iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use settings page for API key resets

This commit is contained in:
Igor Scheller 2024-04-07 19:27:46 +02:00 committed by xuwhite
parent 87f7a74f27
commit e514685444
8 changed files with 50 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
includes/pages/user_myshifts.php
View File

@ -41,21 +41,7 @@ function user_myshifts()
} }
$shifts_user = User::find($shift_entry_id); $shifts_user = User::find($shift_entry_id);
if ($request->has('reset')) { if ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {
if ($request->input('reset') == 'ack') {
auth()->resetApiKey($user);
engelsystem_log(sprintf('API key resetted (%s).', User_Nick_render($user, true)));
success(__('Key changed.'));
throw_redirect(url('/users', ['action' => 'view', 'user_id' => $shifts_user->id]));
}
return page_with_title(__('Reset API key'), [
error(
__('If you reset the key, the url to your iCal- and JSON-export and your atom/rss feed changes! You have to update it in every application using one of these exports.'),
true
),
button(url('/user-myshifts', ['reset' => 'ack']), __('Continue'), 'btn-danger'),
]);
} elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {
$shift_entry_id = $request->input('edit'); $shift_entry_id = $request->input('edit');
/** @var ShiftEntry $shiftEntry */ /** @var ShiftEntry $shiftEntry */
$shiftEntry = ShiftEntry::where('id', $shift_entry_id) $shiftEntry = ShiftEntry::where('id', $shift_entry_id)

13
includes/pages/user_shifts.php
View File

@ -374,18 +374,11 @@ function ical_hint()
return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2) return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2)
. '<p>' . sprintf( . '<p>' . sprintf(
__('Export your own shifts. <a href="%s" target="_blank">iCal format</a> or <a href="%s" target="_blank">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'), __('Export your own shifts formatted as <a href="%s" target="_blank">iCal</a> or <a href="%s" target="_blank">JSON</a> (please keep the link secret, otherwise you have to reset the api key <a href="%s">in your settings</a>).'),
url('/ical', ['key' => $user->api_key]), url('/ical', ['key' => $user->api_key]),
url('/shifts-json-export', ['key' => $user->api_key]), url('/shifts-json-export', ['key' => $user->api_key]),
url('/user-myshifts', ['reset' => 1]) url('/settings/api')
) ) . '</p>';
. ' <button class="btn btn-sm btn-danger" type="button"
data-bs-toggle="collapse" data-bs-target="#collapseApiKey"
aria-expanded="false" aria-controls="collapseApiKey">
' . __('Show API Key') . '
</button>'
. '</p>'
. '<p id="collapseApiKey" class="collapse"><code>' . $user->api_key . '</code></p>';
} }
/** /**

6
includes/view/User_view.php
View File

@ -677,9 +677,9 @@ function User_view(
url('/shifts-json-export', ['key' => $user_source->api_key]), url('/shifts-json-export', ['key' => $user_source->api_key]),
icon('braces') . __('JSON Export') icon('braces') . __('JSON Export')
) : '', ) : '',
$auth->canAny(['shifts_json_export', 'ical', 'atom']) ? button( $auth->canAny(['api', 'shifts_json_export', 'ical', 'atom']) ? button(
url('/user-myshifts', ['reset' => 1]), url('/settings/api'),
icon('arrow-repeat') . __('Reset API key') icon('arrow-repeat') . __('API Settings')
) : '', ) : '',
], 'mb-2') : '', ], 'mb-2') : '',
]), ]),

