Browse Source

separation of concerns in user and guest login

master
o.moresis 1 year ago
parent
commit
dd9c9233ea
  1. 128
      src/Controllers/AuthController.php
  2. 15
      src/Controllers/TestController.php
  3. 2
      src/Routing/RouteDispatcher.php
  4. 3
      src/Routing/routes.php
  5. 4
      src/Views/login.php

128
src/Controllers/AuthController.php

@ -12,78 +12,105 @@ class AuthController {
$view->render('login', []); $view->render('login', []);
} }
public function signin() { public function userSignin() {
$user_id = '';
// Prevent invalid email input
$email = $_POST['username'];
$password = $_POST['password'];
if (!valid_email($email)) {
header('HTTP/1.1 422 Unprocessable Entity');
header('Location: login');
exit(422);
}
$api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'";
$user_id = PgSql::getCol($sql);
if (!empty($user_id)) {
$res = $api->getUser($user_id);
$sql_groups = "SELECT group_id FROM webapp.users u
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id
WHERE geo_id = '${user_id}'";
$user_groups = Pgsql::getColValues($sql_groups);
$sql_name = "SELECT fname FROM webapp.users u
WHERE geo_id = '${user_id}'";
$user_name = PgSql::getCol($sql_name);
if ($res !== FALSE) {
foreach($res->users as $entry) {
// if user id exists in geoserver
if ($entry->userName == $user_id) {
// STORE ROLE HERE IN SESSION USING API
$role = $api->getRole($user_id);
$_SESSION['user_id'] = $user_id;
$_SESSION['user_groups'] = $user_groups;
$_SESSION['user_name'] = $user_name;
header('Location: /');
exit(0);
}
}
} else {
header('HTTP/1.1 403 Forbidden');
header('Refresh: 2; URL = index.php');
exit(403);
}
} else {
echo 'No such user in geoserver';
header('HTTP/1.1 403 Forbidden');
header('Refresh: 2; URL = index.php');
exit(403);
}
}
public function guestSignin() {
header('Location: /');
// Prevent invalid email input // Prevent invalid email input
$email = $_POST['username']; $email = $_POST['username'];
if (!valid_email($email)) { if (!valid_email($email)) {
header('HTTP/1.1 422 Unprocessable Entity'); header('HTTP/1.1 422 Unprocessable Entity');
header('Location: login'); header('Location: login');
/* header('Refresh: 1; URL = index.php'); */ exit(422);
die();
} }
$api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and origin <> 'GUEST'";
$user_id = PgSql::getCol($sql);
// if the query result is not empty then the user is already registered
if (!empty($user_id)) {
echo "user {$email} is registered. Login as a registered user!";
header('HTTP/1.1 400 Bad Request');
exit(400);
}
// Handle guest login // Handle guest login
if (!isset($_POST['password'])) { if (isset($_POST['username'])) {
$_SESSION['user_groups'] = [1]; $_SESSION['user_groups'] = [1];
$_SESSION['user_name'] = "Guest"; $_SESSION['user_name'] = "Guest";
$_SESSION['user_id'] = self::insertGuestUser($email); $_SESSION['user_id'] = self::insertGuestUser($email);
/* header('HTTP/1.1 302 Found'); */
header('HTTP/1.1 302 Found');
header('Location: /'); header('Location: /');
return TRUE; exit(0);
} else { // handle user login } else { // handle user login
$email = $_POST['username']; header('HTTP/1.1 500 Server error');
$password = $_POST['password']; exit(500);
}
$api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}'";
$user_id = PgSql::getCol($sql);
if ($user_id) {
$res = $api->getUser($user_id);
$sql_groups = "SELECT group_id FROM webapp.users u
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id
WHERE geo_id = '${user_id}'";
$user_groups = Pgsql::getColValues($sql_groups);
$sql_name = "SELECT fname FROM webapp.users u
WHERE geo_id = '${user_id}'";
$user_name = PgSql::getCol($sql_name);
if ($res !== FALSE) {
foreach($res->users as $entry) {
// if user id exists in geoserver
if ($entry->userName == $user_id) {
// STORE ROLE HERE IN SESSION USING API
$role = $api->getRole($user_id);
$_SESSION['user_id'] = $user_id;
$_SESSION['user_groups'] = $user_groups;
$_SESSION['user_name'] = $user_name;
header('Location: /');
}
}
} else {
header('HTTP/1.1 403 Forbidden');
/* header('Refresh: 2; URL = index.php'); */
die();
}
} else {
echo 'No such user in geoserver';
header('HTTP/1.1 403 Forbidden');
/* header('Refresh: 2; URL = index.php'); */
die();
} }
} }
public function logout() { public function logout() {
/* session_start(); */ session_start();
session_destroy(); session_destroy();
unset($_SESSION); unset($_SESSION);
/* $_SESSION = array(); */ $_SESSION = array();
header("Location: login"); header("Location: login");
exit(); exit();
/* header('Refresh: 2; URL = index.php'); */ header('Refresh: 2; URL = index.php');
} }
@ -94,6 +121,7 @@ class AuthController {
ON CONFLICT (email) DO UPDATE ON CONFLICT (email) DO UPDATE
SET geo_id = EXCLUDED.geo_id, SET geo_id = EXCLUDED.geo_id,
last_login = now()"; last_login = now()";
return json_decode(PgSql::insert($sql, 'geo_id'))->geo_id; return json_decode(PgSql::insert($sql, 'geo_id'))->geo_id;
} }
} }

