|
@@ -7558,48 +7558,80 @@ namespace Tqdev\PhpCrudApi\Middleware {
|
7558
|
7558
|
}
|
7559
|
7559
|
$path = RequestUtils::getPathSegment($request, 1);
|
7560
|
7560
|
$method = $request->getMethod();
|
7561
|
|
- if ($method == 'POST' && in_array($path, ['login', 'register'])) {
|
|
7561
|
+ if ($method == 'POST' && in_array($path, ['login', 'register', 'password'])) {
|
7562
|
7562
|
$body = $request->getParsedBody();
|
7563
|
7563
|
$username = isset($body->username) ? $body->username : '';
|
7564
|
7564
|
$password = isset($body->password) ? $body->password : '';
|
|
7565
|
+ $newPassword = isset($body->newPassword) ? $body->newPassword : '';
|
7565
|
7566
|
$tableName = $this->getProperty('usersTable', 'users');
|
7566
|
7567
|
$table = $this->reflection->getTable($tableName);
|
7567
|
7568
|
$usernameColumnName = $this->getProperty('usernameColumn', 'username');
|
7568
|
7569
|
$usernameColumn = $table->getColumn($usernameColumnName);
|
7569
|
7570
|
$passwordColumnName = $this->getProperty('passwordColumn', 'password');
|
7570
|
|
- $passwordColumn = $table->getColumn($passwordColumnName);
|
|
7571
|
+ $pkName = $table->getPk()->getName();
|
7571
|
7572
|
$registerUser = $this->getProperty('registerUser', '');
|
|
7573
|
+ $condition = new ColumnCondition($usernameColumn, 'eq', $username);
|
|
7574
|
+ $returnedColumns = $this->getProperty('returnedColumns', '');
|
|
7575
|
+ if (!$returnedColumns) {
|
|
7576
|
+ $columnNames = $table->getColumnNames();
|
|
7577
|
+ } else {
|
|
7578
|
+ $columnNames = array_map('trim', explode(',', $returnedColumns));
|
|
7579
|
+ $columnNames[] = $passwordColumnName;
|
|
7580
|
+ $columnNames[] = $pkName;
|
|
7581
|
+ }
|
|
7582
|
+ $columnOrdering = $this->ordering->getDefaultColumnOrdering($table);
|
7572
|
7583
|
if ($path == 'register') {
|
7573
|
7584
|
if (!$registerUser) {
|
7574
|
7585
|
return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
|
7575
|
7586
|
}
|
|
7587
|
+ $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
|
|
7588
|
+ if (!empty($users)) {
|
|
7589
|
+ return $this->responder->error(ErrorCode::USER_ALREADY_EXIST, $username);
|
|
7590
|
+ }
|
7576
|
7591
|
$data = json_decode($registerUser, true);
|
7577
|
7592
|
$data = is_array($data) ? $data : [];
|
7578
|
7593
|
$data[$usernameColumnName] = $username;
|
7579
|
7594
|
$data[$passwordColumnName] = password_hash($password, PASSWORD_DEFAULT);
|
7580
|
7595
|
$this->db->createSingle($table, $data);
|
|
7596
|
+ $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
|
|
7597
|
+ foreach ($users as $user) {
|
|
7598
|
+ unset($user[$passwordColumnName]);
|
|
7599
|
+ return $this->responder->success($user);
|
|
7600
|
+ }
|
|
7601
|
+ return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
|
7581
|
7602
|
}
|
7582
|
|
- $condition = new ColumnCondition($usernameColumn, 'eq', $username);
|
7583
|
|
- $returnedColumns = $this->getProperty('returnedColumns', '');
|
7584
|
|
- if (!$returnedColumns) {
|
7585
|
|
- $columnNames = $table->getColumnNames();
|
7586
|
|
- } else {
|
7587
|
|
- $columnNames = array_map('trim', explode(',', $returnedColumns));
