Removed redundant file and fixed user updat e+ added tests
This commit is contained in:
parent
bad60c85e7
commit
9affdbf08e
4 changed files with 115 additions and 104 deletions
|
@ -150,8 +150,6 @@ sub startup {
|
||||||
$api->post('/user')->to('api-user#post_account');
|
$api->post('/user')->to('api-user#post_account');
|
||||||
$api->post('/user/account')->to('api-user#post_account_update');
|
$api->post('/user/account')->to('api-user#post_account_update');
|
||||||
$api->post('/user/day')->to('api-user#post_day');
|
$api->post('/user/day')->to('api-user#post_day');
|
||||||
$api->post('/edit')->to('api-api#post_edit');
|
|
||||||
$api->post('/fetchuser')->to('api-api#post_fetchuser');
|
|
||||||
$api->post('/user-history')->to('api-user#post_user_history');
|
$api->post('/user-history')->to('api-user#post_user_history');
|
||||||
$api->post('/stats')->to('api-stats#post_index');
|
$api->post('/stats')->to('api-stats#post_index');
|
||||||
$api->post('/stats/leaderboard')->to('api-stats#post_leaderboards');
|
$api->post('/stats/leaderboard')->to('api-stats#post_leaderboards');
|
||||||
|
|
|
@ -1,59 +0,0 @@
|
||||||
package Pear::LocalLoop::Controller::Api::Api;
|
|
||||||
use Mojo::Base 'Mojolicious::Controller';
|
|
||||||
use Data::Dumper;
|
|
||||||
|
|
||||||
sub post_edit {
|
|
||||||
my $self = shift;
|
|
||||||
|
|
||||||
my $json = $self->req->json;
|
|
||||||
|
|
||||||
my $account = $self->get_account_by_username( $json->{username} );
|
|
||||||
|
|
||||||
unless ( defined $account ) {
|
|
||||||
return $self->render( json => {
|
|
||||||
success => Mojo::JSON->false,
|
|
||||||
message => 'Username not recognised, has your token expired?',
|
|
||||||
});
|
|
||||||
# PLUG SECURITY HOLE
|
|
||||||
} elsif ( $account->{keyused} ne 't' ) {
|
|
||||||
return $self->render( json => {
|
|
||||||
success => Mojo::JSON->false,
|
|
||||||
message => 'Token has not been used yet!',
|
|
||||||
});
|
|
||||||
}
|
|
||||||
my $insert = $self->db->prepare("UPDATE accounts SET fullname = ?, postcode = ?, age = ?, gender = ?, WHERE username = ?");
|
|
||||||
$insert->execute(
|
|
||||||
@{$json}{ qw/ fullname postcode age gender / }, $account->{username},
|
|
||||||
);
|
|
||||||
|
|
||||||
$self->render( json => { success => Mojo::JSON->true } );
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub post_fetchuser {
|
|
||||||
my $self = shift;
|
|
||||||
|
|
||||||
my $json = $self->req->json;
|
|
||||||
|
|
||||||
my $account = $self->get_account_by_username( $json->{username} );
|
|
||||||
|
|
||||||
unless ( defined $account ) {
|
|
||||||
return $self->render( json => {
|
|
||||||
success => Mojo::JSON->false,
|
|
||||||
message => 'Username not recognised, has your token expired?',
|
|
||||||
});
