Browse Source

separation of concerns in user and guest login

master
o.moresis 1 year ago
parent
commit
dd9c9233ea
  1. 128
      src/Controllers/AuthController.php
  2. 15
      src/Controllers/TestController.php
  3. 2
      src/Routing/RouteDispatcher.php
  4. 3
      src/Routing/routes.php
  5. 4
      src/Views/login.php

128
src/Controllers/AuthController.php

@ -12,78 +12,105 @@ class AuthController { @@ -12,78 +12,105 @@ class AuthController {
$view->render('login', []);
}
public function signin() {
public function userSignin() {
$user_id = '';
// Prevent invalid email input
$email = $_POST['username'];
$password = $_POST['password'];
if (!valid_email($email)) {
header('HTTP/1.1 422 Unprocessable Entity');
header('Location: login');
exit(422);
}
$api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'";
$user_id = PgSql::getCol($sql);
if (!empty($user_id)) {
$res = $api->getUser($user_id);
$sql_groups = "SELECT group_id FROM webapp.users u
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id
WHERE geo_id = '${user_id}'";
$user_groups = Pgsql::getColValues($sql_groups);
$sql_name = "SELECT fname FROM webapp.users u
WHERE geo_id = '${user_id}'";
$user_name = PgSql::getCol($sql_name);
if ($res !== FALSE) {
foreach($res->users as $entry) {
// if user id exists in geoserver
if ($entry->userName == $user_id) {
// STORE ROLE HERE IN SESSION USING API
$role = $api->getRole($user_id);
$_SESSION['user_id'] = $user_id;
$_SESSION['user_groups'] = $user_groups;
$_SESSION['user_name'] = $user_name;
header('Location: /');
exit(0);
}
}
} else {
header('HTTP/1.1 403 Forbidden');
header('Refresh: 2; URL = index.php');
exit(403);
}
} else {
echo 'No such user in geoserver';
header('HTTP/1.1 403 Forbidden');
header('Refresh: 2; URL = index.php');
exit(403);
}
}
public function guestSignin() {
header('Location: /');
// Prevent invalid email input
$email = $_POST['username'];
if (!valid_email($email)) {
header('HTTP/1.1 422 Unprocessable Entity');
header('Location: login');
/* header('Refresh: 1; URL = index.php'); */
die();
exit(422);
}
$api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and origin <> 'GUEST'";
$user_id = PgSql::getCol($sql);
// if the query result is not empty then the user is already registered
if (!empty($user_id)) {
echo "user {$email} is registered. Login as a registered user!";
header('HTTP/1.1 400 Bad Request');
exit(400);
}
// Handle guest login
if (!isset($_POST['password'])) {
if (isset($_POST['username'])) {
$_SESSION['user_groups'] = [1];
$_SESSION['user_name'] = "Guest";
$_SESSION['user_id'] = self::insertGuestUser($email);
/* header('HTTP/1.1 302 Found'); */
header('HTTP/1.1 302 Found');
header('Location: /');
return TRUE;
exit(0);
} else { // handle user login
$email = $_POST['username'];
$password = $_POST['password'];
}
$api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}'";
$user_id = PgSql::getCol($sql);
if ($user_id) {
$res = $api->getUser($user_id);
$sql_groups = "SELECT group_id FROM webapp.users u
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id
WHERE geo_id = '${user_id}'";
$user_groups = Pgsql::getColValues($sql_groups);
$sql_name = "SELECT fname FROM webapp.users u
WHERE geo_id = '${user_id}'";
$user_name = PgSql::getCol($sql_name);
if ($res !== FALSE) {
foreach($res->users as $entry) {
// if user id exists in geoserver
if ($entry->userName == $user_id) {
// STORE ROLE HERE IN SESSION USING API
$role = $api->getRole($user_id);
$_SESSION['user_id'] = $user_id;
$_SESSION['user_groups'] = $user_groups;
$_SESSION['user_name'] = $user_name;
header('Location: /');
}
}
} else {
header('HTTP/1.1 403 Forbidden');
/* header('Refresh: 2; URL = index.php'); */
die();
}
} else {
echo 'No such user in geoserver';
header('HTTP/1.1 403 Forbidden');
/* header('Refresh: 2; URL = index.php'); */
die();
header('HTTP/1.1 500 Server error');
exit(500);
}
}
public function logout() {
/* session_start(); */
session_start();
session_destroy();
unset($_SESSION);
/* $_SESSION = array(); */
$_SESSION = array();
header("Location: login");
exit();
/* header('Refresh: 2; URL = index.php'); */
header('Refresh: 2; URL = index.php');
}
@ -94,6 +121,7 @@ class AuthController { @@ -94,6 +121,7 @@ class AuthController {
ON CONFLICT (email) DO UPDATE
SET geo_id = EXCLUDED.geo_id,
last_login = now()";
return json_decode(PgSql::insert($sql, 'geo_id'))->geo_id;
}
}

15
src/Controllers/TestController.php

@ -0,0 +1,15 @@ @@ -0,0 +1,15 @@
<?php
namespace MSFD\Controllers;
use MSFD\Services\PgSql;
class TestController {
public function testFunction() {
error_log("guest signin");
}
}

2
src/Routing/RouteDispatcher.php

@ -36,7 +36,7 @@ class RouteDispatcher @@ -36,7 +36,7 @@ class RouteDispatcher
}
protected static function sessionCheck($route) {
if (!isset($_SESSION['user_id']) && !($route['name'] === 'login' || $route['name'] === 'signin')) {
if (!isset($_SESSION['user_id']) && !($route['name'] === 'login' || $route['name'] === 'usersignin' || $route['name'] === 'guestsignin')) {
$route['target'] = "MSFD\Controllers\AuthController@index";
return $route;

3
src/Routing/routes.php

@ -10,7 +10,8 @@ $router = new AltoRouter(); @@ -10,7 +10,8 @@ $router = new AltoRouter();
*/
$router->map('GET', '/', 'MSFD\Controllers\HomeController@index', 'home');
$router->map('GET', '/login', 'MSFD\Controllers\AuthController@index', 'login');
$router->map('POST', '/login', 'MSFD\Controllers\AuthController@signin', 'signin');
$router->map('POST', '/userlogin', 'MSFD\Controllers\AuthController@userSignin', 'usersignin');
$router->map('POST', '/guestlogin', 'MSFD\Controllers\AuthController@guestSignin', 'guestsignin');
$router->map('GET', '/logout', 'MSFD\Controllers\AuthController@logout', 'logout');
$router->map('GET', '/fetch_request_list', 'MSFD\Controllers\DataController@fetch', 'fetch');

4
src/Views/login.php

@ -17,7 +17,7 @@ @@ -17,7 +17,7 @@
</div>
</section>
<section class="is-align-self-center p-2">
<form action="/login" method = "post">
<form action="/userlogin" method="post">
<h5>Enter as a registered user</h5>
<div class="field">
<div class="control">
@ -33,7 +33,7 @@ @@ -33,7 +33,7 @@
</form>
<p class="has-text-centered m-3">OR</p>
<h5>Enter as guest</h5>
<form action="/login" method = "post" class="is-justify-content-center">
<form action="/guestlogin" method="post" class="is-justify-content-center">
<div class="field">
<div class="control">
<input class="input is-large" name="username" type="email" placeholder="Email" autofocus="">

Loading…
Cancel
Save