validate($data, [ + 'id' => 'required', + ]); + if($validation->fails()) { $this->fail($response, "Valid user ID required."); return; } @@ -106,7 +106,6 @@ public function setProfile(Request $request, Response $response, Session $sessio } // Avatar, Birthday, About, Username, Email $data = $request->getQueryParams(); - $v = new Validator($data); $i = $kernel->gs()->node($id); @@ -131,8 +130,10 @@ public function setProfile(Request $request, Response $response, Session $sessio } if(isset($data["birthday"])) { - $v->rule('dateBefore', ['birthday'], "13 years ago"); - if(!$v->validate()) { + $validation = $this->validator->validate($data, [ + 'birthday' => 'date|before:13 years ago', + ]); + if($validation->fails()) { $this->fail($response, "Birthday invalid."); return; } @@ -141,8 +142,10 @@ public function setProfile(Request $request, Response $response, Session $sessio } if(isset($data["avatar"])) { - $v->rule('url', ['avatar']); - if(!$v->validate()) { + $validation = $this->validator->validate($data, [ + 'avatar' => 'url', + ]); + if($validation->fails()) { $this->fail($response, "Avatar URL invalid."); return; } @@ -151,8 +154,10 @@ public function setProfile(Request $request, Response $response, Session $sessio } if(isset($data["email"])) { - $v->rule('email', ['email']); - if(!$v->validate()) { + $validation = $this->validator->validate($data, [ + 'email' => 'email', + ]); + if($validation->fails()) { $this->fail($response, "Email is invalid."); return; } From 210ca2e9dfc3eb9912a3136afdd4ed5cadd4cedc Mon Sep 17 00:00:00 2001 From: codekaar Date: Tue, 6 Nov 2018 00:13:41 +0545 Subject: [PATCH 4/6] merge login and loginViaToken, signup and signupViaToken --- .../Controllers/AuthenticationController.php | 152 ++++++------------ 1 file changed, 51 insertions(+), 101 deletions(-) diff --git a/src/GraphJS/Controllers/AuthenticationController.php b/src/GraphJS/Controllers/AuthenticationController.php index 8f5fd13..c81cec3 100644 --- a/src/GraphJS/Controllers/AuthenticationController.php +++ b/src/GraphJS/Controllers/AuthenticationController.php @@ -28,41 +28,6 @@ */ class AuthenticationController extends AbstractController { - - public function signupViaToken(Request $request, Response $response, Session $session, Kernel $kernel) - { - $token_key = getenv("SINGLE_SIGNON_TOKEN_KEY") ? getenv("SINGLE_SIGNON_TOKEN_KEY") : ""; - if(empty($token_key)) { - return $this->fail($response, "Single sign-on not allowed"); - } - $token_key = Key::loadFromAsciiSafeString($token_key); - $data = $request->getQueryParams(); - $validation = $this->validator->validate($data, [ - 'username' => 'required', - 'email' => 'required|email', - 'token' => 'required', - ]); - if($validation->fails()) { - $this->fail($response, "Valid username, email are required."); - return; - } - if(!preg_match("/^[a-zA-Z0-9_]{1,12}$/", $data["username"])) { - $this->fail($response, "Invalid username"); - return; - } - try { - $username = Crypto::decrypt($data["token"], $token_key); - } - catch(\Exception $e) { - return $this->fail($response, "Invalid token"); - } - if($username!=$data["username"]) { - return $this->fail($response, "Invalid token"); - } - $password = substr($data["token"], -8); - $this->actualSignup($request, $response, $session, $kernel, $username, $data["email"], $password); - } - /** * Sign Up * @@ -81,21 +46,44 @@ public function signup(Request $request, Response $response, Session $session, K $validation = $this->validator->validate($data, [ 'username' => 'required', 'email' => 'required|email', - 'password' => 'required', + 'password' => 'required_without:token', + 'token' => 'required_without:password', ]); if($validation->fails()) { - $this->fail($response, "Valid username, email and password required."); + $this->fail($response, "Valid username, email and password or token required."); return; } if(!preg_match("/^[a-zA-Z0-9_]{1,12}$/", $data["username"])) { $this->fail($response, "Invalid username"); return; } - if(!preg_match("/[0-9A-Za-z!