From 692fc46c7dfab76f4e9e28a9f1b4c419f60b5ded Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Sun, 29 Dec 2019 20:07:28 +0000
Subject: [PATCH] Removed token 'client' text, avoid confusion w/ oAuth

- Instead have a token_id and a secret.
   - Displayed a 'Token ID' and 'Token Secret'.
---
 app/Http/Controllers/UserApiTokenController.php    |  8 ++++----
 .../migrations/2019_12_29_120917_add_api_auth.php  |  4 ++--
 resources/lang/en/settings.php                     | 10 +++++-----
 resources/views/users/api-tokens/edit.blade.php    | 10 +++++-----
 resources/views/users/edit.blade.php               |  2 +-
 tests/User/UserApiTokenTest.php                    | 14 +++++++-------
 6 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/app/Http/Controllers/UserApiTokenController.php b/app/Http/Controllers/UserApiTokenController.php
index 9f5ebc49e..c18d52901 100644
--- a/app/Http/Controllers/UserApiTokenController.php
+++ b/app/Http/Controllers/UserApiTokenController.php
@@ -44,14 +44,14 @@ class UserApiTokenController extends Controller
 
         $token = (new ApiToken())->forceFill([
             'name' => $request->get('name'),
-            'client_id' => Str::random(32),
-            'client_secret' => Hash::make($secret),
+            'token_id' => Str::random(32),
+            'secret' => Hash::make($secret),
             'user_id' => $user->id,
             'expires_at' => $expiry
         ]);
 
-        while (ApiToken::query()->where('client_id', '=', $token->client_id)->exists()) {
-            $token->client_id = Str::random(32);
+        while (ApiToken::query()->where('token_id', '=', $token->token_id)->exists()) {
+            $token->token_id = Str::random(32);
         }
 
         $token->save();
diff --git a/database/migrations/2019_12_29_120917_add_api_auth.php b/database/migrations/2019_12_29_120917_add_api_auth.php
index c8a1a7781..eff88247f 100644
--- a/database/migrations/2019_12_29_120917_add_api_auth.php
+++ b/database/migrations/2019_12_29_120917_add_api_auth.php
@@ -19,8 +19,8 @@ class AddApiAuth extends Migration
         Schema::create('api_tokens', function(Blueprint $table) {
             $table->increments('id');
             $table->string('name');
-            $table->string('client_id')->unique();
-            $table->string('client_secret');
+            $table->string('token_id')->unique();
+            $table->string('secret');
             $table->integer('user_id')->unsigned()->index();
             $table->date('expires_at')->index();
             $table->nullableTimestamps();
diff --git a/resources/lang/en/settings.php b/resources/lang/en/settings.php
index 88eb22aa0..b1da5435f 100755
--- a/resources/lang/en/settings.php
+++ b/resources/lang/en/settings.php
@@ -163,14 +163,14 @@ return [
     'user_api_token_name_desc' => 'Give your token a readable name as a future reminder of its intended purpose.',
     'user_api_token_expiry' => 'Expiry Date',
     'user_api_token_expiry_desc' => 'Set a date at which this token expires. After this date, requests made using this token will no longer work. Leaving this field blank will set an expiry 100 years into the future.',
-    'user_api_token_create_secret_message' => 'Immediately after creating this token a "client id"" & "client secret" will be generated and displayed. The client secret will only be shown a single time so be sure to copy the value to somewhere safe and secure before proceeding.',
+    'user_api_token_create_secret_message' => 'Immediately after creating this token a "Token ID"" & "Token Secret" will be generated and displayed. The secret will only be shown a single time so be sure to copy the value to somewhere safe and secure before proceeding.',
     'user_api_token_create_success' => 'API token successfully created',
     'user_api_token_update_success' => 'API token successfully updated',
     'user_api_token' => 'API Token',
-    'user_api_token_client_id' => 'Client ID',
-    'user_api_token_client_id_desc' => 'This is a non-editable system generated identifier for this token which will need to be provided in API requests.',
-    'user_api_token_client_secret' => 'Client Secret',
-    'user_api_token_client_secret_desc' => 'This is a system generated secret for this token which will need to be provided in API requests. This will only be displayed this one time so copy this value to somewhere safe and secure.',
+    'user_api_token_id' => 'Token ID',
+    'user_api_token_id_desc' => 'This is a non-editable system generated identifier for this token which will need to be provided in API requests.',
+    'user_api_token_secret' => 'Token Secret',
+    'user_api_token_secret_desc' => 'This is a system generated secret for this token which will need to be provided in API requests. This will only be displayed this one time so copy this value to somewhere safe and secure.',
     'user_api_token_created' => 'Token Created :timeAgo',
     'user_api_token_updated' => 'Token Updated :timeAgo',
     'user_api_token_delete' => 'Delete Token',
diff --git a/resources/views/users/api-tokens/edit.blade.php b/resources/views/users/api-tokens/edit.blade.php
index 0ec9adbe6..821a00d93 100644
--- a/resources/views/users/api-tokens/edit.blade.php
+++ b/resources/views/users/api-tokens/edit.blade.php
@@ -15,11 +15,11 @@
 
