From bbef37c04aa32153da118ab6c043d088f3d010ee Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Sat, 21 Aug 2021 17:21:17 -0500
Subject: [PATCH] WebServices: allow subscribe to course with password

---
 main/inc/lib/webservices/Rest.php | 21 +++++++++++++++++++++
 main/webservices/api/v2.php       |  7 +++++++
 2 files changed, 28 insertions(+)

diff --git a/main/inc/lib/webservices/Rest.php b/main/inc/lib/webservices/Rest.php
index a4f150310d..c03c38e87f 100644
--- a/main/inc/lib/webservices/Rest.php
+++ b/main/inc/lib/webservices/Rest.php
@@ -51,6 +51,7 @@ class Rest extends WebService
     const SAVE_USER = 'save_user';
     const SAVE_USER_JSON = 'save_user_json';
     const SUBSCRIBE_USER_TO_COURSE = 'subscribe_user_to_course';
+    const SUBSCRIBE_USER_TO_COURSE_PASSWORD = 'subscribe_user_to_course_password';
     const UNSUBSCRIBE_USER_FROM_COURSE = 'unsubscribe_user_from_course';
     const EXTRAFIELD_GCM_ID = 'gcm_registration_id';
     const DELETE_USER_MESSAGE = 'delete_user_message';
@@ -1522,6 +1523,26 @@ class Rest extends WebService
         return [false];
     }
 
+    /**
+     * @throws Exception
+     */
+    public function subscribeUserToCoursePassword($courseCode, $password)
+    {
+        $courseInfo = api_get_course_info($courseCode);
+
+        if (empty($courseInfo)) {
+            throw new Exception(get_lang('NoCourse'));
+        }
+
+        if (sha1($password) === $courseInfo['registration_code']) {
+            CourseManager::processAutoSubscribeToCourse($courseCode);
+
+            return;
+        }
+
+        throw new Exception(get_lang('CourseRegistrationCodeIncorrect'));
+    }
+
     public function unSubscribeUserToCourse(array $params): array
     {
         $courseId = $params['course_id'];
diff --git a/main/webservices/api/v2.php b/main/webservices/api/v2.php
index 0af64d1a51..debb6c396c 100644
--- a/main/webservices/api/v2.php
+++ b/main/webservices/api/v2.php
@@ -194,6 +194,13 @@ try {
             $data = $restApi->subscribeUserToCourse($_POST);
             $restResponse->setData($data);
             break;
+        case Rest::SUBSCRIBE_USER_TO_COURSE_PASSWORD:
+            $courseCode = isset($_POST['code']) ? Security::remove_XSS($_POST['code']) : null;
+            $password = $_POST['password'] ?? null;
+
+            $restApi->subscribeUserToCoursePassword($courseCode, $password);
+            $restResponse->setData(['status' => true]);
+            break;
         case Rest::UNSUBSCRIBE_USER_FROM_COURSE:
             $data = $restApi->unSubscribeUserToCourse($_POST);
             $restResponse->setData($data);