diff --git a/server/router/selfregisterroute/controller.go b/server/router/selfregisterroute/controller.go index 5a2631f..9edaa7c 100644 --- a/server/router/selfregisterroute/controller.go +++ b/server/router/selfregisterroute/controller.go @@ -49,44 +49,20 @@ func (c *controller) handle(ctx echo.Context) error { return routeutils.HandleAPIError(ctx, err) } - if user.PhoneNumber == nil || len(*user.PhoneNumber) == 0 { - return routeutils.ResponseAPIValidationError(ctx, "phonenumber is required") - } - - if user.Email == nil || len(*user.Email) == 0 { - return routeutils.ResponseAPIValidationError(ctx, "email is required") - } - - if len(user.Pass) == 0 { - return routeutils.ResponseAPIValidationError(ctx, "password is required") - } - pass, err := b64.StdEncoding.DecodeString(user.Pass) if err != nil { return routeutils.ResponseAPIValidationError(ctx, "Invalid password") } user.Pass = string(pass) - if passwordValidationErrors := validation.ValidatePassword(&user); len(passwordValidationErrors) > 0 { - return routeutils.ResponseAPICustomValidationError(ctx, "Password not strong enough", passwordValidationErrors) - } - - if len(user.Name) == 0 && len(user.First) == 0 && len(user.Last) == 0 { - return routeutils.ResponseAPIValidationError(ctx, "name is required") + if validationErrors := validation.ValidateSelfregistration(&user); len(validationErrors) > 0 { + return routeutils.ResponseAPICustomValidationError(ctx, "Self registration failed", validationErrors) } if len(user.First) != 0 && len(user.Last) != 0 { user.Name = fmt.Sprintf("%s %s", user.First, user.Last) } - if len(user.Provider.InternalID) == 0 || len(user.Provider.InternalID) > 10 { - return routeutils.ResponseAPIValidationError(ctx, "Provider NPI is invalid") - } - - if len(user.Provider.OrganizatioName) == 0 { - return routeutils.ResponseAPIValidationError(ctx, "Provider Organization Name is invalid") - } - provider, err := c.svc.Provider.GetByNPI(user.Provider.InternalID, authUser) if err != nil { fmt.Println("Error to create organization", err) diff --git a/server/validation/selfregister.go b/server/validation/selfregister.go new file mode 100644 index 0000000..b2cf5fa --- /dev/null +++ b/server/validation/selfregister.go @@ -0,0 +1,111 @@ +package validation + +import ( + "fmt" + "strings" + + "bitbucket.org/nemt/nemt-portal-api/application/viewmodel" + "bitbucket.org/nemt/nemt-portal-api/infra/errors" +) + +const ( + minimumPasswordLength = 8 +) + +func validateSelfregistrationPassword(user *viewmodel.User, result *[]errors.ValidationError) { + if len(user.Pass) < minimumPasswordLength { + *result = append(*result, errors.ValidationError{Field: "password", Message: fmt.Sprint("Password must be at least ", minimumPasswordLength, " characters.")}) + } + + if strings.Contains(user.Pass, user.First) { + *result = append(*result, errors.ValidationError{Field: "password", Message: "Password cannot include your First Name."}) + } + + if strings.Contains(user.Pass, user.Last) { + *result = append(*result, errors.ValidationError{Field: "password", Message: "Password cannot include your Last Name."}) + } + + containsUpperCaseLetter := false + containsLowerCaseLetter := false + containsNumber := false + + for _, character := range user.Pass { + containsUpperCaseLetter = containsUpperCaseLetter || characterIsUpperCase(character) + containsLowerCaseLetter = containsLowerCaseLetter || characterIsLowerCase(character) + containsNumber = containsNumber || characterIsNumber(character) + } + + if !containsUpperCaseLetter || !containsLowerCaseLetter || !containsNumber { + *result = append(*result, errors.ValidationError{Field: "password", Message: "Password must contain one of EACH :"}) + *result = append(*result, errors.ValidationError{Field: "password-tab", Message: "an uppercase letter"}) + *result = append(*result, errors.ValidationError{Field: "password-tab", Message: "a lowercase letter"}) + *result = append(*result, errors.ValidationError{Field: "password-tab", Message: "a number"}) + } +} + +func ValidateSelfregistration(user *viewmodel.User) []errors.ValidationError { + var result []errors.ValidationError + + //Provider Organization Name validation + if len(user.Provider.OrganizatioName) < 1 { + result = append(result, errors.ValidationError{Field: "provider.org_name", Message: "Provider Organization Name is required"}) + } + + //Provider NPI validation + if len(user.Provider.InternalID) != 10 || !isNumeric(user.Provider.InternalID) { + result = append(result, errors.ValidationError{Field: "provider.internal_id", Message: "Provider NPI must be 10 digit number"}) + } + + //First name validation + if len(user.First) < 1 { + result = append(result, errors.ValidationError{Field: "first", Message: "First Name is required"}) + } + + if !isAlphabetic(user.First) { + result = append(result, errors.ValidationError{Field: "first", Message: "First Name contains non-alphabetic characters"}) + } + + if len(user.First) > firstNameMaxLength { + result = append(result, errors.ValidationError{Field: "first", Message: "First Name is too long"}) + } + + //Last name validation + if len(user.Last) < 1 { + result = append(result, errors.ValidationError{Field: "last", Message: "Last Name is required"}) + } + + if !isAlphabetic(user.Last) { + result = append(result, errors.ValidationError{Field: "last", Message: "Last Name contains non-alphabetic characters"}) + } + + if len(user.Last) > lastNameMaxLength { + result = append(result, errors.ValidationError{Field: "last", Message: "Last Name is too long"}) + } + + //Email validation + if user.Email != nil { + if len(*user.Email) < 1 { + result = append(result, errors.ValidationError{Field: "email", Message: "Email is required"}) + } + + if !isEmailValid(*user.Email) { + result = append(result, errors.ValidationError{Field: "email", Message: "Email is invalid"}) + } + + if len(*user.Email) > emailMaxLength { + result = append(result, errors.ValidationError{Field: "email", Message: "Email is too long"}) + } + } else { + result = append(result, errors.ValidationError{Field: "email", Message: "Email is required"}) + } + + //Mobile validation + if (user.PhoneNumber == nil) || len(*user.PhoneNumber) < 1 { + result = append(result, errors.ValidationError{Field: "phonenumber", Message: "Phone number is required"}) + } + + //Password validation + validateSelfregistrationPassword(user, &result) + + return result +}