2017-04-06 21:43:27 +00:00
|
|
|
package Pear::LocalLoop::Controller::Api::Auth;
|
2017-02-24 19:27:43 +00:00
|
|
|
use Mojo::Base 'Mojolicious::Controller';
|
|
|
|
use Data::Dumper;
|
2017-04-18 22:43:49 +00:00
|
|
|
use Mojo::JSON qw/ decode_json /;
|
2017-02-24 19:27:43 +00:00
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
has error_messages => sub {
|
|
|
|
return {
|
|
|
|
email => {
|
|
|
|
required => { message => 'No email sent.', status => 400 },
|
|
|
|
email => { message => 'Email is invalid.', status => 400 },
|
|
|
|
},
|
|
|
|
password => {
|
|
|
|
required => { message => 'No password sent.', status => 400 },
|
|
|
|
},
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2017-04-20 00:27:18 +00:00
|
|
|
sub check_json {
|
2017-04-18 21:31:08 +00:00
|
|
|
my $c = shift;
|
|
|
|
|
2017-04-20 00:27:18 +00:00
|
|
|
# JSON object is either the whole request, or under a json param for upload
|
|
|
|
my $json = $c->req->json || decode_json( $c->param('json') || '{}' );
|
2017-04-18 21:31:08 +00:00
|
|
|
|
2017-04-20 00:27:18 +00:00
|
|
|
unless ( defined $json && ref $json eq 'HASH' && scalar( keys %$json ) > 0 ) {
|
|
|
|
$c->render(
|
|
|
|
json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'JSON is missing.',
|
|
|
|
},
|
|
|
|
status => 400,
|
|
|
|
);
|
|
|
|
return 0;
|
2017-04-18 22:43:49 +00:00
|
|
|
}
|
|
|
|
|
2017-04-20 00:27:18 +00:00
|
|
|
$c->stash( api_json => $json );
|
|
|
|
return 1;
|
|
|
|
}
|
2017-02-24 19:27:43 +00:00
|
|
|
|
2017-04-20 00:27:18 +00:00
|
|
|
sub auth {
|
|
|
|
my $c = shift;
|
|
|
|
|
|
|
|
my $session_key = $c->stash->{api_json}->{session_key};
|
|
|
|
|
|
|
|
if ( defined $session_key ) {
|
2017-04-21 21:12:53 +00:00
|
|
|
my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });
|
2017-04-20 00:27:18 +00:00
|
|
|
|
|
|
|
if ( defined $session_result ) {
|
|
|
|
$c->stash( api_user => $session_result->user );
|
|
|
|
return 1;
|
|
|
|
}
|
2017-04-18 21:31:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$c->render(
|
|
|
|
json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Invalid Session',
|
|
|
|
},
|
|
|
|
status => 401,
|
|
|
|
);
|
|
|
|
return 0;
|
2017-02-24 19:27:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
sub post_login {
|
2017-04-18 21:31:08 +00:00
|
|
|
my $c = shift;
|
2017-02-24 19:27:43 +00:00
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
my $validation = $c->validation;
|
|
|
|
|
2017-04-20 00:27:18 +00:00
|
|
|
$validation->input( $c->stash->{api_json} );
|
2017-04-18 21:31:08 +00:00
|
|
|
$validation->required('email')->email;
|
|
|
|
$validation->required('password');
|
|
|
|
|
2017-04-20 00:27:18 +00:00
|
|
|
return $c->api_validation_error if $validation->has_error;
|
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
my $email = $validation->param('email');
|
|
|
|
my $password = $validation->param('password');
|
|
|
|
|
|
|
|
my $user_result = $c->schema->resultset('User')->find({ email => $email });
|
2017-07-26 14:29:38 +00:00
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
if ( defined $user_result ) {
|
|
|
|
if ( $user_result->check_password($password) ) {
|
2017-04-21 21:12:53 +00:00
|
|
|
my $session_key = $user_result->generate_session;
|
2017-07-26 15:45:46 +00:00
|
|
|
my $display_name;
|
|
|
|
|
|
|
|
if ( defined $user_result->customer_id ) {
|
|
|
|
$display_name = $user_result->customer->display_name;
|
|
|
|
} elsif ( defined $user_result->organisation_id ) {
|
|
|
|
$display_name = $user_result->organisation->name;
|
|
|
|
} else {
|
|
|
|
return undef;
|
|
|
|
}
|
2017-04-18 21:31:08 +00:00
|
|
|
|
|
|
|
return $c->render( json => {
|
|
|
|
success => Mojo::JSON->true,
|
|
|
|
session_key => $session_key,
|
2017-07-26 15:45:46 +00:00
|
|
|
display_name => $display_name,
|
2017-04-18 21:31:08 +00:00
|
|
|
});
|
|
|
|
}
|
2017-02-24 19:27:43 +00:00
|
|
|
}
|
2017-07-20 16:34:33 +00:00
|
|
|
return $c->render(
|
|
|
|
json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Email or password is invalid.',
|
|
|
|
},
|
|
|
|
status => 401
|
|
|
|
);
|
2017-04-18 21:31:08 +00:00
|
|
|
}
|
2017-02-24 19:27:43 +00:00
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
sub post_logout {
|
|
|
|
my $c = shift;
|
2017-02-24 19:27:43 +00:00
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
my $session_key = $c->req->json( '/session_key' );
|
2017-02-24 19:27:43 +00:00
|
|
|
|
2017-04-21 21:12:53 +00:00
|
|
|
my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });
|
2017-02-24 19:27:43 +00:00
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
if ( defined $session_result ) {
|
|
|
|
$session_result->delete;
|
2017-02-24 19:27:43 +00:00
|
|
|
}
|
|
|
|
|
2017-04-18 21:31:08 +00:00
|
|
|
$c->render( json => {
|
|
|
|
success => Mojo::JSON->true,
|
|
|
|
message => 'Logged Out',
|
2017-07-26 14:29:38 +00:00
|
|
|
});
|
2017-02-24 19:27:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
1;
|