Ivan - Add token ticket for backend [skip ci]
This commit is contained in:
ivan
parent
eff51acc90
commit
0bd07ef211
|
|
@ -25,9 +25,15 @@ class CommentController extends Controller {
|
|||
|
||||
if(!Controller::isUserSystemEnabled()) {
|
||||
$validations['permission'] = 'any';
|
||||
$validations['requestData']['email'] = [
|
||||
'validation' => DataValidator::email(),
|
||||
'error' => ERRORS::INVALID_EMAIL
|
||||
$session = Session::getInstance();
|
||||
|
||||
$validations['requestData']['csrf_token'] = [
|
||||
'validation' => DataValidator::equals($session->getToken()),
|
||||
'error' => ERRORS::NO_PERMISSION
|
||||
];
|
||||
$validations['requestData']['ticketNumber'] = [
|
||||
'validation' => DataValidator::equals($session->getTicketNumber()),
|
||||
'error' => ERRORS::INVALID_TICKET
|
||||
];
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,14 +20,28 @@ class TicketGetController extends Controller {
|
|||
|
||||
if(!Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) {
|
||||
$validations['permission'] = 'any';
|
||||
$validations['requestData']['email'] = [
|
||||
'validation' => DataValidator::email(),
|
||||
'error' => ERRORS::INVALID_EMAIL
|
||||
];
|
||||
$validations['requestData']['captcha'] = [
|
||||
'validation' => DataValidator::captcha(),
|
||||
'error' => ERRORS::INVALID_CAPTCHA
|
||||
];
|
||||
|
||||
if(Controller::request('token')) {
|
||||
$session = Session::getInstance();
|
||||
|
||||
$validations['requestData']['csrf_token'] = [
|
||||
'validation' => DataValidator::equals($session->getToken()),
|
||||
'error' => ERRORS::NO_PERMISSION
|
||||
];
|
||||
$validations['requestData']['ticketNumber'] = [
|
||||
'validation' => DataValidator::equals($session->getTicketNumber()),
|
||||
'error' => ERRORS::INVALID_TICKET
|
||||
];
|
||||
} else {
|
||||
$validations['requestData']['email'] = [
|
||||
'validation' => DataValidator::email(),
|
||||
'error' => ERRORS::INVALID_EMAIL
|
||||
];
|
||||
$validations['requestData']['captcha'] = [
|
||||
'validation' => DataValidator::captcha(),
|
||||
'error' => ERRORS::INVALID_CAPTCHA
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
return $validations;
|
||||
|
|
@ -40,7 +54,11 @@ class TicketGetController extends Controller {
|
|||
|
||||
if(!Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) {
|
||||
if($this->ticket->authorEmail === $email) {
|
||||
Response::respondSuccess($this->ticket->toArray());
|
||||
if(!Controller::request('token')) {
|
||||
$this->generateSessionToken();
|
||||
} else {
|
||||
Response::respondSuccess($this->ticket->toArray());
|
||||
}
|
||||
return;
|
||||
} else {
|
||||
throw new Exception(ERRORS::NO_PERMISSION);
|
||||
|
|
@ -54,6 +72,15 @@ class TicketGetController extends Controller {
|
|||
}
|
||||
}
|
||||
|
||||
private function generateSessionToken() {
|
||||
$session = Session::getInstance();
|
||||
$token = Hashing::generateRandomToken();
|
||||
|
||||
$session->createTicketSession($this->ticket->ticketNUmber);
|
||||
|
||||
Response::respondSuccess(['token' => $token, 'ticketNumber' => $this->ticket->ticketNUmber]);
|
||||
}
|
||||
|
||||
private function shouldDenyPermission() {
|
||||
$user = Controller::getLoggedUser();
|
||||
|
||||
|
|
|
|||
|
|
@ -29,6 +29,15 @@ class Session {
|
|||
$this->store('staff', $staff);
|
||||
$this->store('token', Hashing::generateRandomToken());
|
||||
}
|
||||
|
||||
public function createTicketSession($ticketNumber) {
|
||||
$this->store('ticketNumber', $ticketNumber);
|
||||
$this->store('token', Hashing::generateRandomToken());
|
||||
}
|
||||
|
||||
public function getTicketNumber() {
|
||||
return $this->getStoredData('ticketNumber');
|
||||
}
|
||||
|
||||
public function getToken() {
|
||||
return $this->getStoredData('token');
|
||||
|
|
@ -51,7 +60,7 @@ class Session {
|
|||
$token === $data['token'];
|
||||
}
|
||||
|
||||
private function store($key, $value) {
|
||||
public function store($key, $value) {
|
||||
$_SESSION[$key] = $value;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue