Removed redundant file and fixed user updat e+ added tests

This commit is contained in:
Finn 2017-07-27 14:18:22 +01:00
parent bad60c85e7
commit 9affdbf08e
4 changed files with 115 additions and 104 deletions

View file

@ -150,8 +150,6 @@ sub startup {
$api->post('/user')->to('api-user#post_account'); $api->post('/user')->to('api-user#post_account');
$api->post('/user/account')->to('api-user#post_account_update'); $api->post('/user/account')->to('api-user#post_account_update');
$api->post('/user/day')->to('api-user#post_day'); $api->post('/user/day')->to('api-user#post_day');
$api->post('/edit')->to('api-api#post_edit');
$api->post('/fetchuser')->to('api-api#post_fetchuser');
$api->post('/user-history')->to('api-user#post_user_history'); $api->post('/user-history')->to('api-user#post_user_history');
$api->post('/stats')->to('api-stats#post_index'); $api->post('/stats')->to('api-stats#post_index');
$api->post('/stats/leaderboard')->to('api-stats#post_leaderboards'); $api->post('/stats/leaderboard')->to('api-stats#post_leaderboards');

View file

@ -1,59 +0,0 @@
package Pear::LocalLoop::Controller::Api::Api;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
sub post_edit {
my $self = shift;
my $json = $self->req->json;
my $account = $self->get_account_by_username( $json->{username} );
unless ( defined $account ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username not recognised, has your token expired?',
});
# PLUG SECURITY HOLE
} elsif ( $account->{keyused} ne 't' ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token has not been used yet!',
});
}
my $insert = $self->db->prepare("UPDATE accounts SET fullname = ?, postcode = ?, age = ?, gender = ?, WHERE username = ?");
$insert->execute(
@{$json}{ qw/ fullname postcode age gender / }, $account->{username},
);
$self->render( json => { success => Mojo::JSON->true } );
}
sub post_fetchuser {
my $self = shift;
my $json = $self->req->json;
my $account = $self->get_account_by_username( $json->{username} );
unless ( defined $account ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username not recognised, has your token expired?',
});
# PLUG SECURITY HOLE
} elsif ( $account->{keyused} ne 't' ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token has not been used yet!',
});
}
# Add stuff to send back to user below here!
$self->render( json => {
success => Mojo::JSON->true,
});
}
1;

View file

@ -11,10 +11,10 @@ has error_messages => sub {
required => { message => 'No name sent or was blank.', status => 400 }, required => { message => 'No name sent or was blank.', status => 400 },
}, },
display_name => { display_name => {
required => { message => 'No name sent or was blank.', status => 400 }, required => { message => 'No display name sent or was blank.', status => 400 },
}, },
full_name => { full_name => {
required => { message => 'No name sent or was blank.', status => 400 }, required => { message => 'No full name sent or was blank.', status => 400 },
}, },
email => { email => {
required => { message => 'No email sent.', status => 400 }, required => { message => 'No email sent.', status => 400 },
@ -56,7 +56,7 @@ sub post_account {
my $c = shift; my $c = shift;
my $user = $c->stash->{api_user}; my $user = $c->stash->{api_user};
my $user_result = $c->schema->resultset('User')->find({ user_id => $c->stash->{api_user}->id }); my $user_result = $c->schema->resultset('User')->find({ id => $c->stash->{api_user}->id });
if ( defined $user_result ) { if ( defined $user_result ) {
my $email = $user_result->email; my $email = $user_result->email;
@ -77,7 +77,6 @@ sub post_account {
return $c->render( json => { return $c->render( json => {
success => Mojo::JSON->true, success => Mojo::JSON->true,
session_key => $session_key,
full_name => $full_name, full_name => $full_name,
display_name => $display_name, display_name => $display_name,
email => $email, email => $email,
@ -97,18 +96,35 @@ sub post_account_update {
my $c = shift; my $c = shift;
my $user = $c->stash->{api_user}; my $user = $c->stash->{api_user};
my $validation = $c->validation; my $validation = $c->validation;
$validation->input( $c->stash->{api_json} ); $validation->input( $c->stash->{api_json} );
$validation->required('password');
my $user_result = $c->schema->resultset('User'); return $c->api_validation_error if $validation->has_error;
$validation->required('email')->in_resultset( 'email', $user_result ); if ( ! $user->check_password($validation->param('password')) ) {
return $c->render(
json => {
success => Mojo::JSON->false,
message => 'password is invalid.',
},
status => 401
);
}
my $user_rs = $c->schema->resultset('User')->search({
id => { "!=" => $user->id },
});
$validation->required('email')->not_in_resultset( 'email', $user_rs );
$validation->required('postcode')->postcode; $validation->required('postcode')->postcode;
$validation->optional('new_password');
if ( defined $user_result->customer_id) ) { if ( defined $user->customer_id ) {
$validation->required('display_name'); $validation->required('display_name');
$validation->required('full_name'); $validation->required('full_name');
} elsif ( defined $user_result->customer_id ) { } elsif ( defined $user->customer_id ) {
$validation->required('name'); $validation->required('name');
$validation->required('street_name'); $validation->required('street_name');
$validation->required('town'); $validation->required('town');
@ -116,62 +132,38 @@ sub post_account_update {
return $c->api_validation_error if $validation->has_error; return $c->api_validation_error if $validation->has_error;
if ($usertype eq 'customer'){ if ( defined $user->customer_id ){
$c->schema->txn_do( sub { $c->schema->txn_do( sub {
my $customer = $c->schema->resultset('Customer')->find({ $user->customer->update({
user_id => $c->stash->{api_user}->id
})->update({
full_name => $validation->param('full_name'), full_name => $validation->param('full_name'),
display_name => $validation->param('display_name'), display_name => $validation->param('display_name'),
postcode => $validation->param('postcode'), postcode => $validation->param('postcode'),
}); });
$c->schema->resultset('User')->find({ $user->update({
user_id => $c->stash->{api_user}->id
})->update({
email => $validation->param('email'), email => $validation->param('email'),
password => $validation->param('new_password') ( defined $validation->param('new_password') ? ( password => $validation->param('new_password') ) : () ),
}); });
}); });
} }
elsif ($usertype eq 'organisation') { elsif ( defined $user->organisation_id ) {
my $fullAddress = $validation->param('fulladdress'); my $fullAddress = $validation->param('fulladdress');
$c->schema->txn_do( sub { $c->schema->txn_do( sub {
my $organisation = $c->schema->resultset('Organisation')->find({ $user->organisation->update({
user_id => $c->stash->{api_user}->id
})->update({
name => $validation->param('name'), name => $validation->param('name'),
street_name => $validation->param('street_name'), street_name => $validation->param('street_name'),
town => $validation->param('town'), town => $validation->param('town'),
postcode => $validation->param('postcode'), postcode => $validation->param('postcode'),
}); });
$c->schema->resultset('User')->find({ $user->update({
user_id => $c->stash->{api_user}->id
})->update({
# customer => $customer,
email => $validation->param('email'), email => $validation->param('email'),
password => $validation->param('new_password') ( defined $validation->param('new_password') ? ( password => $validation->param('new_password') ) : () ),
}); });
}); });
} }
$c->schema->resultset('Customer')->find({
user_id => $c->stash->{api_user}->id
})->update({
full_name => $validation->param('full_name'),
display_name => $validation->param('display_name'),
postcode => $validation->param('postcode'),
});
$c->schema->resultset('User')->find({
user_id => $c->stash->{api_user}->id
})->update({
# organisation => $organisation,
email => $validation->param('email'),
password => $validation->param('new_password')
});
return $c->render( json => { return $c->render( json => {
success => Mojo::JSON->true, success => Mojo::JSON->true,
message => 'Edited Account Successfully', message => 'Edited Account Successfully',