|
|
||||||
# PLUG SECURITY HOLE
|
|
||||||
} elsif ( $account->{keyused} ne 't' ) {
|
|
||||||
return $self->render( json => {
|
|
||||||
success => Mojo::JSON->false,
|
|
||||||
message => 'Token has not been used yet!',
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
# Add stuff to send back to user below here!
|
|
||||||
$self->render( json => {
|
|
||||||
success => Mojo::JSON->true,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
1;
|
|
|
@ -11,10 +11,10 @@ has error_messages => sub {
|
||||||
required => { message => 'No name sent or was blank.', status => 400 },
|
required => { message => 'No name sent or was blank.', status => 400 },
|
||||||
},
|
},
|
||||||
display_name => {
|
display_name => {
|
||||||
required => { message => 'No name sent or was blank.', status => 400 },
|
required => { message => 'No display name sent or was blank.', status => 400 },
|
||||||
},
|
},
|
||||||
full_name => {
|
full_name => {
|
||||||
required => { message => 'No name sent or was blank.', status => 400 },
|
required => { message => 'No full name sent or was blank.', status => 400 },
|
||||||
},
|
},
|
||||||
email => {
|
email => {
|
||||||
required => { message => 'No email sent.', status => 400 },
|
required => { message => 'No email sent.', status => 400 },
|
||||||
|
@ -56,7 +56,7 @@ sub post_account {
|
||||||
my $c = shift;
|
my $c = shift;
|
||||||
|
|
||||||
my $user = $c->stash->{api_user};
|
my $user = $c->stash->{api_user};
|
||||||
my $user_result = $c->schema->resultset('User')->find({ user_id => $c->stash->{api_user}->id });
|
my $user_result = $c->schema->resultset('User')->find({ id => $c->stash->{api_user}->id });
|
||||||
|
|
||||||
if ( defined $user_result ) {
|
if ( defined $user_result ) {
|
||||||
my $email = $user_result->email;
|
my $email = $user_result->email;
|
||||||
|
@ -77,7 +77,6 @@ sub post_account {
|
||||||
|
|
||||||
return $c->render( json => {
|
return $c->render( json => {
|
||||||
success => Mojo::JSON->true,
|
success => Mojo::JSON->true,
|
||||||
session_key => $session_key,
|
|
||||||
full_name => $full_name,
|
full_name => $full_name,
|
||||||
display_name => $display_name,
|
display_name => $display_name,
|
||||||
email => $email,
|
email => $email,
|
||||||
|
@ -97,18 +96,35 @@ sub post_account_update {
|
||||||
my $c = shift;
|
my $c = shift;
|
||||||
|
|
||||||
my $user = $c->stash->{api_user};
|
my $user = $c->stash->{api_user};
|
||||||
|
|
||||||
my $validation = $c->validation;
|
my $validation = $c->validation;
|
||||||
$validation->input( $c->stash->{api_json} );
|
$validation->input( $c->stash->{api_json} );
|
||||||
|
$validation->required('password');
|
||||||
|
|
||||||
my $user_result = $c->schema->resultset('User');
|
return $c->api_validation_error if $validation->has_error;
|
||||||
|
|
||||||
$validation->required('email')->in_resultset( 'email', $user_result );
|
if ( ! $user->check_password($validation->param('password')) ) {
|
||||||
|
return $c->render(
|
||||||
|
json => {
|
||||||
|
success => Mojo::JSON->false,
|
||||||
|
message => 'password is invalid.',
|
||||||
|
},
|
||||||
|
status => 401
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
my $user_rs = $c->schema->resultset('User')->search({
|
||||||
|
id => { "!=" => $user->id },
|
||||||
|
});
|
||||||
|
|
||||||
|
$validation->required('email')->not_in_resultset( 'email', $user_rs );
|
||||||
$validation->required('postcode')->postcode;
|
$validation->required('postcode')->postcode;
|
||||||
|
$validation->optional('new_password');
|
||||||
|
|
||||||
if ( defined $user_result->customer_id) ) {
|
if ( defined $user->customer_id ) {
|
||||||
$validation->required('display_name');
|
$validation->required('display_name');
|
||||||
$validation->required('full_name');
|
$validation->required('full_name');
|
||||||
} elsif ( defined $user_result->customer_id ) {
|
} elsif ( defined $user->customer_id ) {
|
||||||
$validation->required('name');
|
$validation->required('name');
|
||||||
