1
0
mirror of https://framagit.org/tykayn/date-poll-api synced 2023-08-25 08:23:11 +02:00

route for protected pass

This commit is contained in:
Tykayn 2021-02-24 10:57:56 +01:00 committed by tykayn
parent f540c6a640
commit a89a2dbf46

View File

@ -44,6 +44,17 @@ class PollController extends FramadateController {
] );
}
/**
* @param $id
* message when the poll is not found
* @return JsonResponse
*/
public function notFoundPoll($id){
return $this->json( [
'message' => $id . ' : poll not found',
],
404 );
}
/**
* get a poll config by its custom URL, we do not want polls to be reachable by their numeric id
* @Get(
@ -66,10 +77,7 @@ class PollController extends FramadateController {
$poll = $repository->findOneByCustomUrl( $id );
if ( ! $poll ) {
return $this->json( [
'message' => $id . ' : poll not found',
],
404 );
return $this->notFoundPoll($id);
}
$comments = $poll->getComments();
@ -84,43 +92,20 @@ class PollController extends FramadateController {
'stacks' => $poll->getStacksOfVotes(),
'choices_count' => $poll->computeAnswers(),
'choices' => $poll->getChoices(),
// 'comments' => $comments,
'comments' => $comments,
'comments_count' => count( $comments ),
];
$data = $request->getContent();
$passwordProvided = false;
if(is_array($data) && $data[ 'password_input' ] !== null){
$passwordProvided = $data[ 'password_input' ];
}
/**
* password protected content
*/
if ( $pass ) {
// no password possibly given by this route
return $this->json( [
'message' => 'this is protected by a password,but you did not provide the encoded password parameter, and you should feel bad. ' ,
],
403 );
if(!$passwordProvided){
var_dump($data);
// no password given
return $this->json( [
'message' => 'this is protected by a password,but you did not provide the password_input parameter, and you should feel bad ' ,
'data' => $data
],
403 );
}
elseif ( $pass === md5( $passwordProvided ) ) {
// good matching pass
return $this->returnPollData( $poll, $serializer );
} else {
// wrong pass
$data = json_decode( $data, true );
return $this->json( [
'message' => 'this is protected by a password, your password "' . $serializer->serialize($data[ 'password_input' ], 'json') . '" is wrong, and you should feel bad',
'data' => null,
],
403 );
}
} else {
// free access to poll
return $this->returnPollData( $poll, $serializer );
@ -128,6 +113,43 @@ class PollController extends FramadateController {
}
/**
* get a poll config by its custom URL, we do not want polls to be reachable by their numeric id
* @Get(
* path = "/{id}/pass/{md5}",
* name = "get_protected_poll",
* requirements = {"id"="\w+"}
* )
*
* @param SerializerInterface $serializer
* @param Request $request
*
* @return JsonResponse|Response
*/
function getProtectedPoll($id,$md5, SerializerInterface $serializer){
$repository = $this->getDoctrine()->getRepository( Poll::class );
$poll = $repository->findOneByCustomUrl( $id );
if ( ! $poll ) {
return $this->notFoundPoll($id);
}
if ( $poll->getPassword() === $md5 ) {
// good matching pass
return $this->returnPollData( $poll, $serializer );
} else {
// wrong pass
return $this->json( [
'message' => 'this is protected by a password, your password "' . $md5 . '" is wrong, and you should feel bad',
'md5' => md5($md5),
'data' => null,
],
403 );
}
}
function returnPollData( $poll, $serializer ) {
$jsonResponse = $serializer->serialize( $poll, 'json' );