|
7588
|
|
- $columnNames[] = $passwordColumnName;
|
|
7603
|
+ if ($path == 'login') {
|
|
7604
|
+ $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
|
|
7605
|
+ foreach ($users as $user) {
|
|
7606
|
+ if (password_verify($password, $user[$passwordColumnName]) == 1) {
|
|
7607
|
+ if (!headers_sent()) {
|
|
7608
|
+ session_regenerate_id(true);
|
|
7609
|
+ }
|
|
7610
|
+ unset($user[$passwordColumnName]);
|
|
7611
|
+ $_SESSION['user'] = $user;
|
|
7612
|
+ return $this->responder->success($user);
|
|
7613
|
+ }
|
|
7614
|
+ }
|
|
7615
|
+ return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
|
7589
|
7616
|
}
|
7590
|
|
- $columnOrdering = $this->ordering->getDefaultColumnOrdering($table);
|
7591
|
|
- $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
|
7592
|
|
- foreach ($users as $user) {
|
7593
|
|
- if (password_verify($password, $user[$passwordColumnName]) == 1) {
|
7594
|
|
- if (!headers_sent()) {
|
7595
|
|
- session_regenerate_id(true);
|
|
7617
|
+ if ($path == 'password') {
|
|
7618
|
+ if ($username != ($_SESSION['user'][$usernameColumnName] ?? '')) {
|
|
7619
|
+ return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
|
|
7620
|
+ }
|
|
7621
|
+ $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
|
|
7622
|
+ foreach ($users as $user) {
|
|
7623
|
+ if (password_verify($password, $user[$passwordColumnName]) == 1) {
|
|
7624
|
+ if (!headers_sent()) {
|
|
7625
|
+ session_regenerate_id(true);
|
|
7626
|
+ }
|
|
7627
|
+ $data = [$passwordColumnName => password_hash($newPassword, PASSWORD_DEFAULT)];
|
|
7628
|
+ $this->db->updateSingle($table, $data, $user[$pkName]);
|
|
7629
|
+ unset($user[$passwordColumnName]);
|
|
7630
|
+ return $this->responder->success($user);
|
7596
|
7631
|
}
|
7597
|
|
- unset($user[$passwordColumnName]);
|
7598
|
|
- $_SESSION['user'] = $user;
|
7599
|
|
- return $this->responder->success($user);
|
7600
|
7632
|
}
|
|
7633
|
+ return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
|
7601
|
7634
|
}
|
7602
|
|
- return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
|
7603
|
7635
|
}
|
7604
|
7636
|
if ($method == 'POST' && $path == 'logout') {
|
7605
|
7637
|
if (isset($_SESSION['user'])) {
|
|
@@ -9929,6 +9961,7 @@ namespace Tqdev\PhpCrudApi\Record {
|
9929
|
9961
|
const BAD_OR_MISSING_XSRF_TOKEN = 1017;
|
9930
|
9962
|
const ONLY_AJAX_REQUESTS_ALLOWED = 1018;
|
9931
|
9963
|
const PAGINATION_FORBIDDEN = 1019;
|
|
9964
|
+ const USER_ALREADY_EXIST = 1020;
|
9932
|
9965
|
|
9933
|
9966
|
private $values = [
|
9934
|
9967
|
9999 => ["%s", ResponseFactory::INTERNAL_SERVER_ERROR],
|
|
@@ -9952,6 +9985,7 @@ namespace Tqdev\PhpCrudApi\Record {
|
9952
|
9985
|
1017 => ["Bad or missing XSRF token", ResponseFactory::FORBIDDEN],
|
9953
|
9986
|
1018 => ["Only AJAX requests allowed for '%s'", ResponseFactory::FORBIDDEN],
|
9954
|
9987
|
1019 => ["Pagination forbidden", ResponseFactory::FORBIDDEN],
|
|
9988
|
+ 1020 => ["User '%s' already exists", ResponseFactory::CONFLICT],
|
9955
|
9989
|
];
|
9956
|
9990
|
|
9957
|
9991
|
public function __construct(int $code)
|