$validation->required('street_name');
|
$validation->required('street_name');
|
||||||
$validation->required('town');
|
$validation->required('town');
|
||||||
|
@ -116,62 +132,38 @@ sub post_account_update {
|
||||||
|
|
||||||
return $c->api_validation_error if $validation->has_error;
|
return $c->api_validation_error if $validation->has_error;
|
||||||
|
|
||||||
if ($usertype eq 'customer'){
|
if ( defined $user->customer_id ){
|
||||||
|
|
||||||
$c->schema->txn_do( sub {
|
$c->schema->txn_do( sub {
|
||||||
my $customer = $c->schema->resultset('Customer')->find({
|
$user->customer->update({
|
||||||
user_id => $c->stash->{api_user}->id
|
|
||||||
})->update({
|
|
||||||
full_name => $validation->param('full_name'),
|
full_name => $validation->param('full_name'),
|
||||||
display_name => $validation->param('display_name'),
|
display_name => $validation->param('display_name'),
|
||||||
postcode => $validation->param('postcode'),
|
postcode => $validation->param('postcode'),
|
||||||
});
|
});
|
||||||
$c->schema->resultset('User')->find({
|
$user->update({
|
||||||
user_id => $c->stash->{api_user}->id
|
email => $validation->param('email'),
|
||||||
})->update({
|
( defined $validation->param('new_password') ? ( password => $validation->param('new_password') ) : () ),
|
||||||
email => $validation->param('email'),
|
|
||||||
password => $validation->param('new_password')
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
}
|
}
|
||||||
elsif ($usertype eq 'organisation') {
|
elsif ( defined $user->organisation_id ) {
|
||||||
my $fullAddress = $validation->param('fulladdress');
|
my $fullAddress = $validation->param('fulladdress');
|
||||||
|
|
||||||
$c->schema->txn_do( sub {
|
$c->schema->txn_do( sub {
|
||||||
my $organisation = $c->schema->resultset('Organisation')->find({
|
$user->organisation->update({
|
||||||
user_id => $c->stash->{api_user}->id
|
|
||||||
})->update({
|
|
||||||
name => $validation->param('name'),
|
name => $validation->param('name'),
|
||||||
street_name => $validation->param('street_name'),
|
street_name => $validation->param('street_name'),
|
||||||
town => $validation->param('town'),
|
town => $validation->param('town'),
|
||||||
postcode => $validation->param('postcode'),
|
postcode => $validation->param('postcode'),
|
||||||
});
|
});
|
||||||
$c->schema->resultset('User')->find({
|
$user->update({
|
||||||
user_id => $c->stash->{api_user}->id
|
|
||||||
})->update({
|
|
||||||
# customer => $customer,
|
|
||||||
email => $validation->param('email'),
|
email => $validation->param('email'),
|
||||||
password => $validation->param('new_password')
|
( defined $validation->param('new_password') ? ( password => $validation->param('new_password') ) : () ),
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
$c->schema->resultset('Customer')->find({
|
|
||||||
user_id => $c->stash->{api_user}->id
|
|
||||||
})->update({
|
|
||||||
full_name => $validation->param('full_name'),
|
|
||||||
display_name => $validation->param('display_name'),
|
|
||||||
postcode => $validation->param('postcode'),
|
|
||||||
});
|
|
||||||
$c->schema->resultset('User')->find({
|
|
||||||
user_id => $c->stash->{api_user}->id
|
|
||||||
})->update({
|
|
||||||
# organisation => $organisation,
|
|
||||||
email => $validation->param('email'),
|
|
||||||
password => $validation->param('new_password')
|
|
||||||
});
|
|
||||||
|
|
||||||
return $c->render( json => {
|
return $c->render( json => {
|
||||||
success => Mojo::JSON->true,
|
success => Mojo::JSON->true,
|
||||||
message => 'Edited Account Successfully',
|
message => 'Edited Account Successfully',
|
||||||
|
|
84
t/api/user.t
84
t/api/user.t
|
@ -20,7 +20,7 @@ $schema->resultset('AccountToken')->create({
|
||||||
$framework->register_customer({
|
$framework->register_customer({
|
||||||
'token' => $account_token,
|
'token' => $account_token,
|
||||||
'full_name' => 'Test User',
|
'full_name' => 'Test User',
|
||||||
'display_name' => 'Test User',