@#$%_]{5,15}/", $data["password"])) { - $this->fail($response, "Invalid password"); - return; + if (isset($data['token'])) { + $token_key = getenv("SINGLE_SIGNON_TOKEN_KEY") ? getenv("SINGLE_SIGNON_TOKEN_KEY") : ""; + if(empty($token_key)) { + return $this->fail($response, "Single sign-on not allowed"); + } + $token_key = Key::loadFromAsciiSafeString($token_key); + + try { + $username = Crypto::decrypt($data["token"], $token_key); + } + catch(\Exception $e) { + return $this->fail($response, "Invalid token"); + } + if($username!=$data["username"]) { + return $this->fail($response, "Invalid token"); + } + $password = substr($data["token"], -8); + } + else { + if(!preg_match("/[0-9A-Za-z!@#$%_]{5,15}/", $data["password"])) { + $this->fail($response, "Invalid password"); + return; + } + $username = $data['username']; + $password = $data['password']; } - $this->actualSignup( $request, $response, $session, $kernel, $data["username"], $data["email"], $data["password"]); + $this->actualSignup( $request, $response, $session, $kernel, $username, $data["email"], $password); } protected function actualSignup(Request $request, Response $response, Session $session, Kernel $kernel, string $username, string $email, string $password): void @@ -132,81 +120,43 @@ public function login(Request $request, Response $response, Session $session, Ke { $data = $request->getQueryParams(); $validation = $this->validator->validate($data, [ - 'username' => 'required', - 'password' => 'required', + 'username' => 'required_without:token', + 'password' => 'required_without:token', + 'token' => 'required_without:username,password', ]); if($validation->fails()) { - $this->fail($response, "Username and password fields are required."); + $this->fail($response, "Either Username and password fields or Token field is required."); return; } - $result = $kernel->index()->query( - "MATCH (n:user {Username: {username}, Password: {password}}) RETURN n", - [ - "username" => $data["username"], - "password" => md5($data["password"]) - ] - ); - - error_log(print_r($result, true)); - $success = (count($result->results()) == 1); - if(!$success) { - $this->fail($response, "Information don't match records"); - return; - } - $user = $result->results()[0]; - $session->set($request, "id", $user["udid"]); - $this->succeed( - $response, [ - "id" => $user["udid"] - ] - ); - } + if (isset($data['token'])) { + $token_key = getenv("SINGLE_SIGNON_TOKEN_KEY") ? getenv("SINGLE_SIGNON_TOKEN_KEY") : ""; + if(empty($token_key)) { + return $this->fail($response, "Single sign-on not allowed"); + } + $token_key = Key::loadFromAsciiSafeString($token_key); - /** - * Log In Via Token - * - * [token] - * - * @param Request $request - * @param Response $response - * @param Session $session - * @param Kernel $kernel - * - * @return void - */ - public function loginViatoken(Request $request, Response $response, Session $session, Kernel $kernel) - { - $token_key = getenv("SINGLE_SIGNON_TOKEN_KEY") ? getenv("SINGLE_SIGNON_TOKEN_KEY") : ""; - if(empty($token_key)) { - return $this->fail($response, "Single sign-on not allowed"); - } - $token_key = Key::loadFromAsciiSafeString($token_key); - $data = $request->getQueryParams(); - $validation = $this->validator->validate($data, [ - 'token' => 'required', - ]); - if($validation->fails()) { - $this->fail($response, "Token field is required."); - return; - } - try { - $username = Crypto::decrypt($data["token"], $token_key); + try { + $username = Crypto::decrypt($data["token"], $token_key); + } + catch (\Exception $e) { + return $this->fail($response, "Invalid token"); + } + $password = substr($data["token"], -8); } - catch(\Exception $e) { - return $this->fail($response, "Invalid token"); + else { + $username = $data["username"]; + $password = $data['password']; } - $password = substr($data["token"], -8); - error_log("username is: ".