From 10b77664580d1e16999389eaa175a7ad47e58f6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Sun, 21 Jun 2020 12:55:49 +0200
Subject: [PATCH] MAPG-69 redirect to sign up when user not found during login

---
 public/static/js/login.js          |  9 +++--
 public/static/js/profile.js        |  2 +-
 public/static/js/signup.js         | 11 +++---
 src/Controller/LoginController.php | 54 +++++++++++++++++++++++++-----
 src/Controller/UserController.php  |  2 +-
 views/login/signup.php             | 12 +++++--
 views/login/signup_success.php     |  9 +++++
 web.php                            |  1 +
 8 files changed, 78 insertions(+), 22 deletions(-)
 create mode 100644 views/login/signup_success.php

diff --git a/public/static/js/login.js b/public/static/js/login.js
index 0044488..cb97b3c 100644
--- a/public/static/js/login.js
+++ b/public/static/js/login.js
@@ -10,10 +10,15 @@
 
         MapGuesser.httpRequest('POST', form.action, function () {
             if (this.response.error) {
+                if (this.response.error === 'user_not_found') {
+                    window.location.replace('/signup');
+                    return;
+                }
+
                 var errorText;
                 switch (this.response.error) {
-                    case 'user_not_found':
-                        errorText = 'No user found with the given email address. You can <a href="/signup" title="Sign up">sign up here</a>!';
+                    case 'password_too_short':
+                        errorText = 'The given password is too short. Please choose a password that is at least 6 characters long!'
                         break;
                     case 'user_not_active':
                         errorText = 'User found with the given email address, but the account is not activated. Please check your email and click on the activation link!';
diff --git a/public/static/js/profile.js b/public/static/js/profile.js
index aff3137..0c2a2d3 100644
--- a/public/static/js/profile.js
+++ b/public/static/js/profile.js
@@ -25,7 +25,7 @@
                     case 'password_not_match':
                         errorText = 'The given current password is wrong.'
                         break;
-                    case 'passwords_too_short':
+                    case 'password_too_short':
                         errorText = 'The given new password is too short. Please choose a password that is at least 6 characters long!'
                         break;
                     case 'passwords_not_match':
diff --git a/public/static/js/signup.js b/public/static/js/signup.js
index d4674f2..339713f 100644
--- a/public/static/js/signup.js
+++ b/public/static/js/signup.js
@@ -9,15 +9,13 @@
         var formData = new FormData(form);
 
         MapGuesser.httpRequest('POST', form.action, function () {
-            document.getElementById('loading').style.visibility = 'hidden';
-
             if (this.response.error) {
                 var errorText;
                 switch (this.response.error) {
                     case 'email_not_valid':
                         errorText = 'The given email address is not valid.'
                         break;
-                    case 'passwords_too_short':
+                    case 'password_too_short':
                         errorText = 'The given password is too short. Please choose a password that is at least 6 characters long!'
                         break;
                     case 'passwords_not_match':
@@ -31,6 +29,8 @@
                         break;
                 }
 
+                document.getElementById('loading').style.visibility = 'hidden';
+
                 var signupFormError = document.getElementById('signupFormError');
                 signupFormError.style.display = 'block';
                 signupFormError.innerHTML = errorText;
@@ -38,10 +38,7 @@
                 return;
             }
 
-            document.getElementById('signupFormError').style.display = 'none';
-            form.reset();
-
-            MapGuesser.showModalWithContent('Sign up successful', 'Sign up was successful. Please check your email and click on the activation link to activate your account!');
+            window.location.replace('/signup/success');
         }, formData);
     };
 })();
diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php
index be27d43..5be2e92 100644
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@@ -61,10 +61,23 @@ class LoginController
             return new Redirect(\Container::$routeCollection->getRoute('index')->generateLink(), IRedirect::TEMPORARY);
         }
 
-        $data = [];
+        if ($this->request->session()->has('tmp_user_data')) {
+            $tmpUserData = $this->request->session()->get('tmp_user_data');
+
+            $data = ['email' => $tmpUserData['email']];
+        } else {
+            $data = [];
+        }
+
         return new HtmlContent('login/signup', $data);
     }
 
+    public function getSignupSuccess()
+    {
+        $data = [];
+        return new HtmlContent('login/signup_success', $data);
+    }
+
     public function getSignupWithGoogleForm()
     {
         if ($this->request->user() !== null) {
@@ -93,6 +106,16 @@ class LoginController
         $user = $this->userRepository->getByEmail($this->request->post('email'));
 
         if ($user === null) {
+            if (strlen($this->request->post('password')) < 6) {
+                $data = ['error' => 'password_too_short'];
+                return new JsonContent($data);
+            }
+
+            $tmpUser = new User();
+            $tmpUser->setPlainPassword($this->request->post('password'));
+
+            $this->request->session()->set('tmp_user_data', ['email' => $this->request->post('email'), 'password_hashed' => $tmpUser->getPassword()]);
+
             $data = ['error' => 'user_not_found'];
             return new JsonContent($data);
         }
@@ -183,14 +206,27 @@ class LoginController
             return new JsonContent($data);
         }
 
