Add create ticket APIKey

2019-11-16 16:07:02 -03:00 · 2019-11-16 16:07:02 -03:00 · 7e1749dbd1
parent 0bfb36afd6
commit 7e1749dbd1
6 changed files with 44 additions and 6 deletions
--- a/server/controllers/system/add-api-key.php
+++ b/server/controllers/system/add-api-key.php
@ -14,10 +14,12 @@ use Respect\Validation\Validator as DataValidator;
 * @apiPermission staff3
 *
 * @apiParam {String} name Name of the new APIKey.
+ * @apiParam {String} type Type of APIKey: "REGSITRATION" or "TICKET_CREATE"
 *
 * @apiUse NO_PERMISSION
 * @apiUse INVALID_NAME
 * @apiUse NAME_ALREADY_USED
+ * @apiUse INVALID_API_KEY_TYPE
 *
 * @apiSuccess {String} data Token of the APIKey.
 *
@ -34,6 +36,10 @@ class AddAPIKeyController extends Controller {
                'name' => [
                    'validation' => DataValidator::length(2, 55)->alnum(),
                    'error' => ERRORS::INVALID_NAME
+                ],
+                'type' => [
+                    'validation' => DataValidator::in(APIKey::TYPES),
+                    'error' => ERRORS::INVALID_API_KEY_TYPE
                ]
            ]
        ];
@ -43,6 +49,7 @@ class AddAPIKeyController extends Controller {
        $apiInstance = new APIKey();

        $name = Controller::request('name');
+        $type = Controller::request('type');

        $keyInstance = APIKey::getDataStore($name, 'name');

@ -51,7 +58,8 @@ class AddAPIKeyController extends Controller {

            $apiInstance->setProperties([
                'name' => $name,
-                'token' => $token
+                'token' => $token,
+                'type' => $type,
            ]);

            $apiInstance->store();
--- a/server/controllers/ticket/create.php
+++ b/server/controllers/ticket/create.php
@ -75,7 +75,7 @@ class CreateController extends Controller {
        if(!Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) {
            $validations['permission'] = 'any';
            $validations['requestData']['captcha'] = [
-                'validation' => DataValidator::captcha(),
+                'validation' => DataValidator::captcha(APIKey::TICKET_CREATE),
                'error' => ERRORS::INVALID_CAPTCHA
            ];
            $validations['requestData']['email'] = [
--- a/server/controllers/user/signup.php
+++ b/server/controllers/user/signup.php
@ -72,7 +72,7 @@ class SignUpController extends Controller {

        if(!$this->csvImported) {
            $validations['requestData']['captcha'] = [
-                'validation' => DataValidator::captcha(),
+                'validation' => DataValidator::captcha(APIKey::REGISTRATION),
                'error' => ERRORS::INVALID_CAPTCHA
            ];
        }
@ -103,6 +103,10 @@ class SignUpController extends Controller {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

+        if(!$apiKey->isNull() && $apiKey->type !== APIKey::REGISTRATION) {
+            throw new RequestException(ERRORS::INVALID_API_KEY_TYPE);
+        }
+
        $userId = $this->createNewUserAndRetrieveId();

        if(MailSender::getInstance()->isConnected()) {
--- a/server/data/ERRORS.php
+++ b/server/data/ERRORS.php
@ -251,6 +251,10 @@
 * @apiDefine INVALID_COLOR
 * @apiError {String} INVALID_COLOR The color should be in hexadecimal, preceded by a '#'
 */
+/**
+ * @apiDefine INVALID_API_KEY_TYPE
+ * @apiError {String} INVALID_API_KEY_TYPE Api key type is not one of the availables
+ */

 class ERRORS {
    const INVALID_CREDENTIALS = 'INVALID_CREDENTIALS';
@ -317,4 +321,5 @@ class ERRORS {
    const INVALID_CUSTOM_FIELD_OPTION = 'INVALID_CUSTOM_FIELD_OPTION';
    const UNAVAILABLE_STATS = 'UNAVAILABLE_STATS';
    const INVALID_COLOR = 'INVALID_COLOR';
+    const INVALID_API_KEY_TYPE = 'INVALID_API_KEY_TYPE';
 }
--- a/server/libs/validations/captcha.php
+++ b/server/libs/validations/captcha.php
@ -5,12 +5,22 @@ namespace CustomValidations;
 use Respect\Validation\Rules\AbstractRule;

 class Captcha extends AbstractRule {
+    private $dataStoreName;
+
+    public function __construct($apiKeyType = '') {
+        if (in_array($apiKeyType, \APIKey::TYPES)) {
+            $this->apiKeyType = $apiKeyType;
+        } else if($apiKeyType) {
+            throw new \Exception(\ERRORS::INVALID_API_KEY_TYPE);
+        }
+    }

    public function validate($reCaptchaResponse) {
        $reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue();
        $apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token');

-        if (!$reCaptchaPrivateKey || !$apiKey->isNull()) return true;
+        if (!$reCaptchaPrivateKey) return true;
+        if (!$apiKey->isNull() && $apiKey->type === $apiKeyType) return true;

        $reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey);
        $reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']);
--- a/server/models/APIKey.php
+++ b/server/models/APIKey.php
@ -9,18 +9,29 @@

 class APIKey extends DataStore {
    const TABLE  = 'apikey';
+    const REGISTRATION = 'REGISTRATION';
+    const TICKET_CREATE = 'TICKET_CREATE';
+    const TYPES = [APIKey::REGISTRATION, APIKey::TICKET_CREATE];

    public static function getProps() {
        return [
            'name',
-            'token'
+            'token',
+            'type'
+        ];
+    }
+
+    public function getDefaultProps() {
+        return [
+            'type' => APIKey::REGISTRATION
        ];
    }

    public function toArray() {
        return [
            'name' => $this->name,
-            'token' => $this->token
+            'token' => $this->token,
+            'type' => $this->type
        ];
    }
 }