Code Coverage for /app/server/src/App/Services/login/Login.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	92.73% covered (success)	92.73%	51 / 55		n/a	0 / 0	CRAP		n/a	0 / 0

1	<?php
2
3	/**
4	* @file
5	* Login action: authenticate with username and password.
6	*/
7
8	declare(strict_types=1);
9
10	/**
11	* Action callable: login with username and password (POST body + GET device).
12	*
13	* Validates credentials (USER or STAFF), grants session, returns JSON with errorcode and session.
14	*
15	* @param string $body JSON body with username, password.
16	* @param array<string, mixed> $query Query params: device.
17	* @param \ConxHelper $conx Connection helper (from LoginService; uses ->global for central DB).
18	* @param \Psr\Log\LoggerInterface $logger Logger (from LoggerFactory).
19	* @param \UppServices\SessionService $sessionService Session service for grant.
20	* @return array{output: string, contentType: string} JSON output and content type.
21	*/
22	return function (string $body, array $query, \ConxHelper $conx, \Psr\Log\LoggerInterface $logger, \UppServices\SessionService $sessionService): array {
23	$retval = ApplicationError::Success;
24	$userinfo = null;
25
26	if ($body === '') {
27	$output = json_encode(['errorcode' => ApplicationError::Parameters]);
28	return ['output' => $output, 'contentType' => 'application/json; charset=utf-8'];
29	}
30
31	$logger->info("User login from remote IP: ".getRemoteIp());
32	$data = json_decode($body, true);
33	$logger->debug("DUMP OF POST DATA:".PHP_EOL.print_r($data, true).PHP_EOL);
34	if ($data === null) {
35	$logger->error("Invalid JSON format in post request data");
36	$output = json_encode(['errorcode' => ApplicationError::Generic]);
37	return ['output' => $output, 'contentType' => 'application/json; charset=utf-8'];
38	}
39
40	$deviceid = $query['device'] ?? null;
41	if (!$deviceid) {
42	$logger->error("Missing 'device' parameter in url request");
43	$retval = ApplicationError::Parameters;
44	}
45
46	if (success($retval)) {
47	$username = $data['username'] ?? null;
48	if (!$username) {
49	$logger->error("Mandatory argument 'username' not provided in post data.");
50	$retval = ApplicationError::Parameters;
51	}
52	}
53	if (success($retval)) {
54	$password = $data['password'] ?? null;
55	if (!$password) {
56	$logger->error("Mandatory argument 'password' not provided in post data.");
57	$retval = ApplicationError::Parameters;
58	}
59	}
60
61	if (success($retval)) {
62	$username = trim(strtolower((string) ($data['username'] ?? '')));
63	$password = (string) ($data['password'] ?? '');
64	$results = [];
65	$sql = "select * from USER where lower(email) = '".$username."' and password = '".$password."' and status in ('PA', 'AC')";
66	$res = $conx->global->runsql(['USER'], $sql, $results);
67	if ($res && count($results) > 0) {
68	$userinfo = $results[0];
69	$logger->info("Login succesfull for user '".$username."' -- objid [".$userinfo['objid']."]");
70	}
71	else {
72	$res = $conx->global->query("STAFF", ['email' => $username, 'status' => 'AC'], $results);
73	if ($res && count($results) > 0) {
74	$res = $conx->global->query("USER", ["objid" => $results[0]['user'], "password" => $password, "status" => ['PA', 'AC']], $results);
75	if ($res && count($results) > 0) {
76	$userinfo = $results[0];
77	$logger->info("Login succesfull for user '".$username."' -- objid [".$userinfo['objid']."]");
78	}
79	}
80	}
81	if (!$userinfo) {
82	$logger->error("No valid users/waiters found for email '".$username."' with password.");
83	$retval = ApplicationError::Unauthorized;
84	}
85	}
86
87	if (success($retval)) {
88	$userinfo['session'] = null;
89	$retval = $sessionService->grantSession($conx, $deviceid, $userinfo['objid'], $userinfo['session']);
90	}
91
92	if (success($retval)) {
93	$userinfo['photo'] = toUrl($userinfo['photo']);
94	$result = ["errorcode" => $retval, "session" => $userinfo['session']];
95	}
96	else {
97	$result = ["errorcode" => $retval];
98	}
99
100	$output = json_encode($result);
101	return ['output' => $output, 'contentType' => 'application/json; charset=utf-8'];
102	};