-        if (strlen($this->request->post('password')) < 6) {
-            $data = ['error' => 'passwords_too_short'];
-            return new JsonContent($data);
-        }
 
-        if ($this->request->post('password') !== $this->request->post('password_confirm')) {
-            $data = ['error' => 'passwords_not_match'];
-            return new JsonContent($data);
+        if ($this->request->session()->has('tmp_user_data')) {
+            $tmpUserData = $this->request->session()->get('tmp_user_data');
+
+            $tmpUser = new User();
+            $tmpUser->setPassword($tmpUserData['password_hashed']);
+
+            if (!$tmpUser->checkPassword($this->request->post('password'))) {
+                $data = ['error' => 'passwords_not_match'];
+                return new JsonContent($data);
+            }
+        } else {
+            if (strlen($this->request->post('password')) < 6) {
+                $data = ['error' => 'password_too_short'];
+                return new JsonContent($data);
+            }
+
+            if ($this->request->post('password') !== $this->request->post('password_confirm')) {
+                $data = ['error' => 'passwords_not_match'];
+                return new JsonContent($data);
+            }
         }
 
         $user = new User();
@@ -213,6 +249,8 @@ class LoginController
 
         $this->sendConfirmationEmail($user->getEmail(), $token);
 
+        $this->request->session()->delete('tmp_user_data');
+
         $data = ['success' => true];
         return new JsonContent($data);
     }
diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index 778217a..14ed237 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -52,7 +52,7 @@ class UserController implements ISecured
 
         if (strlen($this->request->post('password_new')) > 0) {
             if (strlen($this->request->post('password_new')) < 6) {
-                $data = ['error' => 'passwords_too_short'];
+                $data = ['error' => 'password_too_short'];
                 return new JsonContent($data);
             }
 
diff --git a/views/login/signup.php b/views/login/signup.php
index 0dc8fcb..89dcba5 100644
--- a/views/login/signup.php
+++ b/views/login/signup.php
@@ -9,9 +9,15 @@ $jsFiles = [
     <h2>Sign up</h2>
     <div class="box">
         <form id="signupForm" action="/signup" method="post">
-            <input class="big fullWidth" type="email" name="email" placeholder="Email address" required autofocus>
-            <input class="big fullWidth marginTop" type="password" name="password" placeholder="Password" required minlength="6">
-            <input class="big fullWidth marginTop" type="password" name="password_confirm" placeholder="Password confirmation" required minlength="6">
+            <?php if (isset($email)): ?>
+                <p class="justify">No user found with the given email address. Sign up with one click!</p>
+                <input class="big fullWidth marginTop" type="email" name="email" placeholder="Email address" value="<?= $email ?>" required>
+                <input class="big fullWidth marginTop" type="password" name="password" placeholder="Password confirmation" required minlength="6" autofocus>
+            <?php else: ?>
+                <input class="big fullWidth" type="email" name="email" placeholder="Email address" required autofocus>
+                <input class="big fullWidth marginTop" type="password" name="password" placeholder="Password" required minlength="6">
+                <input class="big fullWidth marginTop" type="password" name="password_confirm" placeholder="Password confirmation" required minlength="6">
+            <?php endif; ?>
             <p id="signupFormError" class="formError justify marginTop"></p>
             <div class="right marginTop">
                 <button type="submit">Sign up</button>
diff --git a/views/login/signup_success.php b/views/login/signup_success.php
new file mode 100644
index 0000000..2d7111d
--- /dev/null
+++ b/views/login/signup_success.php
@@ -0,0 +1,9 @@
+<?php require ROOT . '/views/templates/main_header.php'; ?>
+<?php require ROOT . '/views/templates/header.php'; ?>
+<div class="main">
+    <h2>Sign up</h2>
+    <div class="box">
+        <p class="justify">Sign up was successful. Please check your email and click on the activation link to activate your account!</p>
+    </div>
+</div>
+<?php require ROOT . '/views/templates/main_footer.php'; ?>
\ No newline at end of file
diff --git a/web.php b/web.php
index 044974f..81689f7 100644
--- a/web.php
+++ b/web.php
@@ -21,6 +21,7 @@ Container::$routeCollection->get('signup', 'signup', [MapGuesser\Controller\Logi
 Container::$routeCollection->post('signup-action', 'signup', [MapGuesser\Controller\LoginController::class, 'signup']);
 Container::$routeCollection->get('signup-google', 'signup/google', [MapGuesser\Controller\LoginController::class, 'getSignupWithGoogleForm']);
 Container::$routeCollection->post('signup-google-action', 'signup/google', [MapGuesser\Controller\LoginController::class, 'signupWithGoogle']);
+Container::$routeCollection->get('signup.success', 'signup/success', [MapGuesser\Controller\LoginController::class, 'getSignupSuccess']);
 Container::$routeCollection->get('signup.activate', 'signup/activate/{token}', [MapGuesser\Controller\LoginController::class, 'activate']);
 Container::$routeCollection->get('signup.cancel', 'signup/cancel/{token}', [MapGuesser\Controller\LoginController::class, 'cancel']);
 Container::$routeCollection->get('logout', 'logout', [MapGuesser\Controller\LoginController::class, 'logout']);