Guillermo - registration api keys [skip ci]

server/controllers/system/add-api-key.php

@@ -9,7 +9,7 @@ class AddAPIKeyController extends Controller {
             'permission' => 'staff_3',
             'requestData' => [
                 'name' => [
-                    'validation' => DataValidator::length(2, 55)->alpha(),
+                    'validation' => DataValidator::length(2, 55)->alnum(),
                     'error' => ERRORS::INVALID_NAME
                 ]
             ]
@@ -28,7 +28,7 @@ class AddAPIKeyController extends Controller {
 
             $apiInstance->setProperties([
                 'name' => $name,
-                'key' => $token
+                'token' => $token
             ]);
 
             $apiInstance->store();

server/controllers/user/signup.php

@@ -37,6 +37,7 @@ class SignUpController extends Controller {
 
     public function handler() {
         $this->storeRequestData();
+        $apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token');
 
         $existentUser = User::getUser($this->userEmail, 'email');
 
@@ -51,7 +52,7 @@ class SignUpController extends Controller {
             return;
         }
 
-        if (!Setting::getSetting('registration')->value) {
+        if (!Setting::getSetting('registration')->value && $apiKey->isNull() ) {
             Response::respondError(ERRORS::NO_PERMISSION);
             return;
         }

server/libs/validations/captcha.php

@@ -8,8 +8,9 @@ class Captcha extends AbstractRule {
 
     public function validate($reCaptchaResponse) {
         $reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue();
+        $apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token');
 
-        if (!$reCaptchaPrivateKey) return true;
+        if (!$reCaptchaPrivateKey || !$apiKey->isNull()) return true;
 
         $reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey);
         $reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']);

server/models/APIKey.php

@@ -6,13 +6,13 @@ class APIKey extends DataStore {
     public static function getProps() {
         return [
             'name',
-            'key'
+            'token'
         ];
     }
     public function toArray() {
         return [
             'name' => $this->name,
-            'key' => $this->key
+            'token' => $this->token
         ];
     }
 }

tests/init.rb

@@ -55,3 +55,6 @@ require './system/recover-mail-template.rb'
 require './system/disable-registration.rb'
 require './system/enable-registration.rb'
 require './system/get-stats.rb'
+require './system/add-api-key.rb'
+require './system/delete-api-key.rb'
+require './system/get-all-keys.rb'

tests/scripts.rb

@@ -44,4 +44,12 @@ class Scripts
 
         result['data']
     end
+
+    def self.createAPIKey(name)
+        result = request('/system/add-api-key', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: name
+        })
+    end
 end

tests/system/add-api-key.rb

@@ -0,0 +1,30 @@
+describe'system/add-api-key' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        it 'should add API key' do
+            result= request('/system/add-api-key', {
+                csrf_userid: $csrf_userid,
+                csrf_token: $csrf_token,
+                name: 'new API'
+            })
+
+            (result['status']).should.equal('success')
+
+            row = $database.getRow('apikey', 1, 'id')
+
+            (row['name']).should.equal('new API')
+            (result['data']).should.equal(row['token'])
+
+        end
+        it 'should not add API key' do
+            result= request('/system/add-api-key', {
+                csrf_userid: $csrf_userid,
+                csrf_token: $csrf_token,
+                name: 'new API'
+            })
+
+            (result['status']).should.equal('fail')
+            (result['message']).should.equal('NAME_ALREADY_USED')
+        end
+end

tests/system/delete-api-key.rb

@@ -0,0 +1,30 @@
+describe'system/delete-api-key' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        it 'should not delete API key' do
+            result= request('/system/delete-api-key', {
+                csrf_userid: $csrf_userid,
+                csrf_token: $csrf_token,
+                name: 'new PIA'
+            })
+
+            (result['status']).should.equal('fail')
+            (result['message']).should.equal('INVALID_NAME')
+        end
+
+        it 'should delete API key' do
+            result= request('/system/delete-api-key', {
+                csrf_userid: $csrf_userid,
+                csrf_token: $csrf_token,
+                name: 'new API'
+            })
+
+            (result['status']).should.equal('success')
+
+            row = $database.getRow('apikey', 1, 'id')
+
+            (row).should.equal(nil)
+        end
+
+end

tests/system/get-all-keys.rb

@@ -0,0 +1,26 @@
+describe'system/get-all-keys' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        it 'should get all  API keys' do
+            Scripts.createAPIKey('namekey1')
+            Scripts.createAPIKey('namekey2')
+            Scripts.createAPIKey('namekey3')
+            Scripts.createAPIKey('namekey4')
+            Scripts.createAPIKey('namekey5')
+            
+            result= request('/system/get-all-keys', {
+                csrf_userid: $csrf_userid,
+                csrf_token: $csrf_token,
+            })
+
+            (result['status']).should.equal('success')
+            (result['data'][0]['name']).should.equal('namekey1')
+            (result['data'][1]['name']).should.equal('namekey2')
+            (result['data'][2]['name']).should.equal('namekey3')
+            (result['data'][3]['name']).should.equal('namekey4')
+            (result['data'][4]['name']).should.equal('namekey5')
+
+        end
+
+end