View file

@ -20,7 +20,7 @@ $schema->resultset('AccountToken')->create({
$framework->register_customer({ $framework->register_customer({
'token' => $account_token, 'token' => $account_token,
'full_name' => 'Test User', 'full_name' => 'Test User',
'display_name' => 'Test User', 'display_name' => 'Testing User',
'email' => $email, 'email' => $email,
'postcode' => 'LA1 1AA', 'postcode' => 'LA1 1AA',
'password' => $password, 'password' => $password,
@ -34,7 +34,7 @@ my $session_key = $framework->login({
my $json_no_date = { session_key => $session_key }; my $json_no_date = { session_key => $session_key };
$t->post_ok('/api/user/day', json => $json_no_date) $t->post_ok('/api/user/day', json => $json_no_date)
->status_is(200) ->status_is(200)->or($framework->dump_error)
->json_is('/success', Mojo::JSON->true); ->json_is('/success', Mojo::JSON->true);
my $json_invalid_date = { my $json_invalid_date = {
@ -54,4 +54,84 @@ $t->post_ok('/api/user/day', json => $json_valid_date)
->status_is(200)->or($framework->dump_error) ->status_is(200)->or($framework->dump_error)
->json_is('/success', Mojo::JSON->true); ->json_is('/success', Mojo::JSON->true);
$t->post_ok('/api/user', json => { session_key => $session_key })
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
full_name => 'Test User',
display_name => 'Testing User',
email => $email,
postcode => 'LA1 1AA',
});
#with wrong password
$t->post_ok('/api/user/account', json => {
session_key => $session_key,
full_name => 'Test User 2',
display_name => 'Testing User 2',
email => 'test50@example.com',
postcode => 'LA1 1AB',
password => 'abc12431',
})
->status_is(401)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->false,
message => 'password is invalid.',
});
# With valid details
$t->post_ok('/api/user/account', json => {
session_key => $session_key,
full_name => 'Test User 2',
display_name => 'Testing User 2',
email => 'test50@example.com',
postcode => 'LA1 1AB',
password => $password,
})
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
message => 'Edited Account Successfully',
});
$t->post_ok('/api/user', json => { session_key => $session_key })
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
full_name => 'Test User 2',
display_name => 'Testing User 2',
email => 'test50@example.com',
postcode => 'LA1 1AB',
});
$t->post_ok('/api/user/account', json => {
session_key => $session_key,
full_name => 'Test User 3',
display_name => 'Testing User 3',
email => 'test60@example.com',
postcode => 'LA1 1AD',
password => $password,
new_password => 'abc124',
})
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
message => 'Edited Account Successfully',
});
$t->post_ok('/api/user', json => { session_key => $session_key })
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
full_name => 'Test User 3',
display_name => 'Testing User 3',
email => 'test60@example.com',
postcode => 'LA1 1AD',
});
$session_key = $framework->login({
email => 'test60@example.com',
password => 'abc124',
});
done_testing; done_testing;