payfrit/payfrit-biz
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2026-03-21. You can view files and clone it, but cannot push or open issues or pull requests.
payfrit-biz/api/auth/loginOTP.cfm
John Mizerek fc310c35cf Fix cancel task to not cancel order, standardize OTP messages 
- Cancel Task now leaves order untouched (customer can pay another way)
- Standardized SMS text to "Your Payfrit code is:" across all endpoints

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-17 11:11:37 -08:00

128 lines
3.8 KiB
Text
Raw Blame History

<cfsetting showdebugoutput="false">
<cfsetting enablecfoutputonly="true">
<cfcontent type="application/json; charset=utf-8" reset="true">
<cfheader name="Cache-Control" value="no-store">
<cfscript>
/**
* Send OTP to phone number for LOGIN (existing verified accounts)
*
* POST: { "phone": "5551234567" }
*
* Returns: { OK: true, UUID: "..." } or { OK: false, ERROR: "..." }
*
* Only works for verified accounts. Returns error if no account found.
*/
function apiAbort(required struct payload) {
writeOutput(serializeJSON(payload));
abort;
}
function readJsonBody() {
var raw = getHttpRequestData().content;
if (isNull(raw)) raw = "";
if (!len(trim(raw))) return {};
try {
var data = deserializeJSON(raw);
if (isStruct(data)) return data;
} catch (any e) {}
return {};
}
function normalizePhone(required string p) {
var x = trim(arguments.p);
x = reReplace(x, "[^0-9]", "", "all");
if (len(x) == 11 && left(x, 1) == "1") {
x = right(x, 10);
}
return x;
}
function generateOTP() {
return randRange(100000, 999999);
}
try {
data = readJsonBody();
phone = structKeyExists(data, "phone") ? normalizePhone(data.phone) : "";
if (len(phone) != 10) {
apiAbort({ "OK": false, "ERROR": "invalid_phone", "MESSAGE": "Please enter a valid 10-digit phone number" });
}
// Find verified account with this phone
qUser = queryTimed("
SELECT ID, UUID
FROM Users
WHERE ContactNumber = :phone
AND IsContactVerified = 1
LIMIT 1
", { phone: { value: phone, cfsqltype: "cf_sql_varchar" } }, { datasource: "payfrit" });
if (qUser.recordCount == 0) {
apiAbort({ "OK": false, "ERROR": "no_account", "MESSAGE": "We couldn't find an account with this number. Try signing up instead!" });
}
// If user has no UUID (legacy account), generate one
userUUID = qUser.UUID;
if (!len(trim(userUUID))) {
userUUID = replace(createUUID(), "-", "", "all");
queryTimed("
UPDATE Users SET UUID = :uuid WHERE ID = :userId
", {
uuid: { value: userUUID, cfsqltype: "cf_sql_varchar" },
userId: { value: qUser.ID, cfsqltype: "cf_sql_integer" }
}, { datasource: "payfrit" });
}
// Generate OTP (use magic code on dev for easy testing)
otp = generateOTP();
if (structKeyExists(application, "MAGIC_OTP_ENABLED") && application.MAGIC_OTP_ENABLED
&& structKeyExists(application, "MAGIC_OTP_CODE") && len(application.MAGIC_OTP_CODE)) {
otp = application.MAGIC_OTP_CODE;
}
queryTimed("
UPDATE Users
SET MobileVerifyCode = :otp
WHERE ID = :userId
", {
otp: { value: otp, cfsqltype: "cf_sql_varchar" },
userId: { value: qUser.ID, cfsqltype: "cf_sql_integer" }
}, { datasource: "payfrit" });
// Send OTP via Twilio (skip on dev server)
smsMessage = "Code saved (SMS skipped in dev)";
isDev = findNoCase("dev.payfrit.com", cgi.SERVER_NAME) > 0;
if (!isDev && structKeyExists(application, "twilioObj")) {
try {
smsResult = application.twilioObj.sendSMS(
recipientNumber: "+1" & phone,
messageBody: "Your Payfrit code is: " & otp
);
smsMessage = smsResult.success ? "Login code sent" : "SMS failed - please try again";
} catch (any smsErr) {
smsMessage = "SMS error: " & smsErr.message;
}
}
try{logPerf(0);}catch(any e){}
resp = {
"OK": true,
"UUID": userUUID,
"MESSAGE": smsMessage
};
if (isDev) {
resp["DEV_OTP"] = otp;
}
writeOutput(serializeJSON(resp));
} catch (any e) {
apiAbort({
"OK": false,
"ERROR": "server_error",
"MESSAGE": e.message
});
}
</cfscript>
Reference in a new issue View git blame Copy permalink