15
src/Controllers/TestController.php

@ -0,0 +1,15 @@
<?php
namespace MSFD\Controllers;
use MSFD\Services\PgSql;
class TestController {
public function testFunction() {
error_log("guest signin");
}
}

2
src/Routing/RouteDispatcher.php

@ -36,7 +36,7 @@ class RouteDispatcher
} }
protected static function sessionCheck($route) { protected static function sessionCheck($route) {
if (!isset($_SESSION['user_id']) && !($route['name'] === 'login' || $route['name'] === 'signin')) { if (!isset($_SESSION['user_id']) && !($route['name'] === 'login' || $route['name'] === 'usersignin' || $route['name'] === 'guestsignin')) {
$route['target'] = "MSFD\Controllers\AuthController@index"; $route['target'] = "MSFD\Controllers\AuthController@index";
return $route; return $route;

3
src/Routing/routes.php

@ -10,7 +10,8 @@ $router = new AltoRouter();
*/ */
$router->map('GET', '/', 'MSFD\Controllers\HomeController@index', 'home'); $router->map('GET', '/', 'MSFD\Controllers\HomeController@index', 'home');
$router->map('GET', '/login', 'MSFD\Controllers\AuthController@index', 'login'); $router->map('GET', '/login', 'MSFD\Controllers\AuthController@index', 'login');
$router->map('POST', '/login', 'MSFD\Controllers\AuthController@signin', 'signin'); $router->map('POST', '/userlogin', 'MSFD\Controllers\AuthController@userSignin', 'usersignin');
$router->map('POST', '/guestlogin', 'MSFD\Controllers\AuthController@guestSignin', 'guestsignin');
$router->map('GET', '/logout', 'MSFD\Controllers\AuthController@logout', 'logout'); $router->map('GET', '/logout', 'MSFD\Controllers\AuthController@logout', 'logout');
$router->map('GET', '/fetch_request_list', 'MSFD\Controllers\DataController@fetch', 'fetch'); $router->map('GET', '/fetch_request_list', 'MSFD\Controllers\DataController@fetch', 'fetch');

4
src/Views/login.php

@ -17,7 +17,7 @@
</div> </div>
</section> </section>
<section class="is-align-self-center p-2"> <section class="is-align-self-center p-2">
<form action="/login" method = "post"> <form action="/userlogin" method="post">
<h5>Enter as a registered user</h5> <h5>Enter as a registered user</h5>
<div class="field"> <div class="field">
<div class="control"> <div class="control">
@ -33,7 +33,7 @@
</form> </form>
<p class="has-text-centered m-3">OR</p> <p class="has-text-centered m-3">OR</p>
<h5>Enter as guest</h5> <h5>Enter as guest</h5>
<form action="/login" method = "post" class="is-justify-content-center"> <form action="/guestlogin" method="post" class="is-justify-content-center">
<div class="field"> <div class="field">
<div class="control"> <div class="control">
<input class="input is-large" name="username" type="email" placeholder="Email" autofocus=""> <input class="input is-large" name="username" type="email" placeholder="Email" autofocus="">

Loading…
Cancel
Save