mirror of
https://framagit.org/tykayn/date-poll-api
synced 2023-08-25 08:23:11 +02:00
route for protected pass
This commit is contained in:
parent
f540c6a640
commit
a89a2dbf46
@ -44,6 +44,17 @@ class PollController extends FramadateController {
|
||||
] );
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $id
|
||||
* message when the poll is not found
|
||||
* @return JsonResponse
|
||||
*/
|
||||
public function notFoundPoll($id){
|
||||
return $this->json( [
|
||||
'message' => $id . ' : poll not found',
|
||||
],
|
||||
404 );
|
||||
}
|
||||
/**
|
||||
* get a poll config by its custom URL, we do not want polls to be reachable by their numeric id
|
||||
* @Get(
|
||||
@ -66,10 +77,7 @@ class PollController extends FramadateController {
|
||||
$poll = $repository->findOneByCustomUrl( $id );
|
||||
|
||||
if ( ! $poll ) {
|
||||
return $this->json( [
|
||||
'message' => $id . ' : poll not found',
|
||||
],
|
||||
404 );
|
||||
return $this->notFoundPoll($id);
|
||||
}
|
||||
|
||||
$comments = $poll->getComments();
|
||||
@ -84,43 +92,20 @@ class PollController extends FramadateController {
|
||||
'stacks' => $poll->getStacksOfVotes(),
|
||||
'choices_count' => $poll->computeAnswers(),
|
||||
'choices' => $poll->getChoices(),
|
||||
// 'comments' => $comments,
|
||||
'comments' => $comments,
|
||||
'comments_count' => count( $comments ),
|
||||
];
|
||||
|
||||
|
||||
$data = $request->getContent();
|
||||
$passwordProvided = false;
|
||||
if(is_array($data) && $data[ 'password_input' ] !== null){
|
||||
$passwordProvided = $data[ 'password_input' ];
|
||||
}
|
||||
/**
|
||||
* password protected content
|
||||
*/
|
||||
if ( $pass ) {
|
||||
|
||||
if(!$passwordProvided){
|
||||
var_dump($data);
|
||||
// no password given
|
||||
// no password possibly given by this route
|
||||
return $this->json( [
|
||||
'message' => 'this is protected by a password,but you did not provide the password_input parameter, and you should feel bad ' ,
|
||||
'data' => $data
|
||||
'message' => 'this is protected by a password,but you did not provide the encoded password parameter, and you should feel bad. ' ,
|
||||
],
|
||||
403 );
|
||||
}
|
||||
elseif ( $pass === md5( $passwordProvided ) ) {
|
||||
// good matching pass
|
||||
return $this->returnPollData( $poll, $serializer );
|
||||
} else {
|
||||
// wrong pass
|
||||
$data = json_decode( $data, true );
|
||||
|
||||
return $this->json( [
|
||||
'message' => 'this is protected by a password, your password "' . $serializer->serialize($data[ 'password_input' ], 'json') . '" is wrong, and you should feel bad',
|
||||
'data' => null,
|
||||
],
|
||||
403 );
|
||||
}
|
||||
} else {
|
||||
// free access to poll
|
||||
return $this->returnPollData( $poll, $serializer );
|
||||
@ -128,6 +113,43 @@ class PollController extends FramadateController {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* get a poll config by its custom URL, we do not want polls to be reachable by their numeric id
|
||||
* @Get(
|
||||
* path = "/{id}/pass/{md5}",
|
||||
* name = "get_protected_poll",
|
||||
* requirements = {"id"="\w+"}
|
||||
* )
|
||||
*
|
||||
* @param SerializerInterface $serializer
|
||||
* @param Request $request
|
||||
*
|
||||
* @return JsonResponse|Response
|
||||
*/
|
||||
function getProtectedPoll($id,$md5, SerializerInterface $serializer){
|
||||
$repository = $this->getDoctrine()->getRepository( Poll::class );
|
||||
$poll = $repository->findOneByCustomUrl( $id );
|
||||
|
||||
if ( ! $poll ) {
|
||||
return $this->notFoundPoll($id);
|
||||
}
|
||||
|
||||
if ( $poll->getPassword() === $md5 ) {
|
||||
// good matching pass
|
||||
return $this->returnPollData( $poll, $serializer );
|
||||
} else {
|
||||
// wrong pass
|
||||
return $this->json( [
|
||||
'message' => 'this is protected by a password, your password "' . $md5 . '" is wrong, and you should feel bad',
|
||||
'md5' => md5($md5),
|
||||
'data' => null,
|
||||
],
|
||||
403 );
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
function returnPollData( $poll, $serializer ) {
|
||||
$jsonResponse = $serializer->serialize( $poll, 'json' );
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user