Pear-Trading/Foodloop-Server
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #23 from Pear-Trading/finn/UserInfo

Browse source 
Added User Info Retrieval and Updating
This commit is contained in:
Finn 2017-07-27 15:56:19 +01:00 committed by GitHub
commit e222b635a8
5 changed files with 240 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/Pear/LocalLoop.pm
View file

@ -147,9 +147,9 @@ sub startup {
});
$api->post('/upload')->to('api-upload#post_upload');
$api->post('/search')->to('api-upload#post_search');
$api->post('/user')->to('api-user#post_account');
$api->post('/user/account')->to('api-user#post_account_update');
$api->post('/user/day')->to('api-user#post_day');
$api->post('/edit')->to('api-api#post_edit');
$api->post('/fetchuser')->to('api-api#post_fetchuser');
$api->post('/user-history')->to('api-user#post_user_history');
$api->post('/stats')->to('api-stats#post_index');
$api->post('/stats/leaderboard')->to('api-stats#post_leaderboards');

59
lib/Pear/LocalLoop/Controller/Api/Api.pm
View file

@ -1,59 +0,0 @@
package Pear::LocalLoop::Controller::Api::Api;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
sub post_edit {
my $self = shift;
my $json = $self->req->json;
my $account = $self->get_account_by_username( $json->{username} );
unless ( defined $account ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username not recognised, has your token expired?',
});
# PLUG SECURITY HOLE
} elsif ( $account->{keyused} ne 't' ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token has not been used yet!',
});
}
my $insert = $self->db->prepare("UPDATE accounts SET fullname = ?, postcode = ?, age = ?, gender = ?, WHERE username = ?");
$insert->execute(
@{$json}{ qw/ fullname postcode age gender / }, $account->{username},
);
$self->render( json => { success => Mojo::JSON->true } );
}
sub post_fetchuser {
my $self = shift;
my $json = $self->req->json;
my $account = $self->get_account_by_username( $json->{username} );
unless ( defined $account ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username not recognised, has your token expired?',
});
# PLUG SECURITY HOLE
} elsif ( $account->{keyused} ne 't' ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token has not been used yet!',
});
}
# Add stuff to send back to user below here!
$self->render( json => {
success => Mojo::JSON->true,
});
}
1;

10
lib/Pear/LocalLoop/Controller/Api/Auth.pm
View file

@ -79,10 +79,20 @@ sub post_login {
if ( defined $user_result ) {
if ( $user_result->check_password($password) ) {
my $session_key = $user_result->generate_session;
my $display_name;
if ( defined $user_result->customer_id ) {
$display_name = $user_result->customer->display_name;
} elsif ( defined $user_result->organisation_id ) {
$display_name = $user_result->organisation->name;
} else {
return undef;
}
return $c->render( json => {
success => Mojo::JSON->true,
session_key => $session_key,
display_name => $display_name,
});
}
}

