Untitled

<?php

namespace AppBundle\Controller;

use AppBundle\Entity\PayCards;
use AppBundle\Entity\Users;
use AppBundle\Model\Authentication\Login;
use AppBundle\Model\Authentication\Register;
use AppBundle\Utils\Password;
use AppBundle\Utils\ResponseFormat;
use FOS\RestBundle\Controller\FOSRestController;
use FOS\RestBundle\View\View;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use FOS\RestBundle\Controller\Annotations as Api;
use Nelmio\ApiDocBundle\Annotation\ApiDoc;
use Symfony\Component\Validator\ConstraintViolationListInterface;
use AppBundle\Model\Authentication\AuthToken;

/**
 * @Api\Prefix("/authentication")
 */
class AuthenticationController extends FOSRestController
{
    /**
     * @ApiDoc(
     *     statusCodes={
     *         204="Returned when successful",
     *         400="Returned when an error in validating request",
     *         403="Returned when given username is not unique"
     *     },
     *  resource=true,
     *  description="Rejestracja użytkownika",
     *  input = "AppBundle\Model\Authentication\Register"
     * )
     *
     * @Api\Put("/register")
     */
    public function putRegisterAction(Register $register, ConstraintViolationListInterface $validationErrors)
    {
        if (count($validationErrors) > 0) {
            return View::create($validationErrors, 400);
        }

        $user = new Users();
        $user->setLogin($register->getLogin());
        $user->setSalt(bin2hex(openssl_random_pseudo_bytes(4)));
        $user->setPassword(Password::getSecureHash($user->getSalt(), $register->getPassword()));
        $user->setEmail($register->getEmail());
        $user->setFirstName($register->getFirstName());
        $user->setLastName($register->getLastName());
        $user->setPin($register->getPin());

        $em = $this->getDoctrine()->getManager();

        if($em->getRepository('AppBundle:Users')->findOneByLogin($user->getLogin()) !== null) {
            return View::create(ResponseFormat::create("login", "Given login already exists"), 403);
        }

        $em->persist($user);

        $payCard = new PayCards();
        $payCard->setUser($user);
        $payCard->setNumber($register->getCardNumber());

        $em->persist($payCard);

        $em->flush();
    }

    /**
     * @ApiDoc(
     *     statusCodes={
     *         200="Returned when successful",
     *         400="Returned when an error in validating request",
     *         403="Returned when wrong login or password"
     *     },
     *  resource=true,
     *  description="Logowanie użytkownika",
     *  input = "AppBundle\Model\Authentication\Login",
     *  output = "AppBundle\Model\Authentication\AuthToken"
     * )
     *
     * @Api\Post("/login")
     */
    public function postLoginAction(Login $login, ConstraintViolationListInterface $validationErrors)
    {
        if (count($validationErrors) > 0) {
            return View::create($validationErrors, 400);
        }
        $em = $this->getDoctrine()->getManager();

        $user = $em->getRepository('AppBundle:Users')->findOneByLogin($login->getLogin());

        if($user !== null && $user->getPassword() === Password::getSecureHash($user->getSalt(), $login->getPassword())) {
            $token = $user->getSalt() . bin2hex(openssl_random_pseudo_bytes(32));

            $user->setToken(sha1($token));

            $em->flush();
            $authToken = new AuthToken($token);

            return View::create($authToken, 200);
        }

        return View::create(ResponseFormat::create("login", "Wrong login or password"), 403);
    }
}