|
'display_name' => 'Testing User',
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'postcode' => 'LA1 1AA',
|
'postcode' => 'LA1 1AA',
|
||||||
'password' => $password,
|
'password' => $password,
|
||||||
|
@ -34,7 +34,7 @@ my $session_key = $framework->login({
|
||||||
|
|
||||||
my $json_no_date = { session_key => $session_key };
|
my $json_no_date = { session_key => $session_key };
|
||||||
$t->post_ok('/api/user/day', json => $json_no_date)
|
$t->post_ok('/api/user/day', json => $json_no_date)
|
||||||
->status_is(200)
|
->status_is(200)->or($framework->dump_error)
|
||||||
->json_is('/success', Mojo::JSON->true);
|
->json_is('/success', Mojo::JSON->true);
|
||||||
|
|
||||||
my $json_invalid_date = {
|
my $json_invalid_date = {
|
||||||
|
@ -54,4 +54,84 @@ $t->post_ok('/api/user/day', json => $json_valid_date)
|
||||||
->status_is(200)->or($framework->dump_error)
|
->status_is(200)->or($framework->dump_error)
|
||||||
->json_is('/success', Mojo::JSON->true);
|
->json_is('/success', Mojo::JSON->true);
|
||||||
|
|
||||||
|
$t->post_ok('/api/user', json => { session_key => $session_key })
|
||||||
|
->status_is(200)->or($framework->dump_error)
|
||||||
|
->json_is({
|
||||||
|
success => Mojo::JSON->true,
|
||||||
|
full_name => 'Test User',
|
||||||
|
display_name => 'Testing User',
|
||||||
|
email => $email,
|
||||||
|
postcode => 'LA1 1AA',
|
||||||
|
});
|
||||||
|
|
||||||
|
#with wrong password
|
||||||
|
$t->post_ok('/api/user/account', json => {
|
||||||
|
session_key => $session_key,
|
||||||
|
full_name => 'Test User 2',
|
||||||
|
display_name => 'Testing User 2',
|
||||||
|
email => 'test50@example.com',
|
||||||
|
postcode => 'LA1 1AB',
|
||||||
|
password => 'abc12431',
|
||||||
|
})
|
||||||
|
->status_is(401)->or($framework->dump_error)
|
||||||
|
->json_is({
|
||||||
|
success => Mojo::JSON->false,
|
||||||
|
message => 'password is invalid.',
|
||||||
|
});
|
||||||
|
|
||||||
|
# With valid details
|
||||||
|
$t->post_ok('/api/user/account', json => {
|
||||||
|
session_key => $session_key,
|
||||||
|
full_name => 'Test User 2',
|
||||||
|
display_name => 'Testing User 2',
|
||||||
|
email => 'test50@example.com',
|
||||||
|
postcode => 'LA1 1AB',
|
||||||
|
password => $password,
|
||||||
|
})
|
||||||
|
->status_is(200)->or($framework->dump_error)
|
||||||
|
->json_is({
|
||||||
|
success => Mojo::JSON->true,
|
||||||
|
message => 'Edited Account Successfully',
|
||||||
|
});
|
||||||
|
|
||||||
|
$t->post_ok('/api/user', json => { session_key => $session_key })
|
||||||
|
->status_is(200)->or($framework->dump_error)
|
||||||
|
->json_is({
|
||||||
|
success => Mojo::JSON->true,
|
||||||
|
full_name => 'Test User 2',
|
||||||
|
display_name => 'Testing User 2',
|
||||||
|
email => 'test50@example.com',
|
||||||
|
postcode => 'LA1 1AB',
|
||||||
|
});
|
||||||
|
|
||||||
|
$t->post_ok('/api/user/account', json => {
|
||||||
|
session_key => $session_key,
|
||||||
|
full_name => 'Test User 3',
|
||||||
|
display_name => 'Testing User 3',
|
||||||
|
email => 'test60@example.com',
|
||||||
|
postcode => 'LA1 1AD',
|
||||||
|
password => $password,
|
||||||
|
new_password => 'abc124',
|
||||||
|
})
|
||||||
|
->status_is(200)->or($framework->dump_error)
|
||||||
|
->json_is({
|
||||||
|
success => Mojo::JSON->true,
|
||||||
|
message => 'Edited Account Successfully',
|
||||||
|
});
|
||||||
|
|
||||||
|
$t->post_ok('/api/user', json => { session_key => $session_key })
|
||||||
|
->status_is(200)->or($framework->dump_error)
|
||||||
|
->json_is({
|
||||||
|
success => Mojo::JSON->true,
|
||||||
|
full_name => 'Test User 3',
|
||||||
|
display_name => 'Testing User 3',
|
||||||
|
email => 'test60@example.com',
|
||||||
|
postcode => 'LA1 1AD',
|
||||||
|
});
|
||||||
|
|
||||||
|
$session_key = $framework->login({
|
||||||
|
email => 'test60@example.com',
|
||||||
|
password => 'abc124',
|
||||||
|
});
|
||||||
|
|
||||||
done_testing;
|
done_testing;
|
||||||
|
|
Reference in a new issue