$username."\npassword is: ".$password); + $result = $kernel->index()->query( "MATCH (n:user {Username: {username}, Password: {password}}) RETURN n", [ "username" => $username, - "password" => md5($password) + "password" => md5($password), ] ); - error_log(print_r($result, true)); $success = (count($result->results()) == 1); if(!$success) { $this->fail($response, "Information don't match records"); From cc466d1ba9117d94eb8368cc6356f732feafce3a Mon Sep 17 00:00:00 2001 From: codekaar Date: Tue, 6 Nov 2018 00:30:59 +0545 Subject: [PATCH 5/6] remove use of required_without --- .../Controllers/AuthenticationController.php | 34 ++++++++++++++----- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/src/GraphJS/Controllers/AuthenticationController.php b/src/GraphJS/Controllers/AuthenticationController.php index c81cec3..ee776b0 100644 --- a/src/GraphJS/Controllers/AuthenticationController.php +++ b/src/GraphJS/Controllers/AuthenticationController.php @@ -43,12 +43,21 @@ class AuthenticationController extends AbstractController public function signup(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->validate($data, [ + $rules = [ 'username' => 'required', 'email' => 'required|email', - 'password' => 'required_without:token', - 'token' => 'required_without:password', - ]); + ]; + if (isset($data['token'])) { + $rules += [ + 'token' => 'required', + ]; + } + else { + $rules += [ + 'password' => 'required', + ]; + } + $validation = $this->validator->validate($data, $rules); if($validation->fails()) { $this->fail($response, "Valid username, email and password or token required."); return; @@ -119,11 +128,18 @@ protected function actualSignup(Request $request, Response $response, Session $s public function login(Request $request, Response $response, Session $session, Kernel $kernel) { $data = $request->getQueryParams(); - $validation = $this->validator->validate($data, [ - 'username' => 'required_without:token', - 'password' => 'required_without:token', - 'token' => 'required_without:username,password', - ]); + if (isset($data['token'])) { + $rules = [ + 'token' => 'required', + ]; + } + else { + $rules = [ + 'username' => 'required', + 'password' => 'required', + ]; + } + $validation = $this->validator->validate($data, $rules); if($validation->fails()) { $this->fail($response, "Either Username and password fields or Token field is required."); return; From e8ea730b6f4291a9a1106f6c793f122f4ad7d196 Mon Sep 17 00:00:00 2001 From: codekaar Date: Tue, 6 Nov 2018 00:32:18 +0545 Subject: [PATCH 6/6] remove route --- src/GraphJS/Router.php | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/GraphJS/Router.php b/src/GraphJS/Router.php index 5bff5a0..c42c695 100644 --- a/src/GraphJS/Router.php +++ b/src/GraphJS/Router.php @@ -208,21 +208,11 @@ protected static function initFeed(Server $server, array $controllers, Kernel $k protected static function initAuthentication(Server $server, array $controllers, Kernel $kernel): void { $session = self::$session; - $server->get( - 'tokenSignup', function (Request $request, Response $response) use ($session, $controllers, $kernel) { - $controllers["authentication"]->signupViaToken($request, $response, $session, $kernel); - } - ); $server->get( 'signup', function (Request $request, Response $response) use ($session, $controllers, $kernel) { $controllers["authentication"]->signup($request, $response, $session, $kernel); } ); - $server->get( - 'tokenLogin', function (Request $request, Response $response) use ($session, $controllers, $kernel) { - $controllers["authentication"]->loginViaToken($request, $response, $session, $kernel); - } - ); $server->get( 'login', function (Request $request, Response $response) use ($session, $controllers, $kernel) { $controllers["authentication"]->login($request, $response, $session, $kernel);