From b3f0d2d6797a2f0acb2435406dd389611a489f1f Mon Sep 17 00:00:00 2001 From: Paolo Date: Mon, 16 Dec 2024 14:36:33 +0100 Subject: [PATCH] - Added new library php-iban via composer - Added 3 phrases - Checks IBAN via php-iban lib - Generic check of the BIC - Loads and saves the last inserted bank account into database - If the logged user is an employee the it is disabled to save --- .../controllers/api/frontend/v1/Bank.php | 46 +++++++++++--- composer.json | 3 +- composer.lock | 37 +++++++++++- public/js/components/Cis/BankData.js | 15 +++-- system/phrasesupdate.php | 60 +++++++++++++++++++ 5 files changed, 146 insertions(+), 15 deletions(-) diff --git a/application/controllers/api/frontend/v1/Bank.php b/application/controllers/api/frontend/v1/Bank.php index f177e318a..e2e5790cc 100644 --- a/application/controllers/api/frontend/v1/Bank.php +++ b/application/controllers/api/frontend/v1/Bank.php @@ -13,7 +13,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ if (! defined('BASEPATH')) exit('No direct script access allowed'); @@ -38,6 +38,9 @@ class Bank extends FHCAPI_Controller 'postBankData' => self::PERM_LOGGED )); + // Load language phrases + $this->loadPhrases(array('person')); + // Loads model Bankverbindung_model $this->load->model('person/Bankverbindung_model', 'BankverbindungModel'); } @@ -67,7 +70,7 @@ class Bank extends FHCAPI_Controller FROM public.tbl_bankverbindung bv WHERE bv.person_id = ? - ORDER BY update_date DESC, bv.insertamum DESC + ORDER BY bv.insertamum DESC, update_date DESC LIMIT 1', array($loggedPersonId) ); @@ -84,11 +87,19 @@ class Bank extends FHCAPI_Controller */ public function postBankData() { - // Person id of the logged user + // UID and Person id of the logged user + $loggedUID = getAuthUID(); $loggedPersonId = getAuthPersonId(); // If null then not authenticated then terminate - if ($loggedPersonId == null) $this->terminateWithError('Not logged user/User without an associated person', self::ERROR_TYPE_AUTH); + if ($loggedUID == null) $this->terminateWithError('Not logged user/User without UID', self::ERROR_TYPE_AUTH); + if ($loggedPersonId == null) $this->terminateWithError('Not logged user/User without Person Id', self::ERROR_TYPE_AUTH); + + // Loads model Mitarbeiter_model + $this->load->model('ressource/Mitarbeiter_model', 'MitarbeiterModel'); + + // Checks if the logged user is an amployee, in case stop the execution + if ($this->MitarbeiterModel->isMitarbeiter($loggedUID)) $this->terminateWithValidationErrors(array('' => $this->p->t('person', 'notForEmployees'))); // Loads the CI validation library $this->load->library('form_validation'); @@ -99,7 +110,15 @@ class Bank extends FHCAPI_Controller $this->form_validation->set_rules(self::IBAN_PARAM, null, array('required', 'alpha_numeric_spaces')); // Run the validation and checks the result - if (!$this->form_validation->run()) $this->terminateWithError('The required data are not valid or missing', self::ERROR_TYPE_VALIDATION); + if (!$this->form_validation->run()) $this->terminateWithValidationErrors($this->form_validation->error_array()); + + // Checks if the provided BIC is fine + $bic = preg_replace("/[^A-Za-z0-9 ]/", '', $this->input->post(self::BIC_PARAM)); + if (!$this->_checkBic($bic)) $this->terminateWithValidationErrors(array('bic' => $this->p->t('person', 'notValidaBIC'))); + + // Checks if the provided IBAN is fine using the php-iban library + $iban = preg_replace("/[^A-Za-z0-9 ]/", '', $this->input->post(self::IBAN_PARAM)); + if (!verify_iban($iban)) $this->terminateWithValidationErrors(array('iban' => $this->p->t('person', 'notValidaIBAN'))); // Check if there is at least a record in the bank data table $bankDataResult = $this->BankverbindungModel->execReadOnlyQuery( @@ -110,7 +129,7 @@ class Bank extends FHCAPI_Controller FROM public.tbl_bankverbindung bv WHERE bv.person_id = ? - ORDER BY update_date DESC, bv.insertamum DESC + ORDER BY bv.insertamum DESC, update_date DESC LIMIT 1', array($loggedPersonId) ); @@ -128,10 +147,11 @@ class Bank extends FHCAPI_Controller getData($bankDataResult)[0]->bankverbindung_id, array( 'name' => $this->input->post(self::BANK_NAME_PARAM), - 'bic' => $this->input->post(self::BIC_PARAM), - 'iban' => $this->input->post(self::IBAN_PARAM), + 'bic' => $bic, + 'iban' => $iban, 'updateamum' => 'NOW()', 