X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/832fbd65afcaa8d8f2953fe04de2e479053dbc29..refs/pull/3008/head:/app/Http/Controllers/UserApiTokenController.php diff --git a/app/Http/Controllers/UserApiTokenController.php b/app/Http/Controllers/UserApiTokenController.php index 9f5ebc49e..bdc25f79d 100644 --- a/app/Http/Controllers/UserApiTokenController.php +++ b/app/Http/Controllers/UserApiTokenController.php @@ -1,15 +1,16 @@ -checkPermissionOrCurrentUser('users-manage', $userId); $user = User::query()->findOrFail($userId); + return view('users.api-tokens.create', [ 'user' => $user, ]); @@ -34,31 +36,31 @@ class UserApiTokenController extends Controller $this->checkPermissionOrCurrentUser('users-manage', $userId); $this->validate($request, [ - 'name' => 'required|max:250', + 'name' => 'required|max:250', 'expires_at' => 'date_format:Y-m-d', ]); $user = User::query()->findOrFail($userId); $secret = Str::random(32); - $expiry = $request->get('expires_at', (Carbon::now()->addYears(100))->format('Y-m-d')); $token = (new ApiToken())->forceFill([ - 'name' => $request->get('name'), - 'client_id' => Str::random(32), - 'client_secret' => Hash::make($secret), - 'user_id' => $user->id, - 'expires_at' => $expiry + 'name' => $request->get('name'), + 'token_id' => Str::random(32), + 'secret' => Hash::make($secret), + 'user_id' => $user->id, + 'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(), ]); - while (ApiToken::query()->where('client_id', '=', $token->client_id)->exists()) { - $token->client_id = Str::random(32); + while (ApiToken::query()->where('token_id', '=', $token->token_id)->exists()) { + $token->token_id = Str::random(32); } $token->save(); - $token->refresh(); session()->flash('api-token-secret:' . $token->id, $secret); $this->showSuccessNotification(trans('settings.user_api_token_create_success')); + $this->logActivity(ActivityType::API_TOKEN_CREATE, $token); + return redirect($user->getEditUrl('/api-tokens/' . $token->id)); } @@ -71,9 +73,9 @@ class UserApiTokenController extends Controller $secret = session()->pull('api-token-secret:' . $token->id, null); return view('users.api-tokens.edit', [ - 'user' => $user, - 'token' => $token, - 'model' => $token, + 'user' => $user, + 'token' => $token, + 'model' => $token, 'secret' => $secret, ]); } @@ -84,14 +86,19 @@ class UserApiTokenController extends Controller public function update(Request $request, int $userId, int $tokenId) { $this->validate($request, [ - 'name' => 'required|max:250', + 'name' => 'required|max:250', 'expires_at' => 'date_format:Y-m-d', ]); [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); + $token->fill([ + 'name' => $request->get('name'), + 'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(), + ])->save(); - $token->fill($request->all())->save(); $this->showSuccessNotification(trans('settings.user_api_token_update_success')); + $this->logActivity(ActivityType::API_TOKEN_UPDATE, $token); + return redirect($user->getEditUrl('/api-tokens/' . $token->id)); } @@ -101,8 +108,9 @@ class UserApiTokenController extends Controller public function delete(int $userId, int $tokenId) { [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); + return view('users.api-tokens.delete', [ - 'user' => $user, + 'user' => $user, 'token' => $token, ]); } @@ -116,6 +124,8 @@ class UserApiTokenController extends Controller $token->delete(); $this->showSuccessNotification(trans('settings.user_api_token_delete_success')); + $this->logActivity(ActivityType::API_TOKEN_DELETE, $token); + return redirect($user->getEditUrl('#api_tokens')); } @@ -132,7 +142,7 @@ class UserApiTokenController extends Controller $user = User::query()->findOrFail($userId); $token = ApiToken::query()->where('user_id', '=', $user->id)->where('id', '=', $tokenId)->firstOrFail(); + return [$user, $token]; } - }