Guillermo - registration api keys [skip ci]
This commit is contained in:
parent
f79913de97
commit
0108414a70
|
@ -9,7 +9,7 @@ class AddAPIKeyController extends Controller {
|
|||
'permission' => 'staff_3',
|
||||
'requestData' => [
|
||||
'name' => [
|
||||
'validation' => DataValidator::length(2, 55)->alpha(),
|
||||
'validation' => DataValidator::length(2, 55)->alnum(),
|
||||
'error' => ERRORS::INVALID_NAME
|
||||
]
|
||||
]
|
||||
|
@ -28,7 +28,7 @@ class AddAPIKeyController extends Controller {
|
|||
|
||||
$apiInstance->setProperties([
|
||||
'name' => $name,
|
||||
'key' => $token
|
||||
'token' => $token
|
||||
]);
|
||||
|
||||
$apiInstance->store();
|
||||
|
|
|
@ -37,6 +37,7 @@ class SignUpController extends Controller {
|
|||
|
||||
public function handler() {
|
||||
$this->storeRequestData();
|
||||
$apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token');
|
||||
|
||||
$existentUser = User::getUser($this->userEmail, 'email');
|
||||
|
||||
|
@ -51,7 +52,7 @@ class SignUpController extends Controller {
|
|||
return;
|
||||
}
|
||||
|
||||
if (!Setting::getSetting('registration')->value) {
|
||||
if (!Setting::getSetting('registration')->value && $apiKey->isNull() ) {
|
||||
Response::respondError(ERRORS::NO_PERMISSION);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -8,8 +8,9 @@ class Captcha extends AbstractRule {
|
|||
|
||||
public function validate($reCaptchaResponse) {
|
||||
$reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue();
|
||||
$apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token');
|
||||
|
||||
if (!$reCaptchaPrivateKey) return true;
|
||||
if (!$reCaptchaPrivateKey || !$apiKey->isNull()) return true;
|
||||
|
||||
$reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey);
|
||||
$reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']);
|
||||
|
|
|
@ -6,13 +6,13 @@ class APIKey extends DataStore {
|
|||
public static function getProps() {
|
||||
return [
|
||||
'name',
|
||||
'key'
|
||||
'token'
|
||||
];
|
||||
}
|
||||
public function toArray() {
|
||||
return [
|
||||
'name' => $this->name,
|
||||
'key' => $this->key
|
||||
'token' => $this->token
|
||||
];
|
||||
}
|
||||
}
|
|
@ -55,3 +55,6 @@ require './system/recover-mail-template.rb'
|
|||
require './system/disable-registration.rb'
|
||||
require './system/enable-registration.rb'
|
||||
require './system/get-stats.rb'
|
||||
require './system/add-api-key.rb'
|
||||
require './system/delete-api-key.rb'
|
||||
require './system/get-all-keys.rb'
|
||||
|
|
|
@ -44,4 +44,12 @@ class Scripts
|
|||
|
||||
result['data']
|
||||
end
|
||||
|
||||
def self.createAPIKey(name)
|
||||
result = request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: name
|
||||
})
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
describe'system/add-api-key' do
|
||||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
it 'should add API key' do
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'new API'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 1, 'id')
|
||||
|
||||
(row['name']).should.equal('new API')
|
||||
(result['data']).should.equal(row['token'])
|
||||
|
||||
end
|
||||
it 'should not add API key' do
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'new API'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('NAME_ALREADY_USED')
|
||||
end
|
||||
end
|
|
@ -0,0 +1,30 @@
|
|||
describe'system/delete-api-key' do
|
||||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
it 'should not delete API key' do
|
||||
result= request('/system/delete-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'new PIA'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_NAME')
|
||||
end
|
||||
|
||||
it 'should delete API key' do
|
||||
result= request('/system/delete-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'new API'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 1, 'id')
|
||||
|
||||
(row).should.equal(nil)
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,26 @@
|
|||
describe'system/get-all-keys' do
|
||||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
it 'should get all API keys' do
|
||||
Scripts.createAPIKey('namekey1')
|
||||
Scripts.createAPIKey('namekey2')
|
||||
Scripts.createAPIKey('namekey3')
|
||||
Scripts.createAPIKey('namekey4')
|
||||
Scripts.createAPIKey('namekey5')
|
||||
|
||||
result= request('/system/get-all-keys', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data'][0]['name']).should.equal('namekey1')
|
||||
(result['data'][1]['name']).should.equal('namekey2')
|
||||
(result['data'][2]['name']).should.equal('namekey3')
|
||||
(result['data'][3]['name']).should.equal('namekey4')
|
||||
(result['data'][4]['name']).should.equal('namekey5')
|
||||
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue