Skip to content

Commit 045819c

Browse files
apps-caragaapps-caraga
authored
Merge pull request #1 from apps-caraga/apps-caraga-patch-2
Registration w/ addl data
2 parents 0f4e2b9 + 1ee817f commit 045819c

File tree

1 file changed

+34
-3
lines changed

1 file changed

+34
-3
lines changed

src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php

Lines changed: 34 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
5959
$usernameColumnName = $this->getProperty('usernameColumn', 'username');
6060
$usernameColumn = $table->getColumn($usernameColumnName);
6161
$passwordColumnName = $this->getProperty('passwordColumn', 'password');
62+
$usernamePattern = $this->getProperty('usernamePattern','/^[A-Za-z0-9]+$/'); // specify regex pattern for username, defaults to alphanumeric characters
63+
$usernameMinLength = (int)$this->getProperty('usernameMinLength',5);
64+
$usernameMaxLength = (int)$this->getProperty('usernameMaxLength',30);
65+
if($usernameMinLength > $usernameMaxLength){
66+
//obviously, $usernameMinLength should be less than $usernameMaxLength, but we'll still check in case of mis-config then we'll swap the 2 values
67+
$lesser = $usernameMaxLength;
68+
$usernameMaxLength = $usernameMinLength;
69+
$usernameMinLength = $lesser;
70+
}
6271
$passwordLength = $this->getProperty('passwordLength', '12');
6372
$pkName = $table->getPk()->getName();
6473
$registerUser = $this->getProperty('registerUser', '');
@@ -79,14 +88,36 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
7988
if (strlen($password) < $passwordLength) {
8089
return $this->responder->error(ErrorCode::PASSWORD_TOO_SHORT, $passwordLength);
8190
}
91+
if(strlen($username) < $usernameMinLength){
92+
return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $username . " [ Username length must be at least ". $usernameMinLength ." characters.]");
93+
}
94+
if(strlen($username) > $usernameMaxLength){
95+
return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $username . " [ Username length must not exceed ". $usernameMaxLength ." characters.]");
96+
}
97+
if(!preg_match($usernamePattern, $username)){
98+
return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $username . " [ Username contains disallowed characters.]");
99+
}
82100
$users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
83101
if (!empty($users)) {
84102
return $this->responder->error(ErrorCode::USER_ALREADY_EXIST, $username);
85103
}
86104
$data = json_decode($registerUser, true);
87-
$data = is_array($data) ? $data : [];
88-
$data[$usernameColumnName] = $username;
89-
$data[$passwordColumnName] = password_hash($password, PASSWORD_DEFAULT);
105+
$data = is_array($data) ? $data : (array)$body;
106+
// get the original posted data
107+
$userTableColumns = $table->getColumnNames();
108+
foreach($data as $key=>$value){
109+
if(in_array($key,$userTableColumns)){
110+
// process only posted data if the key exists as users table column
111+
if($key === $usernameColumnName){
112+
$data[$usernameColumnName] = $username; //process the username and password as usual
113+
}else if($key === $passwordColumnName){
114+
$data[$passwordColumnName] = password_hash($password, PASSWORD_DEFAULT);
115+
}else{
116+
$data[$key] = filter_var($value, FILTER_VALIDATE_EMAIL) ? $value : filter_var($value,FILTER_SANITIZE_ENCODED);
117+
//sanitize all other inputs, except for valid or properly formatted email address
118+
}
119+
}
120+
}
90121
$this->db->createSingle($table, $data);
91122
$users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
92123
foreach ($users as $user) {

0 commit comments

Comments
 (0)