public static function generate($customerId)
{
$tan = new Tan();
$tan->customerId = $customerId;
$tan->value = Helper::randomString(15);
return $tan;
}
public function register(Request $request)
{
$employeeRepository = $this->getEmployeeRepository();
$employee = new Employee();
//check for all request parameters
if (!isset($request->request['email']) || !isset($request->request['password']) || !isset($request->request['passwordRep']) || !isset($request->request['firstname']) || !isset($request->request['lastname'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_PARAMETER);
}
if (strcmp($request->request['password'], $request->request['passwordRep']) != 0) {
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEQUAL_PASSWORD_ERROR);
}
if (!Helper::checkPasswordConstraints($request->request['password'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::PASSWORD_REQUIREMENTS_ERROR);
}
$salt = Helper::randomString(5);
$password = $request->request['password'];
$hash = Helper::hashPassword($password, $salt);
//---- validation ---
$email = $request->request['email'];
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
if (!is_null($employeeRepository->getEmployeeByEmail($email)) || !is_null($this->getCustomerRepository()->getCustomerByEmail($email))) {
return new JsonResponse(array('success' => true));
}
$employee->email = $email;
} else {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_EMAIL);
}
$employee->firstname = filter_var($request->request['firstname'], FILTER_SANITIZE_STRING);
$employee->lastname = filter_var($request->request['lastname'], FILTER_SANITIZE_STRING);
if ($employeeRepository->createEmployeeAccount($employee, $salt, $hash)) {
return new JsonResponse(array('success' => true));
} else {
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEXPECTED_ERROR);
}
}
public function approveRegistration(Request $request, $customerId)
{
if (!isset($request->request['amount'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_PARAMETER);
}
$amount = $request->request['amount'];
if (!filter_var($amount, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => "/^\\d*(\$|\\.\\d\\d\$)/")))) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_AMOUNT);
}
$amount = floatval($amount);
$customerRepository = $this->getCustomerRepository();
$customer = $customerRepository->getCustomerById($customerId);
if (is_null($customer)) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_CUSTOMER_ID);
}
if ($customer->status == 'pending') {
$credentials = $customerRepository->getCustomerCredentials($customer);
if (is_null($credentials['scs_pin'])) {
$password = Helper::randomString(5);
$message = "Dear {$customer->firstname} {$customer->lastname}," . PHP_EOL . "your Account was successfully approved!" . "You can now login and make transactions with your tan list" . $password . PHP_EOL . PHP_EOL . "Best Regards," . PHP_EOL . "SitzBank";
$mail = Helper::getPhpMailer();
$mail->addAddress($customer->email, $customer->firstname . ' ' . $customer->lastname);
$mail->Subject = "Account approved!";
$mail->Body = $message;
if (!$mail->send()) {
return JsonErrorResponse::fromKey(JsonErrorResponse::MAIL_ERROR);
}
} else {
// using the scs generator
$message = "Dear {$customer->firstname} {$customer->lastname}," . PHP_EOL . "your Account was successfully approved! You chose to use the scs tan generator." . PHP_EOL . "You can download the generator in the logged in area (make a transfer section)." . PHP_EOL . "Your scs pin is " . $credentials['scs_pin'] . PHP_EOL . "Best Regards," . PHP_EOL . "SitzBank";
$mail = Helper::getPhpMailer();
$mail->addAddress($customer->email, $customer->firstname . ' ' . $customer->lastname);
$mail->Subject = "Welcome to Sitzbank!";
$mail->Body = $message;
if (!$mail->send()) {
return JsonErrorResponse::fromKey(JsonErrorResponse::MAIL_ERROR);
}
}
}
if ($customerRepository->approveRegistration($customerId)) {
if ($amount > 0) {
$transaction = Transaction::withData(1, $customer->id, $amount, "Initial Account Balance", 'approved');
$this->getTransactionRepository()->createTransaction($transaction);
}
return new JsonResponse(array('success' => true));
}
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEXPECTED_ERROR);
}
public function resetPassword(Request $request)
{
if (!isset($request->request['token']) || !isset($request->request['password']) || !isset($request->request['passwordRep'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_REQUEST_PARAMETER);
}
//Validate token
$token = filter_var($request->request['token'], FILTER_SANITIZE_STRING);
$customer = $this->getCustomerRepository()->getCustomerByPasswordResetToken($token);
if (is_null($customer)) {
return JsonErrorResponse::fromKey(JsonErrorResponse::INVALID_PW_RESET_TOKEN);
}
//Validate password
if (strcmp($request->request['password'], $request->request['passwordRep']) != 0) {
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEQUAL_PASSWORD_ERROR);
}
if (!Helper::checkPasswordConstraints($request->request['password'])) {
return JsonErrorResponse::fromKey(JsonErrorResponse::PASSWORD_REQUIREMENTS_ERROR);
}
$password = $request->request['password'];
$salt = Helper::randomString(5);
$hash = Helper::hashPassword($password, $salt);
if ($this->getCustomerRepository()->updateCustomerCredentials($customer, $salt, $hash)) {
$this->getCustomerRepository()->removePassworReset($customer->id);
return new JsonResponse(array('message' => 'Your password has been reseted. You can now login in with your new password.'));
}
return JsonErrorResponse::fromKey(JsonErrorResponse::UNEXPECTED_ERROR);
}
