From a42f728ccfe52f120cca458f5a7658288f862e67 Mon Sep 17 00:00:00 2001
From: Mal <=>
Date: Fri, 21 Aug 2020 23:16:24 +0200
Subject: [PATCH] Fixes and improvements for session handling

---
 ...outPutController.php => UserSessionDeleteController.php} | 6 +++---
 ...LoginPutController.php => UserSessionPostController.php} | 5 +++--
 backend/classes/core/Session.php                            | 4 ++--
 backend/classes/database/User.php                           | 4 ++--
 4 files changed, 10 insertions(+), 9 deletions(-)
 rename backend/classes/controller/{UserLogoutPutController.php => UserSessionDeleteController.php} (72%)
 rename backend/classes/controller/{UserLoginPutController.php => UserSessionPostController.php} (84%)

diff --git a/backend/classes/controller/UserLogoutPutController.php b/backend/classes/controller/UserSessionDeleteController.php
similarity index 72%
rename from backend/classes/controller/UserLogoutPutController.php
rename to backend/classes/controller/UserSessionDeleteController.php
index b7636c3..3299681 100644
--- a/backend/classes/controller/UserLogoutPutController.php
+++ b/backend/classes/controller/UserSessionDeleteController.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-final class UserLogoutPutController extends AbstractController
+final class UserSessionDeleteController extends AbstractController
 {
-    protected string $route = '/api/v1/user/logout';
+    protected string $route = '/api/v1/user/session';
 
     public function handle(): void
     {
@@ -15,7 +15,7 @@ final class UserLogoutPutController extends AbstractController
         if (!$session->IsLoggedIn()) {
             $this->response = new ApiJsonResponse(ServerStatus::BAD_REQUEST);
             $this->response->setParameter('success', false);
-            $this->response->setMessage('You were not logged in!');
+            $this->response->setMessage('No session to delete!');
 
             return;
         }
diff --git a/backend/classes/controller/UserLoginPutController.php b/backend/classes/controller/UserSessionPostController.php
similarity index 84%
rename from backend/classes/controller/UserLoginPutController.php
rename to backend/classes/controller/UserSessionPostController.php
index ae30bb5..87f1125 100644
--- a/backend/classes/controller/UserLoginPutController.php
+++ b/backend/classes/controller/UserSessionPostController.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-final class UserLoginPutController extends AbstractController
+final class UserSessionPostController extends AbstractController
 {
-    protected string $route = '/api/v1/user/login';
+    protected string $route = '/api/v1/user/session';
     protected array $mandatoryAttributes = [
         'username',
         'password',
@@ -39,5 +39,6 @@ final class UserLoginPutController extends AbstractController
         }
 
         $this->response = new ApiJsonResponse();
+        $this->response->setParameter('userId', $session->getUserId());
     }
 }
\ No newline at end of file
diff --git a/backend/classes/core/Session.php b/backend/classes/core/Session.php
index a09c28a..ec9a5c8 100644
--- a/backend/classes/core/Session.php
+++ b/backend/classes/core/Session.php
@@ -42,7 +42,7 @@ final class Session
         }
 
         $this->SetBool(self::IS_LOGGED_IN, true);
-        $this->SetInt(self::USER_ID, $user->getPrimaryKey());
+        $this->SetInt(self::USER_ID, $user->getUserId());
 		$this->SetString(self::USERNAME, $user->getUsername());
         $this->SetString(self::EMAIL, $user->getEmail());
         $this->SetString(self::JABBER_ADDRESS, $user->getJabberAddress());
@@ -90,7 +90,7 @@ final class Session
         return $this->HasValue($key) ? (bool)$_SESSION[$key] : null;
     }
 
-	public function GetAccountId(): ?int
+	public function getUserId(): ?int
 	{
 		return $this->GetInt(self::USER_ID);
 	}
diff --git a/backend/classes/database/User.php b/backend/classes/database/User.php
index f3e4f61..4ff6e8e 100644
--- a/backend/classes/database/User.php
+++ b/backend/classes/database/User.php
@@ -73,11 +73,11 @@ final class User extends MySqlTable implements JsonSerializable
             $databaseGiven = false;
         }
 
-        if ($database->Count(self::class) === 0) {
+        if ($database->Count(self::class, [self::FIELD_USERNAME => $username]) === 0) {
             throw new UserException(sprintf('No user with name %s found!', $username));
         }
 
-        $id = $database->Select(self::class, [self::FIELD_ID], [self::FIELD_USERNAME => $username]);
+        $id = $database->Select(self::class, [self::FIELD_ID], [self::FIELD_USERNAME => $username])[0][self::FIELD_ID];
 
         $user = $databaseGiven ? new User((int)$id, $database) : new User((int)$id);