From 0108414a707904732efe9a9f86967a7fd5504b6d Mon Sep 17 00:00:00 2001 From: AntonyAntonio Date: Fri, 13 Jan 2017 17:06:49 -0300 Subject: [PATCH] Guillermo - registration api keys [skip ci] --- server/controllers/system/add-api-key.php | 4 +-- server/controllers/user/signup.php | 3 ++- server/libs/validations/captcha.php | 3 ++- server/models/APIKey.php | 4 +-- tests/init.rb | 3 +++ tests/scripts.rb | 8 ++++++ tests/system/add-api-key.rb | 30 +++++++++++++++++++++++ tests/system/delete-api-key.rb | 30 +++++++++++++++++++++++ tests/system/get-all-keys.rb | 26 ++++++++++++++++++++ 9 files changed, 105 insertions(+), 6 deletions(-) create mode 100644 tests/system/add-api-key.rb create mode 100644 tests/system/delete-api-key.rb create mode 100644 tests/system/get-all-keys.rb diff --git a/server/controllers/system/add-api-key.php b/server/controllers/system/add-api-key.php index 8bbb4b78..2f32d66d 100644 --- a/server/controllers/system/add-api-key.php +++ b/server/controllers/system/add-api-key.php @@ -9,7 +9,7 @@ class AddAPIKeyController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55)->alpha(), + 'validation' => DataValidator::length(2, 55)->alnum(), 'error' => ERRORS::INVALID_NAME ] ] @@ -28,7 +28,7 @@ class AddAPIKeyController extends Controller { $apiInstance->setProperties([ 'name' => $name, - 'key' => $token + 'token' => $token ]); $apiInstance->store(); diff --git a/server/controllers/user/signup.php b/server/controllers/user/signup.php index 48e6e1c6..cee72f1b 100644 --- a/server/controllers/user/signup.php +++ b/server/controllers/user/signup.php @@ -37,6 +37,7 @@ class SignUpController extends Controller { public function handler() { $this->storeRequestData(); + $apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token'); $existentUser = User::getUser($this->userEmail, 'email'); @@ -51,7 +52,7 @@ class SignUpController extends Controller { return; } - if (!Setting::getSetting('registration')->value) { + if (!Setting::getSetting('registration')->value && $apiKey->isNull() ) { Response::respondError(ERRORS::NO_PERMISSION); return; } diff --git a/server/libs/validations/captcha.php b/server/libs/validations/captcha.php index 437d92d8..7ac805c2 100644 --- a/server/libs/validations/captcha.php +++ b/server/libs/validations/captcha.php @@ -8,8 +8,9 @@ class Captcha extends AbstractRule { public function validate($reCaptchaResponse) { $reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue(); + $apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token'); - if (!$reCaptchaPrivateKey) return true; + if (!$reCaptchaPrivateKey || !$apiKey->isNull()) return true; $reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey); $reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']); diff --git a/server/models/APIKey.php b/server/models/APIKey.php index c0b751fa..2cfc3783 100644 --- a/server/models/APIKey.php +++ b/server/models/APIKey.php @@ -6,13 +6,13 @@ class APIKey extends DataStore { public static function getProps() { return [ 'name', - 'key' + 'token' ]; } public function toArray() { return [ 'name' => $this->name, - 'key' => $this->key + 'token' => $this->token ]; } } \ No newline at end of file diff --git a/tests/init.rb b/tests/init.rb index cae53d63..aaf24e28 100644 --- a/tests/init.rb +++ b/tests/init.rb @@ -55,3 +55,6 @@ require './system/recover-mail-template.rb' require './system/disable-registration.rb' require './system/enable-registration.rb' require './system/get-stats.rb' +require './system/add-api-key.rb' +require './system/delete-api-key.rb' +require './system/get-all-keys.rb' diff --git a/tests/scripts.rb b/tests/scripts.rb index 4cf57fcf..9b5eb892 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -44,4 +44,12 @@ class Scripts result['data'] end + + def self.createAPIKey(name) + result = request('/system/add-api-key', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: name + }) + end end diff --git a/tests/system/add-api-key.rb b/tests/system/add-api-key.rb new file mode 100644 index 00000000..cf8c86d5 --- /dev/null +++ b/tests/system/add-api-key.rb @@ -0,0 +1,30 @@ +describe'system/add-api-key' do + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + + it 'should add API key' do + result= request('/system/add-api-key', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: 'new API' + }) + + (result['status']).should.equal('success') + + row = $database.getRow('apikey', 1, 'id') + + (row['name']).should.equal('new API') + (result['data']).should.equal(row['token']) + + end + it 'should not add API key' do + result= request('/system/add-api-key', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: 'new API' + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('NAME_ALREADY_USED') + end +end diff --git a/tests/system/delete-api-key.rb b/tests/system/delete-api-key.rb new file mode 100644 index 00000000..21553cfb --- /dev/null +++ b/tests/system/delete-api-key.rb @@ -0,0 +1,30 @@ +describe'system/delete-api-key' do + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + + it 'should not delete API key' do + result= request('/system/delete-api-key', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: 'new PIA' + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('INVALID_NAME') + end + + it 'should delete API key' do + result= request('/system/delete-api-key', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: 'new API' + }) + + (result['status']).should.equal('success') + + row = $database.getRow('apikey', 1, 'id') + + (row).should.equal(nil) + end + +end diff --git a/tests/system/get-all-keys.rb b/tests/system/get-all-keys.rb new file mode 100644 index 00000000..a604af3d --- /dev/null +++ b/tests/system/get-all-keys.rb @@ -0,0 +1,26 @@ +describe'system/get-all-keys' do + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + + it 'should get all API keys' do + Scripts.createAPIKey('namekey1') + Scripts.createAPIKey('namekey2') + Scripts.createAPIKey('namekey3') + Scripts.createAPIKey('namekey4') + Scripts.createAPIKey('namekey5') + + result= request('/system/get-all-keys', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + }) + + (result['status']).should.equal('success') + (result['data'][0]['name']).should.equal('namekey1') + (result['data'][1]['name']).should.equal('namekey2') + (result['data'][2]['name']).should.equal('namekey3') + (result['data'][3]['name']).should.equal('namekey4') + (result['data'][4]['name']).should.equal('namekey5') + + end + +end