Added user existence validation to login API

andrewnicols · Feb 3, 2023 · 1ee4237 · 1ee4237
1 parent 684b568
commit 1ee4237
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/application/src/Controller/BackOfficeController.php b/application/src/Controller/BackOfficeController.php
@@ -47,6 +47,7 @@ public function createAdmin(string $serverID, Request $request) {
                 // New user, or existing user without any associated Tokens.
                 $token = new Tokens();
                 $token->setAccesstoken($this->generateToken('access-token'));
+                $token->setRefreshtoken($this->generateToken('refresh-token'));
                 $token->setExpiresinms();
                 $token->setServerid($serverID);
 

diff --git a/application/src/Controller/MatrixController.php b/application/src/Controller/MatrixController.php
@@ -66,9 +66,12 @@ public function login(string $serverID, Request $request): JsonResponse {
 
             $entityManager = $this->getDoctrine()->getManager();
             $user = $entityManager->getRepository(Users::class)->findOneBy($check['loginidentifier']);
+
+            $passwordpatter = $user ? $user->getPasswordpattern() : null;
+            $userid = $user ? $user->getId() : null;
             $password = $entityManager->getRepository(Passwords::class)->findOneBy([
-                'password' => $this->hashPassword($payload->password, $user->getPasswordpattern())['token'],
-                'userid' => $user->getId()
+                'password' => $this->hashPassword($payload->password, $passwordpatter)['token'],
+                'userid' => $userid
             ]);
 
             // Check if user with its password is found.

diff --git a/application/src/Traits/MatrixSynapseTrait.php b/application/src/Traits/MatrixSynapseTrait.php
@@ -6,6 +6,7 @@
 use App\Entity\Rooms;
 use App\Entity\Roommembers;
 use App\Entity\Tokens;
+use App\Entity\Users;
 
 trait MatrixSynapseTrait {
 
@@ -146,7 +147,7 @@ private function getRoom(string $roomID): ?object
      * Get user token.
      *
      * @param string $serverID
-     * @param string $serverID
+     * @param string $refreshToken
      * @return object|null
      */
     private function getToken(string $serverID, string $refreshToken): ?object
@@ -158,6 +159,20 @@ private function getToken(string $serverID, string $refreshToken): ?object
         ]);
     }
 
+    /**
+     * Get a user.
+     *
+     * @param string $userID
+     * @return object|null
+     */
+    private function getOneUser(string $userID): ?object
+    {
+        $entityManager = $this->getDoctrine()->getManager();
+        return $entityManager->getRepository(Users::class)->findOneBy([
+            'userid' => $userID
+        ]);
+    }
+
     /**
      * Return array of true status.
      *