Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

Removed token 'client' text, avoid confusion w/ oAuth

Browse Source 
- Instead have a token_id and a secret.
   - Displayed a 'Token ID' and 'Token Secret'.
This commit is contained in:
Dan Brown 2019-12-29 20:07:28 +00:00
parent 832fbd65af
commit 692fc46c7d
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
6 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Controllers/UserApiTokenController.php
View File

@ -44,14 +44,14 @@ class UserApiTokenController extends Controller
$token = (new ApiToken())->forceFill([
'name' => $request->get('name'),
'client_id' => Str::random(32),
'client_secret' => Hash::make($secret),
'token_id' => Str::random(32),
'secret' => Hash::make($secret),
'user_id' => $user->id,
'expires_at' => $expiry
]);
while (ApiToken::query()->where('client_id', '=', $token->client_id)->exists()) {
$token->client_id = Str::random(32);
while (ApiToken::query()->where('token_id', '=', $token->token_id)->exists()) {
$token->token_id = Str::random(32);
}
$token->save();

4
database/migrations/2019_12_29_120917_add_api_auth.php
View File

@ -19,8 +19,8 @@ class AddApiAuth extends Migration
Schema::create('api_tokens', function(Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->string('client_id')->unique();
$table->string('client_secret');
$table->string('token_id')->unique();
$table->string('secret');
$table->integer('user_id')->unsigned()->index();
$table->date('expires_at')->index();
$table->nullableTimestamps();

10
resources/lang/en/settings.php
View File

@ -163,14 +163,14 @@ return [
'user_api_token_name_desc' => 'Give your token a readable name as a future reminder of its intended purpose.',
'user_api_token_expiry' => 'Expiry Date',
'user_api_token_expiry_desc' => 'Set a date at which this token expires. After this date, requests made using this token will no longer work. Leaving this field blank will set an expiry 100 years into the future.',
'user_api_token_create_secret_message' => 'Immediately after creating this token a "client id"" & "client secret" will be generated and displayed. The client secret will only be shown a single time so be sure to copy the value to somewhere safe and secure before proceeding.',
'user_api_token_create_secret_message' => 'Immediately after creating this token a "Token ID"" & "Token Secret" will be generated and displayed. The secret will only be shown a single time so be sure to copy the value to somewhere safe and secure before proceeding.',
'user_api_token_create_success' => 'API token successfully created',
'user_api_token_update_success' => 'API token successfully updated',
'user_api_token' => 'API Token',
'user_api_token_client_id' => 'Client ID',
'user_api_token_client_id_desc' => 'This is a non-editable system generated identifier for this token which will need to be provided in API requests.',
'user_api_token_client_secret' => 'Client Secret',
'user_api_token_client_secret_desc' => 'This is a system generated secret for this token which will need to be provided in API requests. This will only be displayed this one time so copy this value to somewhere safe and secure.',
'user_api_token_id' => 'Token ID',
'user_api_token_id_desc' => 'This is a non-editable system generated identifier for this token which will need to be provided in API requests.',
'user_api_token_secret' => 'Token Secret',
'user_api_token_secret_desc' => 'This is a system generated secret for this token which will need to be provided in API requests. This will only be displayed this one time so copy this value to somewhere safe and secure.',
'user_api_token_created' => 'Token Created :timeAgo',
'user_api_token_updated' => 'Token Updated :timeAgo',
'user_api_token_delete' => 'Delete Token',

10
resources/views/users/api-tokens/edit.blade.php
View File

@ -15,11 +15,11 @@
<div class="grid half gap-xl v-center">
<div>
<label class="setting-list-label">{{ trans('settings.user_api_token_client_id') }}</label>
<p class="small">{{ trans('settings.user_api_token_client_id_desc') }}</p>
<label class="setting-list-label">{{ trans('settings.user_api_token_id') }}</label>
<p class="small">{{ trans('settings.user_api_token_id_desc') }}</p>
</div>
<div>
@include('form.text', ['name' => 'client_id', 'readonly' => true])
@include('form.text', ['name' => 'token_id', 'readonly' => true])
</div>
</div>
@ -27,8 +27,8 @@
@if( $secret )
<div class="grid half gap-xl v-center">
<div>
<label class="setting-list-label">{{ trans('settings.user_api_token_client_secret') }}</label>
<p class="small text-warn">{{ trans('settings.user_api_token_client_secret_desc') }}</p>
<label class="setting-list-label">{{ trans('settings.user_api_token_secret') }}</label>
<p class="small text-warn">{{ trans('settings.user_api_token_secret_desc') }}</p>
</div>
<div>
<input type="text" readonly="readonly" value="{{ $secret }}">

2
resources/views/users/edit.blade.php
View File

@ -109,7 +109,7 @@
<tr>
<td>
{{ $token->name }} <br>
<span class="small text-muted italic">{{ $token->client_id }}</span>
<span class="small text-muted italic">{{ $token->token_id }}</span>
</td>
<td>{{ $token->expires_at->format('Y-m-d') ?? '' }}</td>
<td class="text-right">

14
tests/User/UserApiTokenTest.php
View File

@ -44,7 +44,7 @@ class UserApiTokenTest extends TestCase
$resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token'));
$resp->assertStatus(200);
$resp->assertSee('Create API Token');
$resp->assertSee('client secret');
$resp->assertSee('Token Secret');
$resp = $this->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$token = ApiToken::query()->latest()->first();
@ -59,11 +59,11 @@ class UserApiTokenTest extends TestCase
$this->assertSessionHas('api-token-secret:' . $token->id);
$secret = session('api-token-secret:' . $token->id);
$this->assertDatabaseMissing('api_tokens', [
'client_secret' => $secret,
'secret' => $secret,
]);
$this->assertTrue(\Hash::check($secret, $token->client_secret));
$this->assertTrue(\Hash::check($secret, $token->secret));
$this->assertTrue(strlen($token->client_id) === 32);
$this->assertTrue(strlen($token->token_id) === 32);
$this->assertTrue(strlen($secret) === 32);
$this->assertSessionHas('success');
@ -92,15 +92,15 @@ class UserApiTokenTest extends TestCase
$resp = $this->get($editor->getEditUrl());
$resp->assertElementExists('#api_tokens');
$resp->assertElementContains('#api_tokens', $token->name);
$resp->assertElementContains('#api_tokens', $token->client_id);
$resp->assertElementContains('#api_tokens', $token->token_id);
$resp->assertElementContains('#api_tokens', $token->expires_at->format('Y-m-d'));
}
public function test_client_secret_shown_once_after_creation()
public function test_secret_shown_once_after_creation()
{
$editor = $this->getEditor();
$resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$resp->assertSeeText('Client Secret');
$resp->assertSeeText('Token Secret');
$token = ApiToken::query()->latest()->first();
$this->assertNull(session('api-token-secret:' . $token->id));