From dd9c9233ea26db67630889166dde85bdbe325748 Mon Sep 17 00:00:00 2001 From: Orestis Moresis Date: Mon, 25 Sep 2023 14:01:23 +0300 Subject: [PATCH] separation of concerns in user and guest login --- src/Controllers/AuthController.php | 128 ++++++++++++++++++----------- src/Controllers/TestController.php | 15 ++++ src/Routing/RouteDispatcher.php | 2 +- src/Routing/routes.php | 3 +- src/Views/login.php | 4 +- 5 files changed, 98 insertions(+), 54 deletions(-) create mode 100644 src/Controllers/TestController.php diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php index c96ad24..012248c 100644 --- a/src/Controllers/AuthController.php +++ b/src/Controllers/AuthController.php @@ -12,78 +12,105 @@ class AuthController { $view->render('login', []); } - public function signin() { + public function userSignin() { + $user_id = ''; + // Prevent invalid email input + $email = $_POST['username']; + $password = $_POST['password']; + if (!valid_email($email)) { + header('HTTP/1.1 422 Unprocessable Entity'); + header('Location: login'); + exit(422); + } + + $api = new GeoserverAPI(); + $sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'"; + $user_id = PgSql::getCol($sql); + + if (!empty($user_id)) { + $res = $api->getUser($user_id); + $sql_groups = "SELECT group_id FROM webapp.users u + JOIN webapp.users__groups ug ON u.geo_id = ug.user_id + WHERE geo_id = '${user_id}'"; + $user_groups = Pgsql::getColValues($sql_groups); + $sql_name = "SELECT fname FROM webapp.users u + WHERE geo_id = '${user_id}'"; + $user_name = PgSql::getCol($sql_name); + + if ($res !== FALSE) { + foreach($res->users as $entry) { + // if user id exists in geoserver + if ($entry->userName == $user_id) { + // STORE ROLE HERE IN SESSION USING API + $role = $api->getRole($user_id); + $_SESSION['user_id'] = $user_id; + $_SESSION['user_groups'] = $user_groups; + $_SESSION['user_name'] = $user_name; + + header('Location: /'); + exit(0); + } + } + } else { + header('HTTP/1.1 403 Forbidden'); + header('Refresh: 2; URL = index.php'); + exit(403); + } + } else { + echo 'No such user in geoserver'; + header('HTTP/1.1 403 Forbidden'); + header('Refresh: 2; URL = index.php'); + exit(403); + } + } + + + public function guestSignin() { + header('Location: /'); + // Prevent invalid email input $email = $_POST['username']; if (!valid_email($email)) { header('HTTP/1.1 422 Unprocessable Entity'); header('Location: login'); - /* header('Refresh: 1; URL = index.php'); */ - die(); + exit(422); } + $api = new GeoserverAPI(); + $sql = "select geo_id from webapp.users where email = '{$email}' and origin <> 'GUEST'"; + $user_id = PgSql::getCol($sql); + + // if the query result is not empty then the user is already registered + if (!empty($user_id)) { + echo "user {$email} is registered. Login as a registered user!"; + header('HTTP/1.1 400 Bad Request'); + exit(400); + } + // Handle guest login - if (!isset($_POST['password'])) { + if (isset($_POST['username'])) { $_SESSION['user_groups'] = [1]; $_SESSION['user_name'] = "Guest"; $_SESSION['user_id'] = self::insertGuestUser($email); - /* header('HTTP/1.1 302 Found'); */ + + header('HTTP/1.1 302 Found'); header('Location: /'); - return TRUE; + exit(0); } else { // handle user login - $email = $_POST['username']; - $password = $_POST['password']; - } - - $api = new GeoserverAPI(); - $sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}'"; - $user_id = PgSql::getCol($sql); - - if ($user_id) { - $res = $api->getUser($user_id); - $sql_groups = "SELECT group_id FROM webapp.users u - JOIN webapp.users__groups ug ON u.geo_id = ug.user_id - WHERE geo_id = '${user_id}'"; - $user_groups = Pgsql::getColValues($sql_groups); - $sql_name = "SELECT fname FROM webapp.users u - WHERE geo_id = '${user_id}'"; - $user_name = PgSql::getCol($sql_name); - - if ($res !== FALSE) { - foreach($res->users as $entry) { - // if user id exists in geoserver - if ($entry->userName == $user_id) { - // STORE ROLE HERE IN SESSION USING API - $role = $api->getRole($user_id); - $_SESSION['user_id'] = $user_id; - $_SESSION['user_groups'] = $user_groups; - $_SESSION['user_name'] = $user_name; - - header('Location: /'); - } - } - } else { - header('HTTP/1.1 403 Forbidden'); - /* header('Refresh: 2; URL = index.php'); */ - die(); - } - } else { - echo 'No such user in geoserver'; - header('HTTP/1.1 403 Forbidden'); - /* header('Refresh: 2; URL = index.php'); */ - die(); + header('HTTP/1.1 500 Server error'); + exit(500); } } public function logout() { - /* session_start(); */ + session_start(); session_destroy(); unset($_SESSION); - /* $_SESSION = array(); */ + $_SESSION = array(); header("Location: login"); exit(); - /* header('Refresh: 2; URL = index.php'); */ + header('Refresh: 2; URL = index.php'); } @@ -94,6 +121,7 @@ class AuthController { ON CONFLICT (email) DO UPDATE SET geo_id = EXCLUDED.geo_id, last_login = now()"; + return json_decode(PgSql::insert($sql, 'geo_id'))->geo_id; } } diff --git a/src/Controllers/TestController.php b/src/Controllers/TestController.php new file mode 100644 index 0000000..f8aad40 --- /dev/null +++ b/src/Controllers/TestController.php @@ -0,0 +1,15 @@ +map('GET', '/', 'MSFD\Controllers\HomeController@index', 'home'); $router->map('GET', '/login', 'MSFD\Controllers\AuthController@index', 'login'); -$router->map('POST', '/login', 'MSFD\Controllers\AuthController@signin', 'signin'); +$router->map('POST', '/userlogin', 'MSFD\Controllers\AuthController@userSignin', 'usersignin'); +$router->map('POST', '/guestlogin', 'MSFD\Controllers\AuthController@guestSignin', 'guestsignin'); $router->map('GET', '/logout', 'MSFD\Controllers\AuthController@logout', 'logout'); $router->map('GET', '/fetch_request_list', 'MSFD\Controllers\DataController@fetch', 'fetch'); diff --git a/src/Views/login.php b/src/Views/login.php index 87487ac..8847e67 100644 --- a/src/Views/login.php +++ b/src/Views/login.php @@ -17,7 +17,7 @@
-
+
Enter as a registered user
@@ -33,7 +33,7 @@

OR

Enter as guest
-
+