From 80b9827a0576ef36ff08f8b9c6e3ef647c965781 Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Fri, 11 May 2018 15:41:23 +0200
Subject: More chat encryption...

---
 .../admin/src/Controller/UserController.php        | 57 +++++++++++++++++++---
 1 file changed, 49 insertions(+), 8 deletions(-)

(limited to 'main/app/sprinkles/admin/src/Controller')

diff --git a/main/app/sprinkles/admin/src/Controller/UserController.php b/main/app/sprinkles/admin/src/Controller/UserController.php
index 30a8d30..be98f02 100644
--- a/main/app/sprinkles/admin/src/Controller/UserController.php
+++ b/main/app/sprinkles/admin/src/Controller/UserController.php
@@ -237,26 +237,67 @@ class UserController extends SimpleController
      * Request type: POST
      */
     public function setPublicKey($request, $response, $args) {
-        $user = $this->getUserFromParams($args);
+        $requestedUser = $this->getUserFromParams($args);
 
-        if (!$user) {
+        if (!$requestedUser) {
             throw new NotFoundException($request, $response);
         }
 
-        $classMapper = $this->ci->classMapper;
-        $requestedUser = $classMapper->staticMethod('user', 'where', 'user_name', $args['user_name'])
-            ->first();
+        $PublicKey = $request->getParsedBody()["PublicKey"];
 
-        if ($user->id === $requestedUser->id) {
-            $PublicKey = $request->getParsedBody()["PublicKey"];
+        if ($this->ci->currentUser->id === $requestedUser->id && (Capsule::table('public_keys')
+                ->where('UserID', "=", $requestedUser->id)
+                ->exists()) === FALSE) {
+            Capsule::table('public_keys')
+                ->insert(['UserID' => $requestedUser->id, 'Key' => substr(substr($PublicKey, 100), 0,-40)]);
+            return $response->withStatus(200);
+        } else if ($this->ci->currentUser->id === $requestedUser->id) {
             Capsule::table('public_keys')
-                ->insert(['UserID' => $requestedUser->id, 'Key' => $PublicKey]);
+                ->where('UserID', $requestedUser->id)
+                ->update(['Key' => substr(substr($PublicKey, 100), 0,-40)]);
             return $response->withStatus(200);
         } else {
             throw new ForbiddenException();
         }
     }
 
+    /**
+     * Gets the users public key
+     * Request type: GET
+     */
+    public function getPublicKey($request, $response, $args) {
+        $requestedUser = $this->getUserFromParams($args);
+
+        if (!$requestedUser) {
+            throw new NotFoundException($request, $response);
+        }
+
+        if ((Capsule::table('public_keys')
+                ->where('UserID', "=", $requestedUser->id)
+                ->exists()) === TRUE) {
+
+            $RawPublicKey = Capsule::table('public_keys')
+                ->where('UserID', "=", $requestedUser->id)
+                ->value('Key');
+            $PublicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v3.0.9\nComment: https://openpgpjs.org\n\n" . $RawPublicKey . "\n-----END PGP PUBLIC KEY BLOCK-----";
+
+            $ContentType = explode(',', $request->getHeaderLine('Accept'))[0];
+            switch ($ContentType) {
+                case 'application/json':
+                    $response->write(json_encode(array('user_id' => $requestedUser->id, 'PublicKey' => $PublicKey)));
+                    break;
+                case 'text/html':
+                    $response->write("<pre>" . $PublicKey);
+                    break;
+                default:
+                    $response->write($PublicKey);
+            }
+            return $response->withStatus(200);
+        } else {
+            throw new NotFoundException();
+        }
+    }
+
     /**
      * Processes the request to delete an existing user.
      *
-- 
cgit v1.2.3