/**
* test grabbing a user by first name that does not exist
*/
public function testGetInvalidUserByUserEmail()
{
//grab a user id that exceeds the maximum allowable user id
$user = User::getUserByUserEmail($this->getPDO(), "nobody is a user");
$this->assertNull($user);
}
// verifyXsrf();
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
// check that the necessary fields have been sent and filter
if (empty($requestObject->userPassword) === true) {
throw new InvalidArgumentException("must enter a password", 405);
} else {
$password = filter_var($requestObject->userPassword, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
}
if (empty($requestObject->userEmail) === true) {
throw new InvalidArgumentException("email cannot be empty", 405);
} else {
$email = filter_var($requestObject->userEmail, FILTER_SANITIZE_EMAIL);
}
// create user
$user = User::getUserByUserEmail($pdo, $email);
if (empty($user)) {
throw new InvalidArgumentException("invalid email address");
}
// hash for $password
$hash = hash_pbkdf2("sha512", $password, $user->getUserSalt(), 262144);
// verify hash is correct
if ($hash !== $user->getUserHash()) {
throw new \InvalidArgumentException("password or username is incorrect");
}
// grabbing company from database and put company and user in the session
$company = Company::getCompanyByCompanyId($pdo, $user->getUserCompanyId());
$_SESSION["company"] = $company;
$_SESSION["user"] = $user;
$reply->message = "login was successful";
} else {
