-<?php namespace BookStack\Http\Controllers;
+<?php
+namespace BookStack\Http\Controllers;
+
+use BookStack\Actions\ActivityType;
use BookStack\Api\ApiToken;
use BookStack\Auth\User;
use Illuminate\Http\Request;
-use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
class UserApiTokenController extends Controller
{
-
/**
* Show the form to create a new API token.
*/
$this->checkPermissionOrCurrentUser('users-manage', $userId);
$user = User::query()->findOrFail($userId);
+
return view('users.api-tokens.create', [
'user' => $user,
]);
$this->checkPermissionOrCurrentUser('users-manage', $userId);
$this->validate($request, [
- 'name' => 'required|max:250',
+ 'name' => 'required|max:250',
'expires_at' => 'date_format:Y-m-d',
]);
$user = User::query()->findOrFail($userId);
$secret = Str::random(32);
- $expiry = $request->get('expires_at', (Carbon::now()->addYears(100))->format('Y-m-d'));
$token = (new ApiToken())->forceFill([
- 'name' => $request->get('name'),
- 'client_id' => Str::random(32),
- 'client_secret' => Hash::make($secret),
- 'user_id' => $user->id,
- 'expires_at' => $expiry
+ 'name' => $request->get('name'),
+ 'token_id' => Str::random(32),
+ 'secret' => Hash::make($secret),
+ 'user_id' => $user->id,
+ 'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(),
]);
- while (ApiToken::query()->where('client_id', '=', $token->client_id)->exists()) {
- $token->client_id = Str::random(32);
+ while (ApiToken::query()->where('token_id', '=', $token->token_id)->exists()) {
+ $token->token_id = Str::random(32);
}
$token->save();
- $token->refresh();
session()->flash('api-token-secret:' . $token->id, $secret);
$this->showSuccessNotification(trans('settings.user_api_token_create_success'));
+ $this->logActivity(ActivityType::API_TOKEN_CREATE, $token);
+
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
}
$secret = session()->pull('api-token-secret:' . $token->id, null);
return view('users.api-tokens.edit', [
- 'user' => $user,
- 'token' => $token,
- 'model' => $token,
+ 'user' => $user,
+ 'token' => $token,
+ 'model' => $token,
'secret' => $secret,
]);
}
public function update(Request $request, int $userId, int $tokenId)
{
$this->validate($request, [
- 'name' => 'required|max:250',
+ 'name' => 'required|max:250',
'expires_at' => 'date_format:Y-m-d',
]);
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
+ $token->fill([
+ 'name' => $request->get('name'),
+ 'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(),
+ ])->save();
- $token->fill($request->all())->save();
$this->showSuccessNotification(trans('settings.user_api_token_update_success'));
+ $this->logActivity(ActivityType::API_TOKEN_UPDATE, $token);
+
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
}
public function delete(int $userId, int $tokenId)
{
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
+
return view('users.api-tokens.delete', [
- 'user' => $user,
+ 'user' => $user,
'token' => $token,
]);
}
$token->delete();
$this->showSuccessNotification(trans('settings.user_api_token_delete_success'));
+ $this->logActivity(ActivityType::API_TOKEN_DELETE, $token);
+
return redirect($user->getEditUrl('#api_tokens'));
}
$user = User::query()->findOrFail($userId);
$token = ApiToken::query()->where('user_id', '=', $user->id)->where('id', '=', $tokenId)->firstOrFail();
+
return [$user, $token];
}
-
}
projects / bookstack / blobdiff