/**
* test grabbing all Requests
**/
public function testGetAllValidRequests()
{
// count the number of rows and save it for later
$numRows = $this->getConnection()->getRowCount("request");
// create a new Request and insert to into mySQL
$request = new Request(null, $this->requestor->getUserId(), $this->admin->getUserId(), $this->VALID_REQUESTTIMESTAMP, $this->VALID_REQUESTACTIONTIMESTAMP, $this->requestApprove, $this->VALID_REQUESTREQUESTORTEXT, $this->VALID_REQUESTADMINTEXT);
$request->insert($this->getPDO());
// grab the data from mySQL and enforce the fields match our expectations
$results = Request::getAllRequests($this->getPDO());
$this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("request"));
$this->assertCount(1, $results);
$this->assertContainsOnlyInstancesOf("Edu\\Cnm\\TimeCrunchers\\Request", $results);
// grab the result from the array and validate it
$pdoRequest = $results[0];
$this->assertEquals($pdoRequest->getRequestRequestorId(), $this->requestor->getUserId());
$this->assertEquals($pdoRequest->getRequestAdminId(), $this->admin->getUserId());
$this->assertEquals($pdoRequest->getRequestTimeStamp(), $this->VALID_REQUESTTIMESTAMP);
$this->assertEquals($pdoRequest->getRequestActionTimeStamp(), $this->VALID_REQUESTACTIONTIMESTAMP);
$this->assertEquals($pdoRequest->getRequestApprove(), $this->requestApprove);
$this->assertEquals($pdoRequest->getRequestRequestorText(), $this->VALID_REQUESTREQUESTORTEXT2);
$this->assertEquals($pdoRequest->getRequestAdminText(), $this->VALID_REQUESTADMINTEXT);
}
$reply->data = null;
try {
//Grab MySQL connection
$pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/timecrunch.ini");
//determine which http method was used
$method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"];
//handle REST calls, while allowing administrators to access database modifying methods
if ($method === "GET") {
//set Xsrf cookie
setXsrfcookie("/");
//get the Sign Up based on the given field
$emailActivation = filter_input(INPUT_GET, "emailActivation", FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if (empty($emailActivation)) {
throw new \RangeException("No Activation Code");
}
$user = User::getUserByUserActivation($pdo, $emailActivation);
if (empty($user)) {
throw new \InvalidArgumentException("no user for activation code");
}
$user->setUserActivation(null);
$user->update($pdo);
header("Location: ../../../");
} else {
throw new \Exception("Invalid HTTP method");
}
} catch (Exception $exception) {
$reply->status = $exception->getCode();
$reply->message = $exception->getMessage();
$reply->trace = $exception->getTraceAsString();
header("Content-type: application/json");
echo json_encode($reply);
}
// if($password !== $verifyPassword) {
// throw(new InvalidArgumentException ("Password and verify password must match."));
// }
//create a new company for the user
$company = new Company(null, $companyAttn, $companyName, $companyAddress1, $companyAddress2, $companyCity, $companyState, $companyZip, "111-111-1111", $companyEmail, $companyUrl);
$company->insert($pdo);
//create a new crew for the user
$crew = new Crew(null, $company->getCompanyId(), "");
$crew->insert($pdo);
//create new user
//create password salt, hash and activation code
$activation = bin2hex(random_bytes(16));
$salt = bin2hex(random_bytes(32));
$hash = hash_pbkdf2("sha512", "password", $salt, 262144);
$user = new User(null, $company->getCompanyId(), $crew->getCrewId(), Access::ADMIN, "5055551212", $userFirstName, $userLastName, $userEmail, $activation, $hash, $salt);
$user->insert($pdo);
$messageSubject = "Time Crunch Account Activation";
//building the activation link that can travel to another server and still work. This is the link that will be clicked to confirm the account.
// FIXME: make sure URL is /public_html/activation/$activation
$basePath = dirname($_SERVER["SCRIPT_NAME"], 4);
$urlglue = $basePath . "/activation/" . $activation;
$confirmLink = "https://" . $_SERVER["SERVER_NAME"] . $urlglue;
$message = <<<EOF
<h2>Welcome to the Time Crunch schedule management application.</h2>
<p>Visit the following URL to set a new password and complete the registration process: </p>
<p><a href="{$confirmLink}">{$confirmLink}</a></p>
EOF;
$response = sendEmail($userEmail, $userFirstName, $userLastName, $messageSubject, $message);
if ($response === "Email sent.") {
$reply->message = "Sign up was successful, please check your email for activation message.";
/**
* test grabbing all users
*/
public function testGetAllValidUsers()
{
//create a new user and insert into mySQL
$user = new User(null, $this->company->getCompanyId(), $this->crew->getCrewId(), $this->access->getAccessId(), $this->VALID_USERPHONE, $this->VALID_USERFIRSTNAME, $this->VALID_USERLASTNAME, $this->VALID_USEREMAIL, $this->VALID_USERACTIVATION, $this->VALID_USERHASH, $this->VALID_USERSALT);
$user->insert($this->getPDO());
//count the number of rows and save it for later
$numRows = $this->getConnection()->getRowCount("user");
//grab the data for mySQL and enforce the field match our expectations
$results = User::getAllUsers($this->getPDO());
$this->assertEquals($numRows, $results->count());
}
// verifyXsrf();
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
// check that the necessary fields have been sent and filter
if (empty($requestObject->userPassword) === true) {
throw new InvalidArgumentException("must enter a password", 405);
} else {
$password = filter_var($requestObject->userPassword, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
}
if (empty($requestObject->userEmail) === true) {
throw new InvalidArgumentException("email cannot be empty", 405);
} else {
$email = filter_var($requestObject->userEmail, FILTER_SANITIZE_EMAIL);
}
// create user
$user = User::getUserByUserEmail($pdo, $email);
if (empty($user)) {
throw new InvalidArgumentException("invalid email address");
}
// hash for $password
$hash = hash_pbkdf2("sha512", $password, $user->getUserSalt(), 262144);
// verify hash is correct
if ($hash !== $user->getUserHash()) {
throw new \InvalidArgumentException("password or username is incorrect");
}
// grabbing company from database and put company and user in the session
$company = Company::getCompanyByCompanyId($pdo, $user->getUserCompanyId());
$_SESSION["company"] = $company;
$_SESSION["user"] = $user;
$reply->message = "login was successful";
} else {
<p><a href="{$confirmLink}">{$confirmLink}</a></p>
EOF;
$response = sendEmail($user->getUserEmail(), $user->getUserFirstName(), $user->getUserLastName(), $messageSubject, $message);
if ($response === "Email sent.") {
$reply->message = "sign up was successful, please check your email for activation message.";
}
/**
* the send method returns the number of recipients that accepted the Email
* so, if the number attempted is not the number accepted, this is an Exception
**/
}
}
} else {
if ($method === "DELETE") {
$reply->debug = "delete started";
$user = User::getUserByUserId($pdo, $id);
if ($user === null) {
throw new RuntimeException("User does not exist", 404);
}
$user->delete($pdo);
$deletedObject = new stdClass();
$deletedObject->crewId = $id;
$reply->message = "Crew deleted OK";
} else {
//if not an admin, and attempting a method other than get, throw an exception
if (empty($method) === false && $method !== "GET") {
throw new RuntimeException("only admins can change database entries", 401);
}
}
}
}
