diff --git a/server/controllers/system/add-api-key.php b/server/controllers/system/add-api-key.php index 38ef0861..5f922817 100755 --- a/server/controllers/system/add-api-key.php +++ b/server/controllers/system/add-api-key.php @@ -14,10 +14,12 @@ use Respect\Validation\Validator as DataValidator; * @apiPermission staff3 * * @apiParam {String} name Name of the new APIKey. + * @apiParam {String} type Type of APIKey: "REGSITRATION" or "TICKET_CREATE" * * @apiUse NO_PERMISSION * @apiUse INVALID_NAME * @apiUse NAME_ALREADY_USED + * @apiUse INVALID_API_KEY_TYPE * * @apiSuccess {String} data Token of the APIKey. * @@ -34,6 +36,10 @@ class AddAPIKeyController extends Controller { 'name' => [ 'validation' => DataValidator::length(2, 55)->alnum(), 'error' => ERRORS::INVALID_NAME + ], + 'type' => [ + 'validation' => DataValidator::in(APIKey::TYPES), + 'error' => ERRORS::INVALID_API_KEY_TYPE ] ] ]; @@ -43,6 +49,7 @@ class AddAPIKeyController extends Controller { $apiInstance = new APIKey(); $name = Controller::request('name'); + $type = Controller::request('type'); $keyInstance = APIKey::getDataStore($name, 'name'); @@ -51,7 +58,8 @@ class AddAPIKeyController extends Controller { $apiInstance->setProperties([ 'name' => $name, - 'token' => $token + 'token' => $token, + 'type' => $type, ]); $apiInstance->store(); diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index 432b6d08..e3059498 100755 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -75,7 +75,7 @@ class CreateController extends Controller { if(!Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) { $validations['permission'] = 'any'; $validations['requestData']['captcha'] = [ - 'validation' => DataValidator::captcha(), + 'validation' => DataValidator::captcha(APIKey::TICKET_CREATE), 'error' => ERRORS::INVALID_CAPTCHA ]; $validations['requestData']['email'] = [ diff --git a/server/controllers/user/signup.php b/server/controllers/user/signup.php index 8ae934ab..0bc8ec5a 100755 --- a/server/controllers/user/signup.php +++ b/server/controllers/user/signup.php @@ -72,7 +72,7 @@ class SignUpController extends Controller { if(!$this->csvImported) { $validations['requestData']['captcha'] = [ - 'validation' => DataValidator::captcha(), + 'validation' => DataValidator::captcha(APIKey::REGISTRATION), 'error' => ERRORS::INVALID_CAPTCHA ]; } @@ -103,6 +103,10 @@ class SignUpController extends Controller { throw new RequestException(ERRORS::NO_PERMISSION); } + if(!$apiKey->isNull() && $apiKey->type !== APIKey::REGISTRATION) { + throw new RequestException(ERRORS::INVALID_API_KEY_TYPE); + } + $userId = $this->createNewUserAndRetrieveId(); if(MailSender::getInstance()->isConnected()) { diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php index 831086a9..9406ce80 100755 --- a/server/data/ERRORS.php +++ b/server/data/ERRORS.php @@ -251,6 +251,10 @@ * @apiDefine INVALID_COLOR * @apiError {String} INVALID_COLOR The color should be in hexadecimal, preceded by a '#' */ +/** + * @apiDefine INVALID_API_KEY_TYPE + * @apiError {String} INVALID_API_KEY_TYPE Api key type is not one of the availables + */ class ERRORS { const INVALID_CREDENTIALS = 'INVALID_CREDENTIALS'; @@ -317,4 +321,5 @@ class ERRORS { const INVALID_CUSTOM_FIELD_OPTION = 'INVALID_CUSTOM_FIELD_OPTION'; const UNAVAILABLE_STATS = 'UNAVAILABLE_STATS'; const INVALID_COLOR = 'INVALID_COLOR'; + const INVALID_API_KEY_TYPE = 'INVALID_API_KEY_TYPE'; } diff --git a/server/libs/validations/captcha.php b/server/libs/validations/captcha.php index 7ac805c2..e37ca9fa 100755 --- a/server/libs/validations/captcha.php +++ b/server/libs/validations/captcha.php @@ -5,12 +5,22 @@ namespace CustomValidations; use Respect\Validation\Rules\AbstractRule; class Captcha extends AbstractRule { + private $dataStoreName; + + public function __construct($apiKeyType = '') { + if (in_array($apiKeyType, \APIKey::TYPES)) { + $this->apiKeyType = $apiKeyType; + } else if($apiKeyType) { + throw new \Exception(\ERRORS::INVALID_API_KEY_TYPE); + } + } public function validate($reCaptchaResponse) { $reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue(); $apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token'); - if (!$reCaptchaPrivateKey || !$apiKey->isNull()) return true; + if (!$reCaptchaPrivateKey) return true; + if (!$apiKey->isNull() && $apiKey->type === $apiKeyType) return true; $reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey); $reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']); diff --git a/server/models/APIKey.php b/server/models/APIKey.php index 436b2b14..9cb1c4ff 100755 --- a/server/models/APIKey.php +++ b/server/models/APIKey.php @@ -9,18 +9,29 @@ class APIKey extends DataStore { const TABLE = 'apikey'; + const REGISTRATION = 'REGISTRATION'; + const TICKET_CREATE = 'TICKET_CREATE'; + const TYPES = [APIKey::REGISTRATION, APIKey::TICKET_CREATE]; public static function getProps() { return [ 'name', - 'token' + 'token', + 'type' + ]; + } + + public function getDefaultProps() { + return [ + 'type' => APIKey::REGISTRATION ]; } public function toArray() { return [ 'name' => $this->name, - 'token' => $this->token + 'token' => $this->token, + 'type' => $this->type ]; } } \ No newline at end of file