route for protected pass

src/Controller/api/PollController.php

@@ -44,6 +44,17 @@ class PollController extends FramadateController {
 		] );
 	}
 
+	/**
+	 * @param $id
+	 * message when the poll is not found
+	 * @return JsonResponse
+	 */
+	public function notFoundPoll($id){
+		return $this->json( [
+			'message' => $id . ' : poll not found',
+		],
+			404 );
+	}
 	/**
 	 * get a poll config by its custom URL, we do not want polls to be reachable by their numeric id
 	 * @Get(
@@ -66,10 +77,7 @@ class PollController extends FramadateController {
 		$poll       = $repository->findOneByCustomUrl( $id );
 
 		if ( ! $poll ) {
-			return $this->json( [
-				'message' => $id . ' : poll not found',
-			],
-				404 );
+			return $this->notFoundPoll($id);
 		}
 
 		$comments = $poll->getComments();
@@ -84,43 +92,20 @@ class PollController extends FramadateController {
 			'stacks'             => $poll->getStacksOfVotes(),
 			'choices_count'      => $poll->computeAnswers(),
 			'choices'            => $poll->getChoices(),
-//			'comments'       => $comments,
+			'comments'       => $comments,
 			'comments_count'     => count( $comments ),
 		];
 
-
-		$data = $request->getContent();
-		$passwordProvided = false;
-		if(is_array($data) && $data[ 'password_input' ] !== null){
-			$passwordProvided = $data[ 'password_input' ];
-		}
 		/**
 		 * password protected content
 		 */
 		if ( $pass ) {
+			// no password possibly given by this route
+			return $this->json( [
+				'message' => 'this is protected by a password,but you did not provide the encoded password parameter, and you should feel bad. ' ,
+			],
+				403 );
 
-			if(!$passwordProvided){
-				var_dump($data);
-				// no password given
-				return $this->json( [
-					'message' => 'this is protected by a password,but you did not provide the password_input parameter, and you should feel bad ' ,
-					'data' => $data
-				],
-					403 );
-			}
-			elseif (  $pass === md5( $passwordProvided ) ) {
-				// good matching pass
-				return $this->returnPollData( $poll, $serializer );
-			} else {
-				// wrong pass
-				$data = json_decode( $data, true );
-
-				return $this->json( [
-					'message' => 'this is protected by a password, your password "' . $serializer->serialize($data[ 'password_input' ], 'json') . '" is wrong, and you should feel bad',
-					'data'    => null,
-				],
-					403 );
-			}
 		} else {
 			// free access to poll
 			return $this->returnPollData( $poll, $serializer );
@@ -128,6 +113,43 @@ class PollController extends FramadateController {
 
 	}
 
+	/**
+	 * get a poll config by its custom URL, we do not want polls to be reachable by their numeric id
+	 * @Get(
+	 *     path = "/{id}/pass/{md5}",
+	 *     name = "get_protected_poll",
+	 *     requirements = {"id"="\w+"}
+	 * )
+	 *
+	 * @param SerializerInterface $serializer
+	 * @param Request $request
+	 *
+	 * @return JsonResponse|Response
+	 */
+	function getProtectedPoll($id,$md5, SerializerInterface $serializer){
+		$repository = $this->getDoctrine()->getRepository( Poll::class );
+		$poll       = $repository->findOneByCustomUrl( $id );
+
+		if ( ! $poll ) {
+			return $this->notFoundPoll($id);
+		}
+
+		if (  $poll->getPassword() === $md5 ) {
+			// good matching pass
+			return $this->returnPollData( $poll, $serializer );
+		} else {
+			// wrong pass
+			return $this->json( [
+				'message' => 'this is protected by a password, your password "' . $md5 . '" is wrong, and you should feel bad',
+				'md5' => md5($md5),
+				'data'    => null,
+			],
+				403 );
+		}
+
+
+	}
+
 	function returnPollData( $poll, $serializer ) {
 		$jsonResponse = $serializer->serialize( $poll, 'json' );