Fixes and improvements for session handling

2020-08-21 23:16:24 +02:00 · 2020-08-21 23:16:24 +02:00 · a42f728ccf
parent f4fdf50288
commit a42f728ccf
4 changed files with 10 additions and 9 deletions
--- a/backend/classes/controller/UserSessionDeleteController.php
+++ b/backend/classes/controller/UserSessionDeleteController.php
@ -2,9 +2,9 @@

 declare(strict_types=1);

-final class UserLogoutPutController extends AbstractController
+final class UserSessionDeleteController extends AbstractController
 {
-    protected string $route = '/api/v1/user/logout';
+    protected string $route = '/api/v1/user/session';

    public function handle(): void
    {
@ -15,7 +15,7 @@ final class UserLogoutPutController extends AbstractController
        if (!$session->IsLoggedIn()) {
            $this->response = new ApiJsonResponse(ServerStatus::BAD_REQUEST);
            $this->response->setParameter('success', false);
-            $this->response->setMessage('You were not logged in!');
+            $this->response->setMessage('No session to delete!');

            return;
        }
--- a/backend/classes/controller/UserSessionPostController.php
+++ b/backend/classes/controller/UserSessionPostController.php
@ -2,9 +2,9 @@

 declare(strict_types=1);

-final class UserLoginPutController extends AbstractController
+final class UserSessionPostController extends AbstractController
 {
-    protected string $route = '/api/v1/user/login';
+    protected string $route = '/api/v1/user/session';
    protected array $mandatoryAttributes = [
        'username',
        'password',
@ -39,5 +39,6 @@ final class UserLoginPutController extends AbstractController
        }

        $this->response = new ApiJsonResponse();
+        $this->response->setParameter('userId', $session->getUserId());
    }
 }
--- a/backend/classes/core/Session.php
+++ b/backend/classes/core/Session.php
@ -42,7 +42,7 @@ final class Session
        }

        $this->SetBool(self::IS_LOGGED_IN, true);
-        $this->SetInt(self::USER_ID, $user->getPrimaryKey());
+        $this->SetInt(self::USER_ID, $user->getUserId());
 		$this->SetString(self::USERNAME, $user->getUsername());
        $this->SetString(self::EMAIL, $user->getEmail());
        $this->SetString(self::JABBER_ADDRESS, $user->getJabberAddress());
@ -90,7 +90,7 @@ final class Session
        return $this->HasValue($key) ? (bool)$_SESSION[$key] : null;
    }

-	public function GetAccountId(): ?int
+	public function getUserId(): ?int
 	{
 		return $this->GetInt(self::USER_ID);
 	}
--- a/backend/classes/database/User.php
+++ b/backend/classes/database/User.php
@ -73,11 +73,11 @@ final class User extends MySqlTable implements JsonSerializable
            $databaseGiven = false;
        }

-        if ($database->Count(self::class) === 0) {
+        if ($database->Count(self::class, [self::FIELD_USERNAME => $username]) === 0) {
            throw new UserException(sprintf('No user with name %s found!', $username));
        }

-        $id = $database->Select(self::class, [self::FIELD_ID], [self::FIELD_USERNAME => $username]);
+        $id = $database->Select(self::class, [self::FIELD_ID], [self::FIELD_USERNAME => $username])[0][self::FIELD_ID];

        $user = $databaseGiven ? new User((int)$id, $database) : new User((int)$id);