payfrit/payfrit-biz
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2026-03-21. You can view files and clone it, but cannot push or open issues or pull requests.
payfrit-biz/api/auth/sendOTP.cfm
John Mizerek bc88f28e60 Fix UserID column references in auth endpoints after schema normalization 
Users table primary key was renamed from UserID to ID but these
endpoints still referenced the old column name, causing server_error
on login/signup OTP flow.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 17:15:46 -08:00

163 lines
5.1 KiB
Text
Raw Blame History

<cfsetting showdebugoutput="false">
<cfsetting enablecfoutputonly="true">
<cfcontent type="application/json; charset=utf-8" reset="true">
<cfheader name="Cache-Control" value="no-store">
<cfscript>
/**
* Send OTP to phone number for signup
*
* POST: { "phone": "5551234567" }
*
* Returns: { OK: true, UUID: "..." } or { OK: false, ERROR: "..." }
*
* If phone already has verified account, returns error.
* If phone has unverified account, resends OTP.
* Otherwise creates new user record with OTP.
*/
function apiAbort(required struct payload) {
writeOutput(serializeJSON(payload));
abort;
}
function readJsonBody() {
var raw = getHttpRequestData().content;
if (isNull(raw)) raw = "";
if (!len(trim(raw))) return {};
try {
var data = deserializeJSON(raw);
if (isStruct(data)) return data;
} catch (any e) {}
return {};
}
function normalizePhone(required string p) {
var x = trim(arguments.p);
x = reReplace(x, "[^0-9]", "", "all");
// Remove leading 1 if 11 digits
if (len(x) == 11 && left(x, 1) == "1") {
x = right(x, 10);
}
return x;
}
function generateOTP() {
return randRange(100000, 999999);
}
try {
data = readJsonBody();
phone = structKeyExists(data, "phone") ? normalizePhone(data.phone) : "";
if (len(phone) != 10) {
apiAbort({ "OK": false, "ERROR": "invalid_phone", "MESSAGE": "Please enter a valid 10-digit phone number" });
}
// Check if phone already has a COMPLETE account (verified AND has profile info)
// An account is only "complete" if they have a first name (meaning they finished signup)
qExisting = queryExecute("
SELECT ID, UUID, FirstName
FROM Users
WHERE ContactNumber = :phone
AND IsContactVerified > 0
AND FirstName IS NOT NULL
AND LENGTH(TRIM(FirstName)) > 0
LIMIT 1
", { phone: { value: phone, cfsqltype: "cf_sql_varchar" } }, { datasource: "payfrit" });
if (qExisting.recordCount > 0) {
apiAbort({ "OK": false, "ERROR": "phone_exists", "MESSAGE": "This phone number already has an account. Please login instead." });
}
// Check for incomplete account with this phone (verified but no profile, OR unverified)
// These accounts can be reused for signup
qIncomplete = queryExecute("
SELECT ID, UUID
FROM Users
WHERE ContactNumber = :phone
AND (IsContactVerified = 0 OR FirstName IS NULL OR LENGTH(TRIM(FirstName)) = 0)
LIMIT 1
", { phone: { value: phone, cfsqltype: "cf_sql_varchar" } }, { datasource: "payfrit" });
otp = generateOTP();
userUUID = "";
if (qIncomplete.recordCount > 0) {
// Update existing incomplete record with new OTP and reset for re-registration
userUUID = qIncomplete.UUID;
queryExecute("
UPDATE Users
SET MobileVerifyCode = :otp,
IsContactVerified = 0,
IsActive = 0
WHERE ID = :userId
", {
otp: { value: otp, cfsqltype: "cf_sql_varchar" },
userId: { value: qIncomplete.ID, cfsqltype: "cf_sql_integer" }
}, { datasource: "payfrit" });
} else {
// Create new user record
userUUID = replace(createUUID(), "-", "", "all");
queryExecute("
INSERT INTO Users (
ContactNumber,
UUID,
MobileVerifyCode,
IsContactVerified,
IsEmailVerified,
IsActive,
AddedOn,
Password,
PromoCode
) VALUES (
:phone,
:uuid,
:otp,
0,
0,
0,
:addedOn,
'',
:promoCode
)
", {
phone: { value: phone, cfsqltype: "cf_sql_varchar" },
uuid: { value: userUUID, cfsqltype: "cf_sql_varchar" },
otp: { value: otp, cfsqltype: "cf_sql_varchar" },
addedOn: { value: now(), cfsqltype: "cf_sql_timestamp" },
promoCode: { value: randRange(1000000, 9999999), cfsqltype: "cf_sql_varchar" }
}, { datasource: "payfrit" });
}
// Send OTP via Twilio (skip on dev server)
smsMessage = "Code saved (SMS skipped in dev)";
isDev = findNoCase("dev.payfrit.com", cgi.SERVER_NAME) > 0;
if (!isDev && structKeyExists(application, "twilioObj")) {
try {
smsResult = application.twilioObj.sendSMS(
recipientNumber: "+1" & phone,
messageBody: "Your Payfrit verification code is: " & otp
);
smsMessage = smsResult.success ? "Verification code sent" : "SMS failed - please try again";
} catch (any smsErr) {
smsMessage = "SMS error: " & smsErr.message;
}
}
writeOutput(serializeJSON({
"OK": true,
"UUID": userUUID,
"MESSAGE": smsMessage,
"DEV_OTP": otp
}));
} catch (any e) {
apiAbort({
"OK": false,
"ERROR": "server_error",
"MESSAGE": e.message
});
}
</cfscript>
Reference in a new issue View git blame Copy permalink