X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/692fc46c7dfab76f4e9e28a9f1b4c419f60b5ded..refs/pull/3365/head:/app/Http/Controllers/UserApiTokenController.php diff --git a/app/Http/Controllers/UserApiTokenController.php b/app/Http/Controllers/UserApiTokenController.php index c18d52901..b1a043cd3 100644 --- a/app/Http/Controllers/UserApiTokenController.php +++ b/app/Http/Controllers/UserApiTokenController.php @@ -1,15 +1,16 @@ -checkPermissionOrCurrentUser('users-manage', $userId); $user = User::query()->findOrFail($userId); + return view('users.api-tokens.create', [ 'user' => $user, ]); @@ -34,20 +36,19 @@ class UserApiTokenController extends Controller $this->checkPermissionOrCurrentUser('users-manage', $userId); $this->validate($request, [ - 'name' => 'required|max:250', - 'expires_at' => 'date_format:Y-m-d', + 'name' => ['required', 'max:250'], + 'expires_at' => ['date_format:Y-m-d'], ]); $user = User::query()->findOrFail($userId); $secret = Str::random(32); - $expiry = $request->get('expires_at', (Carbon::now()->addYears(100))->format('Y-m-d')); $token = (new ApiToken())->forceFill([ - 'name' => $request->get('name'), - 'token_id' => Str::random(32), - 'secret' => Hash::make($secret), - 'user_id' => $user->id, - 'expires_at' => $expiry + 'name' => $request->get('name'), + 'token_id' => Str::random(32), + 'secret' => Hash::make($secret), + 'user_id' => $user->id, + 'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(), ]); while (ApiToken::query()->where('token_id', '=', $token->token_id)->exists()) { @@ -55,10 +56,11 @@ class UserApiTokenController extends Controller } $token->save(); - $token->refresh(); session()->flash('api-token-secret:' . $token->id, $secret); $this->showSuccessNotification(trans('settings.user_api_token_create_success')); + $this->logActivity(ActivityType::API_TOKEN_CREATE, $token); + return redirect($user->getEditUrl('/api-tokens/' . $token->id)); } @@ -71,9 +73,9 @@ class UserApiTokenController extends Controller $secret = session()->pull('api-token-secret:' . $token->id, null); return view('users.api-tokens.edit', [ - 'user' => $user, - 'token' => $token, - 'model' => $token, + 'user' => $user, + 'token' => $token, + 'model' => $token, 'secret' => $secret, ]); } @@ -84,14 +86,19 @@ class UserApiTokenController extends Controller public function update(Request $request, int $userId, int $tokenId) { $this->validate($request, [ - 'name' => 'required|max:250', - 'expires_at' => 'date_format:Y-m-d', + 'name' => ['required', 'max:250'], + 'expires_at' => ['date_format:Y-m-d'], ]); [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); + $token->fill([ + 'name' => $request->get('name'), + 'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(), + ])->save(); - $token->fill($request->all())->save(); $this->showSuccessNotification(trans('settings.user_api_token_update_success')); + $this->logActivity(ActivityType::API_TOKEN_UPDATE, $token); + return redirect($user->getEditUrl('/api-tokens/' . $token->id)); } @@ -101,8 +108,9 @@ class UserApiTokenController extends Controller public function delete(int $userId, int $tokenId) { [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); + return view('users.api-tokens.delete', [ - 'user' => $user, + 'user' => $user, 'token' => $token, ]); } @@ -116,6 +124,8 @@ class UserApiTokenController extends Controller $token->delete(); $this->showSuccessNotification(trans('settings.user_api_token_delete_success')); + $this->logActivity(ActivityType::API_TOKEN_DELETE, $token); + return redirect($user->getEditUrl('#api_tokens')); } @@ -132,7 +142,7 @@ class UserApiTokenController extends Controller $user = User::query()->findOrFail($userId); $token = ApiToken::query()->where('user_id', '=', $user->id)->where('id', '=', $tokenId)->firstOrFail(); + return [$user, $token]; } - }