remove data from request table

Author: simonLeary42

resources/lib/UnityGroup.php

@@ -65,43 +65,28 @@ public function exists(): bool
         return $this->entry->exists();
     }
 
-    public function requestGroup(
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-        bool $send_mail_to_admins,
-        bool $send_mail = true,
-    ): void {
+    public function requestGroup(bool $send_mail_to_admins, bool $send_mail = true): void
+    {
         if ($this->exists()) {
             return;
         }
         if ($this->SQL->accDeletionRequestExists($this->getOwner()->uid)) {
             return;
         }
-        $this->SQL->addRequest($this->getOwner()->uid, $firstname, $lastname, $email, $org);
+        $context = [
+            "user" => $this->getOwner()->uid,
+            "org" => $this->getOwner()->getOrg(),
+            "name" => $this->getOwner()->getFullName(),
+            "email" => $this->getOwner()->getMail(),
+        ];
+        $this->SQL->addRequest($this->getOwner()->uid);
         if ($send_mail) {
-            $this->MAILER->sendMail($email, "group_request");
-            $this->WEBHOOK->sendWebhook("group_request_admin", [
-                "user" => $this->getOwner()->uid,
-                "org" => $org,
-                "name" => "$firstname $lastname",
-                "email" => $email,
-            ]);
+            $this->MAILER->sendMail($this->getOwner()->getMail(), "group_request");
+            $this->WEBHOOK->sendWebhook("group_request_admin", $context);
             if ($send_mail_to_admins) {
-                $this->MAILER->sendMail("admin", "group_request_admin", [
-                    "user" => $this->getOwner()->uid,
-                    "org" => $org,
-                    "name" => "$firstname $lastname",
-                    "email" => $email,
-                ]);
+                $this->MAILER->sendMail("admin", "group_request_admin", $context);
             }
-            $this->MAILER->sendMail("pi_approve", "group_request_admin", [
-                "user" => $this->getOwner()->uid,
-                "org" => $org,
-                "name" => "$firstname $lastname",
-                "email" => $email,
-            ]);
+            $this->MAILER->sendMail("pi_approve", "group_request_admin", $context);
         }
     }
 
@@ -115,15 +100,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
         if ($this->exists()) {
             return;
         }
-        if (!$this->getOwner()->exists()) {
-            $this->getOwner()->init(
-                $request["firstname"],
-                $request["lastname"],
-                $request["email"],
-                $request["org"],
-                $send_mail,
-            );
-        }
+        \ensure(!$this->getOwner()->exists());
         $this->init();
         $this->SQL->removeRequest($this->getOwner()->uid);
         $operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
@@ -134,7 +111,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
             $this->getOwner()->uid,
         );
         if ($send_mail) {
-            $this->MAILER->sendMail($request["email"], "group_created");
+            $this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");
         }
     }
 
@@ -156,7 +133,7 @@ public function denyGroup(?UnityUser $operator = null, bool $send_mail = true):
             $this->getOwner()->uid,
         );
         if ($send_mail) {
-            $this->MAILER->sendMail($request["email"], "group_denied");
+            $this->MAILER->sendMail($this->getOwner()->getMail(), "group_denied");
         }
     }
 
@@ -237,14 +214,7 @@ public function cancelGroupJoinRequest(UnityUser $user, bool $send_mail = true):
     public function approveUser(UnityUser $new_user, bool $send_mail = true): void
     {
         $request = $this->SQL->getRequest($new_user->uid, $this->gid);
-        if (!$new_user->exists()) {
-            $new_user->init(
-                $request["firstname"],
-                $request["lastname"],
-                $request["email"],
-                $request["org"],
-            );
-        }
+        \ensure(!$new_user->exists());
         $this->addUserToGroup($new_user);
         $this->SQL->removeRequest($new_user->uid, $this->gid);
         if ($send_mail) {
@@ -254,9 +224,9 @@ public function approveUser(UnityUser $new_user, bool $send_mail = true): void
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_user_added_owner", [
                 "group" => $this->gid,
                 "user" => $new_user->uid,
-                "name" => $request["firstname"] . " " . $request["lastname"],
-                "email" => $request["email"],
-                "org" => $request["org"],
+                "name" => $new_user->getFullname(),
+                "email" => $new_user->getMail(),
+                "org" => $new_user->getOrg(),
             ]);
         }
     }
@@ -267,7 +237,7 @@ public function denyUser(UnityUser $new_user, bool $send_mail = true): void
         // remove request, this will fail silently if the request doesn't exist
         $this->SQL->removeRequest($new_user->uid, $this->gid);
         if ($send_mail) {
-            $this->MAILER->sendMail($request["email"], "group_user_denied", [
+            $this->MAILER->sendMail($new_user->getMail(), "group_user_denied", [
                 "group" => $this->gid,
             ]);
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_user_denied_owner", [
@@ -304,14 +274,8 @@ public function removeUser(UnityUser $new_user, bool $send_mail = true): void
         }
     }
 
