payfrit/payfrit-biz
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2026-03-21. You can view files and clone it, but cannot push or open issues or pull requests.
payfrit-biz/api/auth/loginOTP.cfm
John Mizerek bc88f28e60 Fix UserID column references in auth endpoints after schema normalization 
Users table primary key was renamed from UserID to ID but these
endpoints still referenced the old column name, causing server_error
on login/signup OTP flow.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 17:15:46 -08:00

121 lines
3.5 KiB
Text
Raw Blame History

<cfsetting showdebugoutput="false">
<cfsetting enablecfoutputonly="true">
<cfcontent type="application/json; charset=utf-8" reset="true">
<cfheader name="Cache-Control" value="no-store">
<cfscript>
/**
* Send OTP to phone number for LOGIN (existing verified accounts)
*
* POST: { "phone": "5551234567" }
*
* Returns: { OK: true, UUID: "..." } or { OK: false, ERROR: "..." }
*
* Only works for verified accounts. Returns error if no account found.
*/
function apiAbort(required struct payload) {
writeOutput(serializeJSON(payload));
abort;
}
function readJsonBody() {
var raw = getHttpRequestData().content;
if (isNull(raw)) raw = "";
if (!len(trim(raw))) return {};
try {
var data = deserializeJSON(raw);
if (isStruct(data)) return data;
} catch (any e) {}
return {};
}
function normalizePhone(required string p) {
var x = trim(arguments.p);
x = reReplace(x, "[^0-9]", "", "all");
if (len(x) == 11 && left(x, 1) == "1") {
x = right(x, 10);
}
return x;
}
function generateOTP() {
return randRange(100000, 999999);
}
try {
data = readJsonBody();
phone = structKeyExists(data, "phone") ? normalizePhone(data.phone) : "";
if (len(phone) != 10) {
apiAbort({ "OK": false, "ERROR": "invalid_phone", "MESSAGE": "Please enter a valid 10-digit phone number" });
}
// Find verified account with this phone
qUser = queryExecute("
SELECT ID, UUID
FROM Users
WHERE ContactNumber = :phone
AND IsContactVerified = 1
LIMIT 1
", { phone: { value: phone, cfsqltype: "cf_sql_varchar" } }, { datasource: "payfrit" });
if (qUser.recordCount == 0) {
apiAbort({ "OK": false, "ERROR": "no_account", "MESSAGE": "We couldn't find an account with this number. Try signing up instead!" });
}
// If user has no UUID (legacy account), generate one
userUUID = qUser.UUID;
if (!len(trim(userUUID))) {
userUUID = replace(createUUID(), "-", "", "all");
queryExecute("
UPDATE Users SET UUID = :uuid WHERE ID = :userId
", {
uuid: { value: userUUID, cfsqltype: "cf_sql_varchar" },
userId: { value: qUser.ID, cfsqltype: "cf_sql_integer" }
}, { datasource: "payfrit" });
}
// Generate and save OTP
otp = generateOTP();
queryExecute("
UPDATE Users
SET MobileVerifyCode = :otp
WHERE ID = :userId
", {
otp: { value: otp, cfsqltype: "cf_sql_varchar" },
userId: { value: qUser.ID, cfsqltype: "cf_sql_integer" }
}, { datasource: "payfrit" });
// Send OTP via Twilio (skip on dev server)
smsMessage = "Code saved (SMS skipped in dev)";
isDev = findNoCase("dev.payfrit.com", cgi.SERVER_NAME) > 0;
if (!isDev && structKeyExists(application, "twilioObj")) {
try {
smsResult = application.twilioObj.sendSMS(
recipientNumber: "+1" & phone,
messageBody: "Your Payfrit login code is: " & otp
);
smsMessage = smsResult.success ? "Login code sent" : "SMS failed - please try again";
} catch (any smsErr) {
smsMessage = "SMS error: " & smsErr.message;
}
}
try{logPerf(0);}catch(any e){}
writeOutput(serializeJSON({
"OK": true,
"UUID": userUUID,
"MESSAGE": smsMessage,
"DEV_OTP": otp
}));
} catch (any e) {
apiAbort({
"OK": false,
"ERROR": "server_error",
"MESSAGE": e.message
});
}
</cfscript>
Reference in a new issue View git blame Copy permalink