                     <div class="grid half gap-xl v-center">
                         <div>
-                            <label class="setting-list-label">{{ trans('settings.user_api_token_client_id') }}</label>
-                            <p class="small">{{ trans('settings.user_api_token_client_id_desc') }}</p>
+                            <label class="setting-list-label">{{ trans('settings.user_api_token_id') }}</label>
+                            <p class="small">{{ trans('settings.user_api_token_id_desc') }}</p>
                         </div>
                         <div>
-                            @include('form.text', ['name' => 'client_id', 'readonly' => true])
+                            @include('form.text', ['name' => 'token_id', 'readonly' => true])
                         </div>
                     </div>
 
@@ -27,8 +27,8 @@
                     @if( $secret )
                         <div class="grid half gap-xl v-center">
                             <div>
-                                <label class="setting-list-label">{{ trans('settings.user_api_token_client_secret') }}</label>
-                                <p class="small text-warn">{{ trans('settings.user_api_token_client_secret_desc') }}</p>
+                                <label class="setting-list-label">{{ trans('settings.user_api_token_secret') }}</label>
+                                <p class="small text-warn">{{ trans('settings.user_api_token_secret_desc') }}</p>
                             </div>
                             <div>
                                 <input type="text" readonly="readonly" value="{{ $secret }}">
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php
index ba76b022e..c69d101d4 100644
--- a/resources/views/users/edit.blade.php
+++ b/resources/views/users/edit.blade.php
@@ -109,7 +109,7 @@
                         <tr>
                             <td>
                                 {{ $token->name }} <br>
-                                <span class="small text-muted italic">{{ $token->client_id }}</span>
+                                <span class="small text-muted italic">{{ $token->token_id }}</span>
                             </td>
                             <td>{{ $token->expires_at->format('Y-m-d') ?? '' }}</td>
                             <td class="text-right">
diff --git a/tests/User/UserApiTokenTest.php b/tests/User/UserApiTokenTest.php
index 86c2b7bcc..012747296 100644
--- a/tests/User/UserApiTokenTest.php
+++ b/tests/User/UserApiTokenTest.php
@@ -44,7 +44,7 @@ class UserApiTokenTest extends TestCase
         $resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token'));
         $resp->assertStatus(200);
         $resp->assertSee('Create API Token');
-        $resp->assertSee('client secret');
+        $resp->assertSee('Token Secret');
 
         $resp = $this->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
         $token = ApiToken::query()->latest()->first();
@@ -59,11 +59,11 @@ class UserApiTokenTest extends TestCase
         $this->assertSessionHas('api-token-secret:' . $token->id);
         $secret = session('api-token-secret:' . $token->id);
         $this->assertDatabaseMissing('api_tokens', [
-            'client_secret' => $secret,
+            'secret' => $secret,
         ]);
-        $this->assertTrue(\Hash::check($secret, $token->client_secret));
+        $this->assertTrue(\Hash::check($secret, $token->secret));
 
-        $this->assertTrue(strlen($token->client_id) === 32);
+        $this->assertTrue(strlen($token->token_id) === 32);
         $this->assertTrue(strlen($secret) === 32);
 
         $this->assertSessionHas('success');
@@ -92,15 +92,15 @@ class UserApiTokenTest extends TestCase
         $resp = $this->get($editor->getEditUrl());
         $resp->assertElementExists('#api_tokens');
         $resp->assertElementContains('#api_tokens', $token->name);
-        $resp->assertElementContains('#api_tokens', $token->client_id);
+        $resp->assertElementContains('#api_tokens', $token->token_id);
         $resp->assertElementContains('#api_tokens', $token->expires_at->format('Y-m-d'));
     }
 
-    public function test_client_secret_shown_once_after_creation()
+    public function test_secret_shown_once_after_creation()
     {
         $editor = $this->getEditor();
         $resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
-        $resp->assertSeeText('Client Secret');
+        $resp->assertSeeText('Token Secret');
 
         $token = ApiToken::query()->latest()->first();
         $this->assertNull(session('api-token-secret:' . $token->id));