'verrechnung' => true, + 'updatevon' => $loggedUID, 'typ' => 'p' ) ); @@ -147,6 +167,7 @@ class Bank extends FHCAPI_Controller 'iban' => $this->input->post(self::IBAN_PARAM), 'insertamum' => 'NOW()', 'verrechnung' => true, + 'insertvon' => $loggedUID, 'typ' => 'p' ) ); @@ -158,5 +179,14 @@ class Bank extends FHCAPI_Controller // If everything was fine then return a success $this->terminateWithSuccess('Database updated'); } + + /** + * Generic BIC check + */ + private function _checkBic($bic) + { + // Check if the provided BIC is fine + return preg_match("^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$^", $bic) == 1; + } } diff --git a/composer.json b/composer.json index 216d315d9..dd0ca8c5f 100644 --- a/composer.json +++ b/composer.json @@ -443,7 +443,8 @@ "vuejs/vuejs3": "3.3.8", "vuejs/vuerouter4": "4.1.3", "vuejs/vuedatepicker_js": "7.2.0", - "vuejs/vuedatepicker_css": "7.2.0" + "vuejs/vuedatepicker_css": "7.2.0", + "globalcitizen/php-iban": "^4.2" }, "config": { "bin-dir": "vendor/bin" diff --git a/composer.lock b/composer.lock index 27132ecff..4b82bfa97 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "01ea35652d88680f8262c5365828eb46", + "content-hash": "c8657e3fd4c04892bc4e86cd11c8cc51", "packages": [ { "name": "afarkas/html5shiv", @@ -955,6 +955,41 @@ "abandoned": true, "time": "2020-12-11T09:56:16+00:00" }, + { + "name": "globalcitizen/php-iban", + "version": "v4.2.3", + "source": { + "type": "git", + "url": "https://github.com/globalcitizen/php-iban.git", + "reference": "d8d2b7c60ba01286fc625763618760aa3b684c00" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/globalcitizen/php-iban/zipball/d8d2b7c60ba01286fc625763618760aa3b684c00", + "reference": "d8d2b7c60ba01286fc625763618760aa3b684c00", + "shasum": "" + }, + "require": { + "php": "^5.4 || ^5.5 || ^5.6 || ^7.0 || ^7.4 || ^8.0 || ^8.1" + }, + "type": "library", + "autoload": { + "files": [ + "oophp-iban.php", + "php-iban.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-3.0-only" + ], + "description": "php-iban is a library for parsing and validating IBAN (and IIBAN) bank account information.", + "support": { + "issues": "https://github.com/globalcitizen/php-iban/issues", + "source": "https://github.com/globalcitizen/php-iban/tree/v4.2.3" + }, + "time": "2024-03-25T00:37:02+00:00" + }, { "name": "joeldbirch/superfish", "version": "1.7.9", diff --git a/public/js/components/Cis/BankData.js b/public/js/components/Cis/BankData.js index 4d8c90198..4f5142d9a 100644 --- a/public/js/components/Cis/BankData.js +++ b/public/js/components/Cis/BankData.js @@ -34,6 +34,7 @@ export default { }, methods: { save() { + this.$refs.form.clearValidation(); this.$refs.form.factory.bankData.postBankData(this.bankName, this.bic, this.iban) .then(result => { this.$emit('saved', result.data); @@ -63,36 +64,40 @@ export default {
+
+
+
-
- +
+
` diff --git a/system/phrasesupdate.php b/system/phrasesupdate.php index 27b8306f0..117a596ca 100644 --- a/system/phrasesupdate.php +++ b/system/phrasesupdate.php @@ -37217,6 +37217,66 @@ array( 'insertvon' => 'system' ) ) + ), + array( + 'app' => 'core', + 'category' => 'person', + 'phrase' => 'notForEmployees', + 'insertvon' => 'system', + 'phrases' => array( + array( + 'sprache' => 'German', + 'text' => 'This functionality is not enabled for employees DE', + 'description' => '', + 'insertvon' => 'system' + ), + array( + 'sprache' => 'English', + 'text' => 'This functionality is not enabled for employees', + 'description' => '', + 'insertvon' => 'system' + ) + ) + ), + array( + 'app' => 'core', + 'category' => 'person', + 'phrase' => 'notValidaIBAN', + 'insertvon' => 'system', + 'phrases' => array( + array( + 'sprache' => 'German', + 'text' => 'The IBAN is not valid DE', + 'description' => '', + 'insertvon' => 'system' + ), + array( + 'sprache' => 'English', + 'text' => 'The IBAN is not valid', + 'description' => '', + 'insertvon' => 'system' + ) + ) + ), + array( + 'app' => 'core', + 'category' => 'person', + 'phrase' => 'notValidaBIC', + 'insertvon' => 'system', + 'phrases' => array( + array( + 'sprache' => 'German', + 'text' => 'The BIC is not valid DE', + 'description' => '', + 'insertvon' => 'system' + ), + array( + 'sprache' => 'English', + 'text' => 'The BIC is not valid', + 'description' => '', + 'insertvon' => 'system' + ) + ) ) );