/** * test grabbing a user by first name that does not exist */ public function testGetInvalidUserByUserEmail() { //grab a user id that exceeds the maximum allowable user id $user = User::getUserByUserEmail($this->getPDO(), "nobody is a user"); $this->assertNull($user); }
// verifyXsrf(); $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); // check that the necessary fields have been sent and filter if (empty($requestObject->userPassword) === true) { throw new InvalidArgumentException("must enter a password", 405); } else { $password = filter_var($requestObject->userPassword, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); } if (empty($requestObject->userEmail) === true) { throw new InvalidArgumentException("email cannot be empty", 405); } else { $email = filter_var($requestObject->userEmail, FILTER_SANITIZE_EMAIL); } // create user $user = User::getUserByUserEmail($pdo, $email); if (empty($user)) { throw new InvalidArgumentException("invalid email address"); } // hash for $password $hash = hash_pbkdf2("sha512", $password, $user->getUserSalt(), 262144); // verify hash is correct if ($hash !== $user->getUserHash()) { throw new \InvalidArgumentException("password or username is incorrect"); } // grabbing company from database and put company and user in the session $company = Company::getCompanyByCompanyId($pdo, $user->getUserCompanyId()); $_SESSION["company"] = $company; $_SESSION["user"] = $user; $reply->message = "login was successful"; } else {