From e1ab1a5deed32a507d739b2440c016d98738bc59 Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Fri, 29 Nov 2019 17:09:39 +0100
Subject: [PATCH] FEAT #11645 TIME 0:45 Send account activation notification on
demand
---
rest/index.php | 1 +
src/app/user/controllers/UserController.php | 98 ++++++++++---------
.../controllers/AuthenticationController.php | 2 +-
3 files changed, 55 insertions(+), 46 deletions(-)
diff --git a/rest/index.php b/rest/index.php
index 2bb7bd97985..5725cfa6805 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -431,6 +431,7 @@ $app->delete('/users/{id}/signatures/{signatureId}', \User\controllers\UserContr
$app->post('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':setRedirectedBaskets');
$app->delete('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':deleteRedirectedBasket');
$app->put('/users/{id}/baskets', \User\controllers\UserController::class . ':updateBasketsDisplay');
+$app->put('/users/{id}/accountCreationNotification', \User\controllers\UserController::class . ':sendAccountActivationNotification');
$app->post('/password', \User\controllers\UserController::class . ':forgotPassword');
$app->put('/password', \User\controllers\UserController::class . ':passwordInitialization');
diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index 1c7be8b7d0a..7d804f277e9 100755
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -170,7 +170,7 @@ class UserController
]);
if ($loggingMethod['id'] == 'standard') {
- AuthenticationController::sendUserCreationNotification(['userId' => $existingUser['id'], 'userEmail' => $existingUser['mail']]);
+ AuthenticationController::sendAccountActivationNotification(['userId' => $existingUser['id'], 'userEmail' => $existingUser['mail']]);
}
return $response->withJson(['id' => $existingUser['id']]);
@@ -198,7 +198,7 @@ class UserController
}
if ($loggingMethod['id'] == 'standard') {
- AuthenticationController::sendUserCreationNotification(['userId' => $id, 'userEmail' => $data['mail']]);
+ AuthenticationController::sendAccountActivationNotification(['userId' => $id, 'userEmail' => $data['mail']]);
}
HistoryController::add([
@@ -1443,56 +1443,64 @@ class UserController
]);
}
- public function hasUsersRights(array $aArgs)
+ public function sendAccountActivationNotification(Request $request, Response $response, array $args)
{
- $error = [
- 'status' => 200,
- 'error' => ''
- ];
+ $control = $this->hasUsersRights(['id' => $args['id']]);
+ if (!empty($control['error'])) {
+ return $response->withStatus($control['status'])->withJson(['errors' => $control['error']]);
+ }
- if (!is_numeric($aArgs['id'])) {
- $error['status'] = 400;
- $error['error'] = 'id must be an integer';
- } else {
- $user = UserModel::getById(['id' => $aArgs['id'], 'select' => ['user_id']]);
- if (empty($user['user_id'])) {
- $error['status'] = 400;
- $error['error'] = 'User not found';
- } else {
- if (empty($aArgs['himself']) || $GLOBALS['userId'] != $user['user_id']) {
- if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_users', 'userId' => $GLOBALS['id']])) {
- $error['status'] = 403;
- $error['error'] = 'Service forbidden';
- }
- if ($GLOBALS['userId'] != 'superadmin') {
- $entities = EntityModel::getAllEntitiesByUserId(['userId' => $GLOBALS['userId']]);
- $users = UserEntityModel::getWithUsers([
- 'select' => ['users.id'],
- 'where' => ['users_entities.entity_id in (?)', 'status != ?'],
- 'data' => [$entities, 'DEL']
- ]);
- $usersNoEntities = UserEntityModel::getUsersWithoutEntities(['select' => ['id']]);
- $users = array_merge($users, $usersNoEntities);
- $allowed = false;
- foreach ($users as $value) {
- if ($value['id'] == $aArgs['id']) {
- $allowed = true;
- }
- }
- if (!$allowed) {
- $error['status'] = 403;
- $error['error'] = 'UserId out of perimeter';
- }
+ $loggingMethod = CoreConfigModel::getLoggingMethod();
+ if ($loggingMethod['id'] != 'standard') {
+ return $response->withStatus($control['status'])->withJson(['errors' => $control['error']]);
+ }
+
+ $user = UserModel::getById(['id' => $args['id'], 'select' => ['mail']]);
+
+ AuthenticationController::sendAccountActivationNotification(['userId' => $args['id'], 'userEmail' => $user['mail']]);
+
+ return $response->withStatus(204);
+ }
+
+ public function hasUsersRights(array $args)
+ {
+ if (!is_numeric($args['id'])) {
+ return ['status' => 400, 'error' => 'id must be an integer'];
+ }
+
+ $user = UserModel::getById(['id' => $args['id'], 'select' => ['user_id']]);
+ if (empty($user['user_id'])) {
+ return ['status' => 400, 'error' => 'User not found'];
+ }
+
+ if (empty($args['himself']) || $GLOBALS['userId'] != $user['user_id']) {
+ if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_users', 'userId' => $GLOBALS['id']])) {
+ return ['status' => 403, 'error' => 'Service forbidden'];
+ }
+ if ($GLOBALS['userId'] != 'superadmin') {
+ $entities = EntityModel::getAllEntitiesByUserId(['userId' => $GLOBALS['userId']]);
+ $users = UserEntityModel::getWithUsers([
+ 'select' => ['users.id'],
+ 'where' => ['users_entities.entity_id in (?)', 'status != ?'],
+ 'data' => [$entities, 'DEL']
+ ]);
+ $usersNoEntities = UserEntityModel::getUsersWithoutEntities(['select' => ['id']]);
+ $users = array_merge($users, $usersNoEntities);
+ $allowed = false;
+ foreach ($users as $value) {
+ if ($value['id'] == $args['id']) {
+ $allowed = true;
}
- } elseif ($aArgs['delete'] && $GLOBALS['userId'] == $user['user_id']) {
- $error['status'] = 403;
- $error['error'] = 'Can not delete yourself';
+ }
+ if (!$allowed) {
+ return ['status' => 403, 'error' => 'UserId out of perimeter'];
}
}
+ } elseif ($args['delete'] && $GLOBALS['userId'] == $user['user_id']) {
+ return ['status' => 403, 'error' => 'Can not delete yourself'];
}
-
- return $error;
+ return true;
}
private function checkNeededParameters(array $aArgs)
diff --git a/src/core/controllers/AuthenticationController.php b/src/core/controllers/AuthenticationController.php
index cf9dfbbe0f4..cc4e3e03469 100755
--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -141,7 +141,7 @@ class AuthenticationController
return $jwt;
}
- public static function sendUserCreationNotification(array $args)
+ public static function sendAccountActivationNotification(array $args)
{
$resetToken = AuthenticationController::getResetJWT(['id' => $args['userId'], 'expirationTime' => 1209600]); // 14 days
UserModel::update(['set' => ['reset_token' => $resetToken], 'where' => ['id = ?'], 'data' => [$args['userId']]]);
--
GitLab