-    public function newUserRequest(
-        UnityUser $new_user,
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-        bool $send_mail = true,
-    ): void {
+    public function newUserRequest(UnityUser $new_user, bool $send_mail = true): void
+    {
         if ($this->memberExists($new_user)) {
             UnityHTTPD::errorLog("warning", "user '$new_user' already in group");
             return;
@@ -324,17 +288,17 @@ public function newUserRequest(
             throw new Exception("user '$new_user' requested account deletion");
             return;
         }
-        $this->addRequest($new_user->uid, $firstname, $lastname, $email, $org);
+        $this->addRequest($new_user->uid);
         if ($send_mail) {
-            $this->MAILER->sendMail($email, "group_user_request", [
+            $this->MAILER->sendMail($new_user->getMail(), "group_user_request", [
                 "group" => $this->gid,
             ]);
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_user_request_owner", [
                 "group" => $this->gid,
                 "user" => $new_user->uid,
-                "name" => "$firstname $lastname",
-                "email" => $email,
-                "org" => $org,
+                "name" => $new_user->getFullname(),
+                "email" => $new_user->getMail(),
+                "org" => $new_user->getOrg(),
             ]);
         }
     }
@@ -352,14 +316,7 @@ public function getRequests(): array
                 $this->REDIS,
                 $this->WEBHOOK,
             );
-            array_push($out, [
-                $user,
-                $request["timestamp"],
-                $request["firstname"],
-                $request["lastname"],
-                $request["email"],
-                $request["org"],
-            ]);
+            array_push($out, [$user, $request["timestamp"]]);
         }
         return $out;
     }
@@ -471,14 +428,9 @@ public function memberExists(UnityUser $user): bool
         return in_array($user->uid, $this->getGroupMemberUIDs());
     }
 
-    private function addRequest(
-        string $uid,
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-    ): void {
-        $this->SQL->addRequest($uid, $firstname, $lastname, $email, $org, $this->gid);
+    private function addRequest(string $uid): void
+    {
+        $this->SQL->addRequest($uid, $this->gid);
     }
 
     public function getOwner(): UnityUser

resources/lib/UnitySQL.php

@@ -34,32 +34,17 @@ public function getConn(): PDO
     //
     // requests table methods
     //
-    public function addRequest(
-        string $requestor,
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-        string $dest = self::REQUEST_BECOME_PI,
-    ): void {
+    public function addRequest(string $requestor, string $dest = self::REQUEST_BECOME_PI): void
+    {
         if ($this->requestExists($requestor, $dest)) {
             return;
         }
 
         $stmt = $this->conn->prepare(
-            "INSERT INTO " .
-                self::TABLE_REQS .
-                " " .
-                "(uid, firstname, lastname, email, org, request_for) VALUES " .
-                "(:uid, :firstname, :lastname, :email, :org, :request_for)",
+            "INSERT INTO " . self::TABLE_REQS . " (uid, request_for) VALUES (:uid, :request_for)",
         );
         $stmt->bindParam(":uid", $requestor);
         $stmt->bindParam(":request_for", $dest);
-        $stmt->bindParam(":firstname", $firstname);
-        $stmt->bindParam(":lastname", $lastname);
-        $stmt->bindParam(":email", $email);
-        $stmt->bindParam(":org", $org);
-
         $stmt->execute();
     }
 

tools/docker-dev/sql/bootstrap.sql

@@ -124,10 +124,6 @@ CREATE TABLE `requests` (
   `id` int(11) NOT NULL,
   `request_for` varchar(131) NOT NULL,
   `uid` varchar(128) NOT NULL,
-  `firstname` varchar(768) NOT NULL,
-  `lastname` varchar(768) NOT NULL,
-  `email` varchar(768) NOT NULL,
-  `org` varchar(768) NOT NULL,
   `timestamp` timestamp NOT NULL DEFAULT current_timestamp()
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 

webroot/admin/ajax/get_group_members.php

@@ -54,23 +54,24 @@
     $i++;
 }
 
-foreach ($requests as $i => [$user, $timestamp, $firstname, $lastname, $email, $org]) {
+foreach ($requests as $i => [$user, $timestamp]) {
     if ($i >= $count - 1) {
         echo "<tr class='expanded $i last'>";
     } else {
         echo "<tr class='expanded $i'>";
     }
-    $uid = $user->uid;
-    echo "<td>" . $firstname . " " . $lastname . "</td>";
-    echo "<td>" . $uid . "</td>";
-    echo "<td><a href='mailto:" . $email . "'>" . $email . "</a></td>";
+    $name = $user->getFullName();
+    $email = $user->getMail();
+    echo "<td>$name</td>";
+    echo "<td>$user->uid</td>";
+    echo "<td><a href='mailto:$email'>$email</a></td>";
     echo "<td>";
     echo
         "<form action='' method='POST'
-    onsubmit='return confirm(\"Are you sure you want to approve " . $uid . "?\");'>
+    onsubmit='return confirm(\"Are you sure you want to approve $user->uid ?\");'>
     <input type='hidden' name='form_type' value='reqChild'>
-    <input type='hidden' name='uid' value='" . $uid . "'>
-    <input type='hidden' name='pi' value='" . $group->gid . "'>
+    <input type='hidden' name='uid' value='$user->uid'>
+    <input type='hidden' name='pi' value='$group->gid'>
     <input type='submit' name='action' value='Approve'>
     <input type='submit' name='action' value='Deny'></form>";
     echo "</td>";

