public function passwordReset($request, $db) { $user_mapper = new UserMapper($db, $request); $username = filter_var($request->getParameter("username"), FILTER_SANITIZE_STRING); if (empty($username)) { throw new Exception("A username must be supplied", 400); } else { $list = $user_mapper->getUserByUsername($username); if (is_array($list['users']) && count($list['users'])) { $user = $list['users'][0]; // neither user_id nor email are in the user resource returned by the mapper $user_id = $user_mapper->getUserIdFromUsername($username); $email = $user_mapper->getEmailByUserId($user_id); $recipients = array($email); // we need a token to send so we know it is a valid reset $token = $user_mapper->generatePasswordResetTokenForUserId($user_id); if (!$token) { throw new Exception("Unable to generate a reset token", 400); } $emailService = new UserPasswordResetEmailService($this->config, $recipients, $user, $token); $emailService->sendEmail(); header("Content-Length: 0", NULL, 202); exit; } throw new Exception("Can't find that user", 400); } }
public function postAction($request, $db) { // check element 3, there's no user associated with the not-logged-in collections if (isset($request->url_elements[3])) { switch ($request->url_elements[3]) { case 'verifications': $user_mapper = new UserMapper($db, $request); $token = filter_var($request->getParameter("token"), FILTER_SANITIZE_STRING); if (empty($token)) { throw new Exception("Verification token must be supplied", 400); } else { $success = $user_mapper->verifyUser($token); if ($success) { header("Content-Length: 0", null, 204); exit; // no more content } else { throw new Exception("Verification failed", 400); } } break; default: throw new InvalidArgumentException('Unknown Subrequest', 404); break; } } else { $user = array(); $errors = array(); $user_mapper = new UserMapper($db, $request); // Required Fields $user['username'] = filter_var(trim($request->getParameter("username")), FILTER_SANITIZE_STRING); if (empty($user['username'])) { $errors[] = "'username' is a required field"; } else { // does anyone else have this username? $existing_user = $user_mapper->getUserByUsername($user['username']); if ($existing_user['users']) { $errors[] = "That username is already in use. Choose another"; } } $user['full_name'] = filter_var(trim($request->getParameter("full_name")), FILTER_SANITIZE_STRING); if (empty($user['full_name'])) { $errors[] = "'full_name' is a required field"; } $user['email'] = filter_var(trim($request->getParameter("email")), FILTER_VALIDATE_EMAIL); if (empty($user['email'])) { $errors[] = "A valid entry for 'email' is required"; } else { // does anyone else have this email? $existing_user = $user_mapper->getUserByEmail($user['email']); if ($existing_user['users']) { $errors[] = "That email is already associated with another account"; } } $password = $request->getParameter("password"); if (empty($password)) { $errors[] = "'password' is a required field"; } else { // check it's sane $validity = $user_mapper->checkPasswordValidity($password); if (true === $validity) { // OK good, go ahead $user['password'] = $password; } else { // the password wasn't acceptable, tell the user why $errors = array_merge($errors, $validity); } } // Optional Fields $user['twitter_username'] = filter_var(trim($request->getParameter("twitter_username")), FILTER_SANITIZE_STRING); // How does it look? With no errors, we can proceed if ($errors) { throw new Exception(implode(". ", $errors), 400); } else { $user_id = $user_mapper->createUser($user); header("Location: " . $request->base . $request->path_info . '/' . $user_id, null, 201); // autoverify for test platforms if (isset($this->config['features']['allow_auto_verify_users']) && $this->config['features']['allow_auto_verify_users']) { if ($request->getParameter("auto_verify_user") == "true") { // the test suite sends this extra field, if we got // this far then this platform supports this $user_mapper->verifyThisTestUser($user_id); } } // Generate a verification token and email it to the user $token = $user_mapper->generateEmailVerificationTokenForUserId($user_id); $recipients = array($user['email']); $emailService = new UserRegistrationEmailService($this->config, $recipients, $token); $emailService->sendEmail(); exit; } } }