From a89a2dbf464aa23cc51c9d031079fd8e7dd6a2fb Mon Sep 17 00:00:00 2001 From: Tykayn Date: Wed, 24 Feb 2021 10:57:56 +0100 Subject: [PATCH] route for protected pass --- src/Controller/api/PollController.php | 88 +++++++++++++++++---------- 1 file changed, 55 insertions(+), 33 deletions(-) diff --git a/src/Controller/api/PollController.php b/src/Controller/api/PollController.php index fd21d20..70e926c 100644 --- a/src/Controller/api/PollController.php +++ b/src/Controller/api/PollController.php @@ -44,6 +44,17 @@ class PollController extends FramadateController { ] ); } + /** + * @param $id + * message when the poll is not found + * @return JsonResponse + */ + public function notFoundPoll($id){ + return $this->json( [ + 'message' => $id . ' : poll not found', + ], + 404 ); + } /** * get a poll config by its custom URL, we do not want polls to be reachable by their numeric id * @Get( @@ -66,10 +77,7 @@ class PollController extends FramadateController { $poll = $repository->findOneByCustomUrl( $id ); if ( ! $poll ) { - return $this->json( [ - 'message' => $id . ' : poll not found', - ], - 404 ); + return $this->notFoundPoll($id); } $comments = $poll->getComments(); @@ -84,43 +92,20 @@ class PollController extends FramadateController { 'stacks' => $poll->getStacksOfVotes(), 'choices_count' => $poll->computeAnswers(), 'choices' => $poll->getChoices(), -// 'comments' => $comments, + 'comments' => $comments, 'comments_count' => count( $comments ), ]; - - $data = $request->getContent(); - $passwordProvided = false; - if(is_array($data) && $data[ 'password_input' ] !== null){ - $passwordProvided = $data[ 'password_input' ]; - } /** * password protected content */ if ( $pass ) { + // no password possibly given by this route + return $this->json( [ + 'message' => 'this is protected by a password,but you did not provide the encoded password parameter, and you should feel bad. ' , + ], + 403 ); - if(!$passwordProvided){ - var_dump($data); - // no password given - return $this->json( [ - 'message' => 'this is protected by a password,but you did not provide the password_input parameter, and you should feel bad ' , - 'data' => $data - ], - 403 ); - } - elseif ( $pass === md5( $passwordProvided ) ) { - // good matching pass - return $this->returnPollData( $poll, $serializer ); - } else { - // wrong pass - $data = json_decode( $data, true ); - - return $this->json( [ - 'message' => 'this is protected by a password, your password "' . $serializer->serialize($data[ 'password_input' ], 'json') . '" is wrong, and you should feel bad', - 'data' => null, - ], - 403 ); - } } else { // free access to poll return $this->returnPollData( $poll, $serializer ); @@ -128,6 +113,43 @@ class PollController extends FramadateController { } + /** + * get a poll config by its custom URL, we do not want polls to be reachable by their numeric id + * @Get( + * path = "/{id}/pass/{md5}", + * name = "get_protected_poll", + * requirements = {"id"="\w+"} + * ) + * + * @param SerializerInterface $serializer + * @param Request $request + * + * @return JsonResponse|Response + */ + function getProtectedPoll($id,$md5, SerializerInterface $serializer){ + $repository = $this->getDoctrine()->getRepository( Poll::class ); + $poll = $repository->findOneByCustomUrl( $id ); + + if ( ! $poll ) { + return $this->notFoundPoll($id); + } + + if ( $poll->getPassword() === $md5 ) { + // good matching pass + return $this->returnPollData( $poll, $serializer ); + } else { + // wrong pass + return $this->json( [ + 'message' => 'this is protected by a password, your password "' . $md5 . '" is wrong, and you should feel bad', + 'md5' => md5($md5), + 'data' => null, + ], + 403 ); + } + + + } + function returnPollData( $poll, $serializer ) { $jsonResponse = $serializer->serialize( $poll, 'json' );