/** * test grabbing all Requests **/ public function testGetAllValidRequests() { // count the number of rows and save it for later $numRows = $this->getConnection()->getRowCount("request"); // create a new Request and insert to into mySQL $request = new Request(null, $this->requestor->getUserId(), $this->admin->getUserId(), $this->VALID_REQUESTTIMESTAMP, $this->VALID_REQUESTACTIONTIMESTAMP, $this->requestApprove, $this->VALID_REQUESTREQUESTORTEXT, $this->VALID_REQUESTADMINTEXT); $request->insert($this->getPDO()); // grab the data from mySQL and enforce the fields match our expectations $results = Request::getAllRequests($this->getPDO()); $this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("request")); $this->assertCount(1, $results); $this->assertContainsOnlyInstancesOf("Edu\\Cnm\\TimeCrunchers\\Request", $results); // grab the result from the array and validate it $pdoRequest = $results[0]; $this->assertEquals($pdoRequest->getRequestRequestorId(), $this->requestor->getUserId()); $this->assertEquals($pdoRequest->getRequestAdminId(), $this->admin->getUserId()); $this->assertEquals($pdoRequest->getRequestTimeStamp(), $this->VALID_REQUESTTIMESTAMP); $this->assertEquals($pdoRequest->getRequestActionTimeStamp(), $this->VALID_REQUESTACTIONTIMESTAMP); $this->assertEquals($pdoRequest->getRequestApprove(), $this->requestApprove); $this->assertEquals($pdoRequest->getRequestRequestorText(), $this->VALID_REQUESTREQUESTORTEXT2); $this->assertEquals($pdoRequest->getRequestAdminText(), $this->VALID_REQUESTADMINTEXT); }
$reply->data = null; try { //Grab MySQL connection $pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/timecrunch.ini"); //determine which http method was used $method = array_key_exists("HTTP_X_HTTP_METHOD", $_SERVER) ? $_SERVER["HTTP_X_HTTP_METHOD"] : $_SERVER["REQUEST_METHOD"]; //handle REST calls, while allowing administrators to access database modifying methods if ($method === "GET") { //set Xsrf cookie setXsrfcookie("/"); //get the Sign Up based on the given field $emailActivation = filter_input(INPUT_GET, "emailActivation", FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); if (empty($emailActivation)) { throw new \RangeException("No Activation Code"); } $user = User::getUserByUserActivation($pdo, $emailActivation); if (empty($user)) { throw new \InvalidArgumentException("no user for activation code"); } $user->setUserActivation(null); $user->update($pdo); header("Location: ../../../"); } else { throw new \Exception("Invalid HTTP method"); } } catch (Exception $exception) { $reply->status = $exception->getCode(); $reply->message = $exception->getMessage(); $reply->trace = $exception->getTraceAsString(); header("Content-type: application/json"); echo json_encode($reply);
} // if($password !== $verifyPassword) { // throw(new InvalidArgumentException ("Password and verify password must match.")); // } //create a new company for the user $company = new Company(null, $companyAttn, $companyName, $companyAddress1, $companyAddress2, $companyCity, $companyState, $companyZip, "111-111-1111", $companyEmail, $companyUrl); $company->insert($pdo); //create a new crew for the user $crew = new Crew(null, $company->getCompanyId(), ""); $crew->insert($pdo); //create new user //create password salt, hash and activation code $activation = bin2hex(random_bytes(16)); $salt = bin2hex(random_bytes(32)); $hash = hash_pbkdf2("sha512", "password", $salt, 262144); $user = new User(null, $company->getCompanyId(), $crew->getCrewId(), Access::ADMIN, "5055551212", $userFirstName, $userLastName, $userEmail, $activation, $hash, $salt); $user->insert($pdo); $messageSubject = "Time Crunch Account Activation"; //building the activation link that can travel to another server and still work. This is the link that will be clicked to confirm the account. // FIXME: make sure URL is /public_html/activation/$activation $basePath = dirname($_SERVER["SCRIPT_NAME"], 4); $urlglue = $basePath . "/activation/" . $activation; $confirmLink = "https://" . $_SERVER["SERVER_NAME"] . $urlglue; $message = <<<EOF <h2>Welcome to the Time Crunch schedule management application.</h2> <p>Visit the following URL to set a new password and complete the registration process: </p> <p><a href="{$confirmLink}">{$confirmLink}</a></p> EOF; $response = sendEmail($userEmail, $userFirstName, $userLastName, $messageSubject, $message); if ($response === "Email sent.") { $reply->message = "Sign up was successful, please check your email for activation message.";
/** * test grabbing all users */ public function testGetAllValidUsers() { //create a new user and insert into mySQL $user = new User(null, $this->company->getCompanyId(), $this->crew->getCrewId(), $this->access->getAccessId(), $this->VALID_USERPHONE, $this->VALID_USERFIRSTNAME, $this->VALID_USERLASTNAME, $this->VALID_USEREMAIL, $this->VALID_USERACTIVATION, $this->VALID_USERHASH, $this->VALID_USERSALT); $user->insert($this->getPDO()); //count the number of rows and save it for later $numRows = $this->getConnection()->getRowCount("user"); //grab the data for mySQL and enforce the field match our expectations $results = User::getAllUsers($this->getPDO()); $this->assertEquals($numRows, $results->count()); }
// verifyXsrf(); $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); // check that the necessary fields have been sent and filter if (empty($requestObject->userPassword) === true) { throw new InvalidArgumentException("must enter a password", 405); } else { $password = filter_var($requestObject->userPassword, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); } if (empty($requestObject->userEmail) === true) { throw new InvalidArgumentException("email cannot be empty", 405); } else { $email = filter_var($requestObject->userEmail, FILTER_SANITIZE_EMAIL); } // create user $user = User::getUserByUserEmail($pdo, $email); if (empty($user)) { throw new InvalidArgumentException("invalid email address"); } // hash for $password $hash = hash_pbkdf2("sha512", $password, $user->getUserSalt(), 262144); // verify hash is correct if ($hash !== $user->getUserHash()) { throw new \InvalidArgumentException("password or username is incorrect"); } // grabbing company from database and put company and user in the session $company = Company::getCompanyByCompanyId($pdo, $user->getUserCompanyId()); $_SESSION["company"] = $company; $_SESSION["user"] = $user; $reply->message = "login was successful"; } else {
<p><a href="{$confirmLink}">{$confirmLink}</a></p> EOF; $response = sendEmail($user->getUserEmail(), $user->getUserFirstName(), $user->getUserLastName(), $messageSubject, $message); if ($response === "Email sent.") { $reply->message = "sign up was successful, please check your email for activation message."; } /** * the send method returns the number of recipients that accepted the Email * so, if the number attempted is not the number accepted, this is an Exception **/ } } } else { if ($method === "DELETE") { $reply->debug = "delete started"; $user = User::getUserByUserId($pdo, $id); if ($user === null) { throw new RuntimeException("User does not exist", 404); } $user->delete($pdo); $deletedObject = new stdClass(); $deletedObject->crewId = $id; $reply->message = "Crew deleted OK"; } else { //if not an admin, and attempting a method other than get, throw an exception if (empty($method) === false && $method !== "GET") { throw new RuntimeException("only admins can change database entries", 401); } } } }