Added testing coverage to user API token interfaces · i4j5/BookStack@832fbd6 · GitHub
Skip to content

Commit 832fbd6

Browse files
committed
Added testing coverage to user API token interfaces
1 parent dccb279 commit 832fbd6

8 files changed

Lines changed: 180 additions & 11 deletions

File tree

app/Api/ApiToken.php

Lines changed: 1 addition & 1 deletion

app/Http/Controllers/UserApiTokenController.php

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ public function create(int $userId)
1717
{
1818
// Ensure user is has access-api permission and is the current user or has permission to manage the current user.
1919
$this->checkPermission('access-api');
20-
$this->checkPermissionOrCurrentUser('manage-users', $userId);
20+
$this->checkPermissionOrCurrentUser('users-manage', $userId);
2121

2222
$user = User::query()->findOrFail($userId);
2323
return view('users.api-tokens.create', [
@@ -31,7 +31,7 @@ public function create(int $userId)
3131
public function store(Request $request, int $userId)
3232
{
3333
$this->checkPermission('access-api');
34-
$this->checkPermissionOrCurrentUser('manage-users', $userId);
34+
$this->checkPermissionOrCurrentUser('users-manage', $userId);
3535

3636
$this->validate($request, [
3737
'name' => 'required|max:250',
@@ -55,8 +55,10 @@ public function store(Request $request, int $userId)
5555
}
5656

5757
$token->save();
58-
// TODO - Notification and activity?
58+
$token->refresh();
59+
5960
session()->flash('api-token-secret:' . $token->id, $secret);
61+
$this->showSuccessNotification(trans('settings.user_api_token_create_success'));
6062
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
6163
}
6264

@@ -89,7 +91,7 @@ public function update(Request $request, int $userId, int $tokenId)
8991
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
9092

9193
$token->fill($request->all())->save();
92-
// TODO - Notification and activity?
94+
$this->showSuccessNotification(trans('settings.user_api_token_update_success'));
9395
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
9496
}
9597

@@ -113,7 +115,7 @@ public function destroy(int $userId, int $tokenId)
113115
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
114116
$token->delete();
115117

116-
// TODO - Notification and activity?, Might have text in translations already (user_api_token_delete_success)
118+
$this->showSuccessNotification(trans('settings.user_api_token_delete_success'));
117119
return redirect($user->getEditUrl('#api_tokens'));
118120
}
119121

@@ -124,8 +126,9 @@ public function destroy(int $userId, int $tokenId)
124126
*/
125127
protected function checkPermissionAndFetchUserToken(int $userId, int $tokenId): array
126128
{
127-
$this->checkPermission('access-api');
128-
$this->checkPermissionOrCurrentUser('manage-users', $userId);
129+
$this->checkPermissionOr('users-manage', function () use ($userId) {
130+
return $userId === user()->id && userCan('access-api');
131+
});
129132

130133
$user = User::query()->findOrFail($userId);
131134
$token = ApiToken::query()->where('user_id', '=', $user->id)->where('id', '=', $tokenId)->firstOrFail();

database/migrations/2019_12_29_120917_add_api_auth.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ public function up()
2222
$table->string('client_id')->unique();
2323
$table->string('client_secret');
2424
$table->integer('user_id')->unsigned()->index();
25-
$table->timestamp('expires_at')->index();
25+
$table->date('expires_at')->index();
2626
$table->nullableTimestamps();
2727
});
2828

resources/lang/en/settings.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,8 @@
164164
'user_api_token_expiry' => 'Expiry Date',
165165
'user_api_token_expiry_desc' => 'Set a date at which this token expires. After this date, requests made using this token will no longer work. Leaving this field blank will set an expiry 100 years into the future.',
166166
'user_api_token_create_secret_message' => 'Immediately after creating this token a "client id"" & "client secret" will be generated and displayed. The client secret will only be shown a single time so be sure to copy the value to somewhere safe and secure before proceeding.',
167+
'user_api_token_create_success' => 'API token successfully created',
168+
'user_api_token_update_success' => 'API token successfully updated',
167169
'user_api_token' => 'API Token',
168170
'user_api_token_client_id' => 'Client ID',
169171
'user_api_token_client_id_desc' => 'This is a non-editable system generated identifier for this token which will need to be provided in API requests.',

resources/views/users/edit.blade.php

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -88,8 +88,7 @@ class="button small outline">{{ trans('settings.users_social_connect') }}</a>
8888
</section>
8989
@endif
9090

91-
{{-- TODO - Review Control--}}
92-
@if(($currentUser->id === $user->id && userCan('access-api')) || userCan('manage-users'))
91+
@if(($currentUser->id === $user->id && userCan('access-api')) || userCan('users-manage'))
9392
<section class="card content-wrap auto-height" id="api_tokens">
9493
<div class="grid half">
9594
<div><h2 class="list-heading">{{ trans('settings.users_api_tokens') }}</h2></div>

tests/User/UserApiTokenTest.php

Lines changed: 165 additions & 0 deletions

0 commit comments

Comments
 (0)