tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged in OS187-Registration-api-keys (pull request #122) 

Os187 registration api keys
This commit is contained in:
Ivan Diaz 2017-01-13 21:21:27 -03:00
parent 01ac3e432d 0108414a70
commit 9f1a1cb09c
13 changed files with 218 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/controllers/system.php
View File

@ -12,6 +12,9 @@ require_once 'system/recover-mail-template.php';
require_once 'system/get-stats.php';
require_once 'system/disable-registration.php';
require_once 'system/enable-registration.php';
require_once 'system/add-api-key.php';
require_once 'system/delete-api-key.php';
require_once 'system/get-all-keys.php';
$systemControllerGroup = new ControllerGroup();
$systemControllerGroup->setGroupPath('/system');
@ -29,5 +32,8 @@ $systemControllerGroup->addController(new RecoverMailTemplateController);
$systemControllerGroup->addController(new DisableRegistrationController);
$systemControllerGroup->addController(new EnableRegistrationController);
$systemControllerGroup->addController(new GetStatsController);
$systemControllerGroup->addController(new AddAPIKeyController);
$systemControllerGroup->addController(new DeleteAPIKeyController);
$systemControllerGroup->addController(new GetAllKeyController);
$systemControllerGroup->finalize();

41
server/controllers/system/add-api-key.php Normal file
View File

@ -0,0 +1,41 @@
<?php
use Respect\Validation\Validator as DataValidator;
class AddAPIKeyController extends Controller {
const PATH = '/add-api-key';
public function validations() {
return [
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55)->alnum(),
'error' => ERRORS::INVALID_NAME
]
]
];
}
public function handler() {
$apiInstance = new APIKey();
$name = Controller::request('name');
$keyInstance = APIKey::getDataStore($name, 'name');
if($keyInstance->isNull()){
$token = Hashing::generateRandomToken();
$apiInstance->setProperties([
'name' => $name,
'token' => $token
]);
$apiInstance->store();
Response::respondSuccess($token);
} else {
Response::respondError(ERRORS::NAME_ALREADY_USED);
}
}
}

32
server/controllers/system/delete-api-key.php Normal file
View File

@ -0,0 +1,32 @@
<?php
use Respect\Validation\Validator as DataValidator;
class DeleteAPIKeyController extends Controller {
const PATH = '/delete-api-key';
public function validations() {
return [
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55)->alpha(),
'error' => ERRORS::INVALID_NAME
]
]
];
}
public function handler() {
$name = Controller::request('name');
$keyInstance = APIKey::getDataStore($name, 'name');
if($keyInstance->isNull()) {
Response::respondError(ERRORS::INVALID_NAME);
return;
}
$keyInstance->delete();
Response::respondSuccess();
}
}

19
server/controllers/system/get-all-keys.php Normal file
View File

@ -0,0 +1,19 @@
<?php
use Respect\Validation\Validator as DataValidator;
class GetAllKeyController extends Controller {
const PATH = '/get-all-keys';
public function validations() {
return [
'permission' => 'staff_3',
'requestData' => []
];
}
public function handler() {
$apiList = APIKey::getAll();
Response::respondSuccess($apiList->toArray());
}
}

3
server/controllers/user/signup.php
View File

@ -37,6 +37,7 @@ class SignUpController extends Controller {
public function handler() {
$this->storeRequestData();
$apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token');
$existentUser = User::getUser($this->userEmail, 'email');
@ -51,7 +52,7 @@ class SignUpController extends Controller {
return;
}
if (!Setting::getSetting('registration')->value) {
if (!Setting::getSetting('registration')->value && $apiKey->isNull() ) {
Response::respondError(ERRORS::NO_PERMISSION);
return;
}

1
server/data/ERRORS.php
View File

@ -36,4 +36,5 @@ class ERRORS {
const INVALID_SUBJECT = 'INVALID_SUBJECT';
const INVALID_BODY = 'INVALID_BODY';
const INVALID_PERIOD = 'INVALID_PERIOD';
const NAME_ALREADY_USED = 'NAME_ALREADY_USED';
}

3
server/libs/validations/captcha.php
View File

@ -8,8 +8,9 @@ class Captcha extends AbstractRule {
public function validate($reCaptchaResponse) {
$reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue();
$apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token');
if (!$reCaptchaPrivateKey) return true;
if (!$reCaptchaPrivateKey || !$apiKey->isNull()) return true;
$reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey);
$reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']);

18
server/models/APIKey.php Normal file
View File

@ -0,0 +1,18 @@
<?php
class APIKey extends DataStore {
const TABLE = 'apikey';
public static function getProps() {
return [
'name',
'token'
];
}
public function toArray() {
return [
'name' => $this->name,
'token' => $this->token
];
}
}

3
tests/init.rb
View File

@ -55,3 +55,6 @@ require './system/recover-mail-template.rb'
require './system/disable-registration.rb'
require './system/enable-registration.rb'
require './system/get-stats.rb'
require './system/add-api-key.rb'
require './system/delete-api-key.rb'
require './system/get-all-keys.rb'

8
tests/scripts.rb
View File

@ -44,4 +44,12 @@ class Scripts
result['data']
end
def self.createAPIKey(name)
result = request('/system/add-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: name
})
end
end

30
tests/system/add-api-key.rb Normal file
View File

@ -0,0 +1,30 @@
describe'system/add-api-key' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should add API key' do
result= request('/system/add-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new API'
})
(result['status']).should.equal('success')
row = $database.getRow('apikey', 1, 'id')
(row['name']).should.equal('new API')
(result['data']).should.equal(row['token'])
end
it 'should not add API key' do
result= request('/system/add-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new API'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NAME_ALREADY_USED')
end
end

30
tests/system/delete-api-key.rb Normal file
View File

@ -0,0 +1,30 @@
describe'system/delete-api-key' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should not delete API key' do
result= request('/system/delete-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new PIA'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_NAME')
end
it 'should delete API key' do
result= request('/system/delete-api-key', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'new API'
})
(result['status']).should.equal('success')
row = $database.getRow('apikey', 1, 'id')
(row).should.equal(nil)
end
end

26
tests/system/get-all-keys.rb Normal file
View File

@ -0,0 +1,26 @@
describe'system/get-all-keys' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should get all API keys' do
Scripts.createAPIKey('namekey1')
Scripts.createAPIKey('namekey2')
Scripts.createAPIKey('namekey3')
Scripts.createAPIKey('namekey4')
Scripts.createAPIKey('namekey5')
result= request('/system/get-all-keys', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
})
(result['status']).should.equal('success')
(result['data'][0]['name']).should.equal('namekey1')
(result['data'][1]['name']).should.equal('namekey2')
(result['data'][2]['name']).should.equal('namekey3')
(result['data'][3]['name']).should.equal('namekey4')
(result['data'][4]['name']).should.equal('namekey5')
end
end