144
lib/Pear/LocalLoop/Controller/Api/User.pm
View file

@ -7,6 +7,32 @@ has error_messages => sub {
day => {
is_iso_datetime => { message => 'Invalid ISO8601 Datetime', status => 400 },
},
name => {
required => { message => 'No name sent or was blank.', status => 400 },
},
display_name => {
required => { message => 'No display name sent or was blank.', status => 400 },
},
full_name => {
required => { message => 'No full name sent or was blank.', status => 400 },
},
email => {
required => { message => 'No email sent.', status => 400 },
email => { message => 'Email is invalid.', status => 400 },
},
postcode => {
required => { message => 'No postcode sent.', status => 400 },
postcode => { message => 'Postcode is invalid', status => 400 },
},
password => {
required => { message => 'No password sent.', status => 400 },
},
street_name => {
required => { message => 'No street_name sent.', status => 400 },
},
town => {
required => { message => 'No town sent.', status => 400 },
},
};
};
@ -26,4 +52,122 @@ sub post_day {
});
}
sub post_account {
my $c = shift;
my $user = $c->stash->{api_user};
my $user_result = $c->schema->resultset('User')->find({ id => $c->stash->{api_user}->id });
if ( defined $user_result ) {
my $email = $user_result->email;
my $full_name;
my $display_name;
my $postcode;
#Needs elsif added for trader page for this similar relevant entry
if ( defined $user_result->customer_id ) {
$full_name = $user_result->customer->full_name;
$display_name = $user_result->customer->display_name;
$postcode = $user_result->customer->postcode;
} elsif ( defined $user_result->organisation_id ) {
$display_name = $user_result->organisation->name;
} else {
return undef;
}
return $c->render( json => {
success => Mojo::JSON->true,
full_name => $full_name,
display_name => $display_name,
email => $email,
postcode => $postcode,
});
}
return $c->render(
json => {
success => Mojo::JSON->false,
message => 'Email or password is invalid.',
},
status => 401
);
}
sub post_account_update {
my $c = shift;
my $user = $c->stash->{api_user};
my $validation = $c->validation;
$validation->input( $c->stash->{api_json} );
$validation->required('password');
return $c->api_validation_error if $validation->has_error;
if ( ! $user->check_password($validation->param('password')) ) {
return $c->render(
json => {
success => Mojo::JSON->false,
message => 'password is invalid.',
},
status => 401
);
}
my $user_rs = $c->schema->resultset('User')->search({
id => { "!=" => $user->id },
});
$validation->required('email')->not_in_resultset( 'email', $user_rs );
$validation->required('postcode')->postcode;
$validation->optional('new_password');
if ( defined $user->customer_id ) {
$validation->required('display_name');
$validation->required('full_name');
} elsif ( defined $user->customer_id ) {
$validation->required('name');
$validation->required('street_name');
$validation->required('town');
}
return $c->api_validation_error if $validation->has_error;
if ( defined $user->customer_id ){
$c->schema->txn_do( sub {
$user->customer->update({
full_name => $validation->param('full_name'),
display_name => $validation->param('display_name'),
postcode => $validation->param('postcode'),
});
$user->update({
email => $validation->param('email'),
( defined $validation->param('new_password') ? ( password => $validation->param('new_password') ) : () ),
});
});
}
elsif ( defined $user->organisation_id ) {
my $fullAddress = $validation->param('fulladdress');
$c->schema->txn_do( sub {
$user->organisation->update({
name => $validation->param('name'),
street_name => $validation->param('street_name'),
town => $validation->param('town'),
postcode => $validation->param('postcode'),
});
$user->update({
email => $validation->param('email'),
( defined $validation->param('new_password') ? ( password => $validation->param('new_password') ) : () ),
});
});
}
return $c->render( json => {
success => Mojo::JSON->true,
message => 'Edited Account Successfully',
});
}
1;

84
t/api/user.t
View file

@ -20,7 +20,7 @@ $schema->resultset('AccountToken')->create({
$framework->register_customer({
'token' => $account_token,
'full_name' => 'Test User',
'display_name' => 'Test User',
'display_name' => 'Testing User',
'email' => $email,
'postcode' => 'LA1 1AA',
'password' => $password,
@ -34,7 +34,7 @@ my $session_key = $framework->login({
my $json_no_date = { session_key => $session_key };
$t->post_ok('/api/user/day', json => $json_no_date)
->status_is(200)
->status_is(200)->or($framework->dump_error)
->json_is('/success', Mojo::JSON->true);
my $json_invalid_date = {
@ -54,4 +54,84 @@ $t->post_ok('/api/user/day', json => $json_valid_date)
->status_is(200)->or($framework->dump_error)
->json_is('/success', Mojo::JSON->true);
$t->post_ok('/api/user', json => { session_key => $session_key })
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
full_name => 'Test User',
display_name => 'Testing User',
email => $email,
postcode => 'LA1 1AA',
});
#with wrong password
$t->post_ok('/api/user/account', json => {
session_key => $session_key,
full_name => 'Test User 2',
display_name => 'Testing User 2',
email => 'test50@example.com',
postcode => 'LA1 1AB',
password => 'abc12431',
})
->status_is(401)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->false,
message => 'password is invalid.',
});
# With valid details
$t->post_ok('/api/user/account', json => {
session_key => $session_key,
full_name => 'Test User 2',
display_name => 'Testing User 2',
email => 'test50@example.com',
postcode => 'LA1 1AB',
password => $password,
})
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
message => 'Edited Account Successfully',
});
$t->post_ok('/api/user', json => { session_key => $session_key })
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
full_name => 'Test User 2',
display_name => 'Testing User 2',
email => 'test50@example.com',
postcode => 'LA1 1AB',
});
$t->post_ok('/api/user/account', json => {
session_key => $session_key,
full_name => 'Test User 3',
display_name => 'Testing User 3',
email => 'test60@example.com',
postcode => 'LA1 1AD',
password => $password,
new_password => 'abc124',
})
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
message => 'Edited Account Successfully',
});
$t->post_ok('/api/user', json => { session_key => $session_key })
->status_is(200)->or($framework->dump_error)
->json_is({
success => Mojo::JSON->true,
full_name => 'Test User 3',
display_name => 'Testing User 3',
email => 'test60@example.com',
postcode => 'LA1 1AD',
});
$session_key = $framework->login({
email => 'test60@example.com',
password => 'abc124',
});
done_testing;