From f8b9503960b26e50ac10ffc3facca9f4469fcd58 Mon Sep 17 00:00:00 2001
From: Robbie Antenesse <dev@alamantus.com>
Date: Thu, 23 May 2019 16:06:16 -0600
Subject: [PATCH] Validate token if one exists; Save account data

---
 src/js/account/index.js |  6 ++----
 src/js/account/login.js | 24 ++++++++++++++++++++----
 src/php/api/User.php    | 10 ++++++++++
 src/php/api/index.php   | 20 ++++++++++++++++++++
 4 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/src/js/account/index.js b/src/js/account/index.js
index d27c4e0..94e9dc4 100644
--- a/src/js/account/index.js
+++ b/src/js/account/index.js
@@ -1,9 +1,8 @@
 import '../../scss/Account/main.scss';
 
 import { renderLoginForm } from "./render";
-import { triggerLoginChanges } from './login';
+import { validateToken } from './login';
 import {
-  syncDictionary,
   uploadWords,
   uploadDetails,
   uploadWholeDictionary,
@@ -17,8 +16,7 @@ export function showLoginForm() {
 }
 
 export function loginWithToken() {
-  triggerLoginChanges();
-  syncDictionary();
+  validateToken();
 }
 
 export function syncImportedDictionary() {
diff --git a/src/js/account/login.js b/src/js/account/login.js
index fc984f1..dfd03ad 100644
--- a/src/js/account/login.js
+++ b/src/js/account/login.js
@@ -3,7 +3,8 @@ import { saveToken } from "./utilities";
 import { addMessage } from "../utilities";
 import { setupLogoutButton } from "./setupListeners";
 import { renderAccountSettings } from "./render";
-import { uploadWholeDictionary } from "./sync";
+import { uploadWholeDictionary, syncDictionary } from "./sync";
+import { setCookie } from "../StackOverflow/cookie";
 
 export function logIn() {
   const email = document.getElementById('loginEmail').value.trim(),
@@ -26,8 +27,8 @@ export function logIn() {
       email,
       password,
     }, successData => {
-      console.log(successData);
       saveToken(successData.token);
+      window.account = successData.user;
     }, errorData => {
       errorHTML += errorData;
     }).then(() => {
@@ -36,7 +37,7 @@ export function logIn() {
         const loginModal = document.getElementById('loginModal');
         loginModal.parentElement.removeChild(loginModal);
         triggerLoginChanges();
-        addMessage(`Welcome! You are logged in.`);
+        addMessage(`Welcome${window.account.publicName !== '' ? ', ' + window.account.publicName : ''}! You are logged in.`);
       }
     }).catch(err => console.error(err));
   }
@@ -88,6 +89,7 @@ export function createAccount() {
           },
         }, responseData => {
           saveToken(responseData.token);
+          window.account = responseData.user;
           if (responseData.hasOwnProperty('dictionary')) {
             uploadWholeDictionary(); // Saves external id
           }
@@ -111,8 +113,22 @@ export function createAccount() {
   }
 }
 
+export function validateToken() {
+  request({
+    action: 'validate-token',
+  }, userData => {
+    window.account = userData;
+    triggerLoginChanges();
+    addMessage(`Welcome${window.account.publicName !== '' ? ', ' + window.account.publicName : ''}! You are logged in.`, 10000);
+    syncDictionary();
+  }, error => {
+    addMessage(error + '. Logging Out.', undefined, 'error');
+    setCookie('token', '', -1);
+  });
+}
+
 export function triggerLoginChanges() {
-  const loginButton = document.getElementById('loginCreateAccountButton')
+  const loginButton = document.getElementById('loginCreateAccountButton');
   const logoutButton = document.createElement('a');
   logoutButton.classList.add('button');
   logoutButton.id = 'logoutButton';
diff --git a/src/php/api/User.php b/src/php/api/User.php
index 9d1122b..9e9362f 100644
--- a/src/php/api/User.php
+++ b/src/php/api/User.php
@@ -73,6 +73,16 @@ VALUES (?, ?, ?, ?, ?)';
     );
   }
 
+  public function validateToken ($token) {
+    $token_data = $this->token->decode($token);
+    if ($token_data !== false) {
+      if (isset($token_data->id)) {
+        return $this->getUserData($token_data->id);
+      }
+    }
+    return false;
+  }
+
   public function setUserData ($token, $user_data) {
     $token_data = $this->token->decode($token);
     if ($token_data !== false) {
diff --git a/src/php/api/index.php b/src/php/api/index.php
index 7619659..a5fbda6 100644
--- a/src/php/api/index.php
+++ b/src/php/api/index.php
@@ -18,6 +18,26 @@ $action = isset($request['action']) ? $request['action'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : false;
 
 switch ($action) {
+  case 'validate-token': {
+    if ($token !== false) {
+      $user = new User();
+      $user_data = $user->validateToken($token);
+      if ($user_data !== false) {
+        return Response::json(array(
+          'data' => $user_data,
+          'error' => false,
+        ), 200);
+      }
+      return Response::json(array(
+        'data' => 'Could not validate token: incorrect data',
+        'error' => true,
+      ), 401);
+    }
+    return Response::json(array(
+      'data' => 'Could not validate token: required information missing',
+      'error' => true,
+    ), 400);
+  }
   case 'login': {
     if (isset($request['email']) && isset($request['password'])) {
       $user = new User();