webroot/admin/pi-mgmt.php

@@ -65,20 +65,24 @@
     $requests = $SQL->getRequests();
 
     foreach ($requests as $request) {
+        $uid = $request["uid"];
+        $request_user = new UnityUser($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+        $name = $request_user->getFullname();
+        $email = $request_user->getMail();
         echo "<tr>";
-        echo "<td>" . $request["firstname"] . " " . $request["lastname"] . "</td>";
-        echo "<td>" . $request["uid"] . "</td>";
-        echo "<td><a href='mailto:" . $request["email"] . "'>" . $request["email"] . "</a></td>";
+        echo "<td>$name</td>";
+        echo "<td>$uid</td>";
+        echo "<td><a href='mailto:$email'>$email</a></td>";
         echo "<td>" . date("jS F, Y", strtotime($request['timestamp'])) . "</td>";
         echo "<td>";
         echo
             "<form action='' method='POST'>
         <input type='hidden' name='form_type' value='req'>
-        <input type='hidden' name='uid' value='" . $request["uid"] . "'>
+        <input type='hidden' name='uid' value='$uid'>
         <input type='submit' name='action' value='Approve'
-        onclick='return confirm(\"Are you sure you want to approve " . $request["uid"] . "?\");'>
+        onclick='return confirm(\"Are you sure you want to approve $uid?\");'>
         <input type='submit' name='action' value='Deny'
-        onclick='return confirm(\"Are you sure you want to deny " . $request["uid"] . "?\");'>
+        onclick='return confirm(\"Are you sure you want to deny $uid?\");'>
         </form>";
         echo "</td>";
         echo "</tr>";

webroot/panel/account.php

@@ -79,13 +79,7 @@
                     "USER='{$USER->uid}' SSO[user]='{$SSO["user"]}'"
                 );
             }
-            $USER->getPIGroup()->requestGroup(
-                $SSO["firstname"],
-                $SSO["lastname"],
-                $SSO["mail"],
-                $SSO["org"],
-                $SEND_PIMESG_TO_ADMINS
-            );
+            $USER->getPIGroup()->requestGroup($SEND_PIMESG_TO_ADMINS);
             break;
         case "cancel_pi_request":
             $USER->getPIGroup()->cancelGroupRequest();

webroot/panel/groups.php

@@ -37,21 +37,8 @@
                         array_push($modalErrors, "You're already in this PI group");
                     }
                 }
-                if ($USER->uid != $SSO["user"]) {
-                    $sso_user = $SSO["user"];
-                    UnityHTTPD::badRequest(
-                        "cannot request due to uid mismatch: " .
-                        "USER='{$USER->uid}' SSO[user]='$sso_user'"
-                    );
-                }
                 if (empty($modalErrors)) {
-                    $pi_account->newUserRequest(
-                        $USER,
-                        $SSO["firstname"],
-                        $SSO["lastname"],
-                        $SSO["mail"],
-                        $SSO["org"]
-                    );
+                    $pi_account->newUserRequest($USER);
                 }
                 break;
             case "removePIForm":

webroot/panel/new_account.php

@@ -18,12 +18,6 @@
         if (!isset($_POST["eula"]) || $_POST["eula"] != "agree") {
             UnityHTTPD::badRequest("user did not agree to EULA");
         }
-        if ($USER->uid != $SSO["user"]) {
-            $sso_user = $SSO["user"];
-            UnityHTTPD::badRequest(
-                "cannot request due to uid mismatch: USER='{$USER->uid}' SSO[user]='$sso_user'"
-            );
-        }
         if ($_POST["new_user_sel"] == "not_pi") {
             $pi_groupname = $_POST["pi"];
             if (substr($pi_groupname, 0, 3) !== "pi_" && str_contains($pi_groupname, "@")) {
@@ -36,25 +30,13 @@
             if (!$form_group->exists()) {
                 UnityHTTPD::badRequest("The selected PI '" . $pi_groupname . "'does not exist");
             }
-            $form_group->newUserRequest(
-                $USER,
-                $SSO["firstname"],
-                $SSO["lastname"],
-                $SSO["mail"],
-                $SSO["org"]
-            );
+            $form_group->newUserRequest($USER);
         }
         if ($_POST["new_user_sel"] == "pi") {
             if (!isset($_POST["confirm_pi"]) || $_POST["confirm_pi"] != "agree") {
                 UnityHTTPD::badRequest("user did not agree to account policy");
             }
-            $USER->getPIGroup()->requestGroup(
-                $SSO["firstname"],
-                $SSO["lastname"],
-                $SSO["mail"],
-                $SSO["org"],
-                $SEND_PIMESG_TO_ADMINS
-            );
+            $USER->getPIGroup()->requestGroup($SEND_PIMESG_TO_ADMINS);
         }
     } elseif (isset($_POST["cancel"])) {
         foreach ($pending_requests as $request) {