Guillermo - registration api keys [skip ci]

This commit is contained in:
AntonyAntonio 2017-01-13 17:06:49 -03:00
parent f79913de97
commit 0108414a70
9 changed files with 105 additions and 6 deletions

View File

@ -9,7 +9,7 @@ class AddAPIKeyController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55)->alpha(),
'validation' => DataValidator::length(2, 55)->alnum(),
'error' => ERRORS::INVALID_NAME
]
]
@ -28,7 +28,7 @@ class AddAPIKeyController extends Controller {
$apiInstance->setProperties([
'name' => $name,
'key' => $token
'token' => $token
]);
$apiInstance->store();

View File

@ -37,6 +37,7 @@ class SignUpController extends Controller {
public function handler() {
$this->storeRequestData();
$apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token');
$existentUser = User::getUser($this->userEmail, 'email');
@ -51,7 +52,7 @@ class SignUpController extends Controller {
return;
}
if (!Setting::getSetting('registration')->value) {
if (!Setting::getSetting('registration')->value && $apiKey->isNull() ) {
Response::respondError(ERRORS::NO_PERMISSION);
return;
}

View File

@ -8,8 +8,9 @@ class Captcha extends AbstractRule {
public function validate($reCaptchaResponse) {
$reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue();
$apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token');
if (!$reCaptchaPrivateKey) return true;
if (!$reCaptchaPrivateKey || !$apiKey->isNull()) return true;
$reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey);
$reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']);

View File

@ -6,13 +6,13 @@ class APIKey extends DataStore {
public static function getProps() {
return [
'name',
'key'
'token'
];
}
public function toArray() {
return [
'name' => $this->name,
'key' => $this->key
'token' => $this->token
];
}
}

View File

@ -55,3 +55,6 @@ require './system/recover-mail-template.rb'
require './system/disable-registration.rb'
require './system/enable-registration.rb'
require './system/get-stats.rb'
require './system/add-api-key.rb'
require './system/delete-api-key.rb'
require './system/get-all-keys.rb'

View File

@ -44,4 +44,12 @@ class Scripts
result['data']
end
def self.createAPIKey(name)
result = request('/system/add-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: name
})
end
end

View File

@ -0,0 +1,30 @@
describe'system/add-api-key' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should add API key' do
result= request('/system/add-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new API'
})
(result['status']).should.equal('success')
row = $database.getRow('apikey', 1, 'id')
(row['name']).should.equal('new API')
(result['data']).should.equal(row['token'])
end
it 'should not add API key' do
result= request('/system/add-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new API'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NAME_ALREADY_USED')
end
end

View File

@ -0,0 +1,30 @@
describe'system/delete-api-key' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should not delete API key' do
result= request('/system/delete-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new PIA'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_NAME')
end
it 'should delete API key' do
result= request('/system/delete-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new API'
})
(result['status']).should.equal('success')
row = $database.getRow('apikey', 1, 'id')
(row).should.equal(nil)
end
end

View File

@ -0,0 +1,26 @@
describe'system/get-all-keys' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should get all API keys' do
Scripts.createAPIKey('namekey1')
Scripts.createAPIKey('namekey2')
Scripts.createAPIKey('namekey3')
Scripts.createAPIKey('namekey4')
Scripts.createAPIKey('namekey5')
result= request('/system/get-all-keys', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
})
(result['status']).should.equal('success')
(result['data'][0]['name']).should.equal('namekey1')
(result['data'][1]['name']).should.equal('namekey2')
(result['data'][2]['name']).should.equal('namekey3')
(result['data'][3]['name']).should.equal('namekey4')
(result['data'][4]['name']).should.equal('namekey5')
end
end