Can save user security settings

2024-11-23 22:09:29 +00:00 · 2018-04-19 10:30:22 +02:00 · 2018-04-19 10:30:22 +02:00 · 8909043413
commit 8909043413
parent c802f5af92
2 changed files with 65 additions and 0 deletions
--- a/RestControllers/SettingsController.php
+++ b/RestControllers/SettingsController.php
@ -125,6 +125,38 @@ class SettingsController {
 		return $this->SecuritySettingsToAPI($settings);
 	}

+	/**
+	 * Set (update) security settings
+	 * 
+	 * Warning !!! This method is really sensitive, please double check any
+	 * user input data !
+	 * 
+	 * @url POST /settings/set_security
+	 */
+	public function setSecurity(){
+
+		//User login required
+		user_login_required();
+
+		//Make sure the password is valid
+		check_post_password(userID, "password");
+
+		//Create a security settings object and fill it with the new information
+		$settings = new SecuritySettings();
+		$settings->set_id(userID);
+		$settings->set_security_question_1(postString("security_question_1", 0));
+		$settings->set_security_answer_1(postString("security_answer_1", 0));
+		$settings->set_security_question_2(postString("security_question_2", 0));
+		$settings->set_security_answer_2(postString("security_answer_2", 0));
+		
+		//Try to update settings
+		if(!components()->settings->save_security($settings))
+			Rest_fatal_error(500, "Coud not save security settings!");
+		
+		//Success
+		return array("success" => "The security settings of the user have been successfully saved !");
+	}
+
 	/**
 	 * Turn a GeneralSettings object into a valid API object
 	 * 
--- a/classes/components/SettingsComponent.php
+++ b/classes/components/SettingsComponent.php
@ -84,6 +84,21 @@ class SettingsComponents {
 		return $this->dbToSecuritySettings($entry);
 	}

+	/**
+	 * Save new version of the security settings of a user
+	 * 
+	 * @param SecuritySettings $settings The settings to save in the database
+	 * @return bool TRUE in case of success / FALSE else
+	 */
+	public function save_security(SecuritySettings $settings) : bool {
+
+		//Convert SecuritySettings object into database entry
+		$entry = $this->SecuritySettingsToDb($settings);
+
+		//Save information in the database
+		return $this->saveDBUserInfo($settings->get_id(), $entry);
+	}
+
 	/**
 	 * Get Single User Infos from database and return its information as an array
 	 *
@ -198,6 +213,24 @@ class SettingsComponents {

 	}

+	/**
+	 * Turn SecuritySettings object into database entry
+	 * 
+	 * @param SecuritySettings $settings Settings entry to turn into database entry
+	 * @return array Generated entry
+	 */
+	private function SecuritySettingsToDb(SecuritySettings $settings) : array {
+
+		$data = array();
+
+		$data["question1"] = $settings->has_security_question_1() ? $settings->get_security_question_1() : "";
+		$data["reponse1"] = $settings->has_security_answer_1() ? $settings->get_security_answer_1() : "";
+		$data["question2"] = $settings->has_security_question_2() ? $settings->get_security_question_2() : "";
+		$data["reponse2"] = $settings->has_security_answer_2() ? $settings->get_security_answer_2() : "";
+
+		return $data;
+	}
+
 }

 //Register component