40
resources/lang/de_DE/default.po
View File

@ -761,22 +761,8 @@ msgstr "User bearbeiten"
msgid "general.datetime" msgid "general.datetime"
msgstr "d.m.Y H:i" msgstr "d.m.Y H:i"
msgid "Key changed." msgid "API Settings"
msgstr "Key geändert." msgstr "API Einstellungen"
msgid "Reset API key"
msgstr "API-Key zurücksetzen"
msgid ""
"If you reset the key, the url to your iCal- and JSON-export and your atom/rss "
"feed changes! You have to update it in every application using one of these "
"exports."
msgstr ""
"Wenn du den API-Key zurücksetzt, ändert sich die URL zu deinem iCal-, JSON-"
"Export und Atom/RSS Feed! Du musst diesen überall ändern, wo er in Benutzung ist."
msgid "Continue"
msgstr "Fortfahren"
msgid "Please enter a freeload comment!" msgid "Please enter a freeload comment!"
msgstr "Gib bitte einen Schwänz-Kommentar ein!" msgstr "Gib bitte einen Schwänz-Kommentar ein!"
@ -846,16 +832,13 @@ msgid "iCal export and API"
msgstr "iCal Export und API" msgstr "iCal Export und API"
msgid "" msgid ""
"Export your own shifts. <a href=\"%s\" target=\"_blank\">iCal format</a> or <a href=\"%s" "Export your own shifts formatted as <a href=\"%s\" target=\"_blank\">iCal</a> or "
"\" target=\"_blank\">JSON format</a> available (please keep secret, otherwise <a href=\"%s" "<a href=\"%s\" target=\"_blank\">JSON</a> (please keep the link secret, otherwise you have to reset the api key "
"\">reset the api key</a>)." "<a href=\"%s\">in your settings</a>)."
msgstr "" msgstr ""
"Exportiere Deine Schichten. <a href=\"%s\" target=\"_blank\">iCal Format</a> oder <a href=\"%s" "Exportiere Deine Schichten im <a href=\"%s\" target=\"_blank\">iCal</a> oder <a href=\"%s"
"\" target=\"_blank\">JSON Format</a> verfügbar (Link bitte geheimhalten, sonst <a href=\"%s" "\" target=\"_blank\">JSON</a> Format (Link bitte geheimhalten, sonst musst du den API-Key in "
"\">API-Key zurücksetzen</a>)." "<a href=\"%s\">deinen Einstellungen</a> zurücksetzen)."
msgid "Show API Key"
msgstr "API Key anzeigen"
msgid "All" msgid "All"
msgstr "Alle" msgstr "Alle"
@ -1814,9 +1797,12 @@ msgstr "API"
msgid "settings.api.about" msgid "settings.api.about"
msgstr "" msgstr ""
"Die API erlaubt es dir, über externe Programme, mit dem Engelsystem zu interagieren. " "Die API erlaubt es dir, über externe Programme, mit dem %s zu interagieren. "
"Sie ist noch nicht vollständig, wir arbeiten aber daran sie zu erweitern.\n" "Sie ist noch nicht vollständig, wir arbeiten aber daran sie zu erweitern.\n"
"Der API Einstiegspunkt befindet sich unter `%s` und ist in der [OpenAPI Spezifikation](%s) beschrieben.\n" "Der Einstiegspunkt der API befindet sich unter `%s` und ist in der [OpenAPI Spezifikation](%s) beschrieben.\n"
msgid "settings.api.about.warning"
msgstr ""
"Teile deinen persönlichen API Key mit niemandem, er erlaubt es deine persönlichen Daten einzusehen " "Teile deinen persönlichen API Key mit niemandem, er erlaubt es deine persönlichen Daten einzusehen "
"und Änderungen in deinem Namen durch zu führen!" "und Änderungen in deinem Namen durch zu führen!"

9
resources/lang/en_US/default.po
View File

@ -516,11 +516,14 @@ msgstr "API"
msgid "settings.api.about" msgid "settings.api.about"
msgstr "" msgstr ""
"The API allows you to interact with the Engelsystem by using external programs. " "The API allows you to interact with the %s by using external programs. "
"It's not complete but we are working on extending it.\n" "It's not complete but we are working on extending it.\n"
"The API endpoint is located at `%s` and described in the [OpenAPI specification](%s).\n" "The endpoint of the API is located at `%s` and described in the [OpenAPI specification](%s).\n"
msgid "settings.api.about.warning"
msgstr ""
"Don't share your personal API key with anyone as it can be used to view your personal data " "Don't share your personal API key with anyone as it can be used to view your personal data "
"and do changes your behalf!" "and do changes on your behalf!"
msgid "settings.api.shifts_json_show" msgid "settings.api.shifts_json_show"
msgstr "Show JSON shifts export" msgstr "Show JSON shifts export"

25
resources/views/pages/settings/api.twig
View File

@ -50,7 +50,10 @@
{{ csrf() }} {{ csrf() }}
{{ f.submit( {{ f.submit(
__('settings.api.key_reset'), __('settings.api.key_reset'),
{ 'size': 'sm', 'icon_left': 'arrow-repeat', 'confirm_text': __('settings.api.key_reset_confirm') } {
'size': 'sm', 'btn_type': 'danger',
'icon_left': 'arrow-repeat', 'confirm_text': __('settings.api.key_reset_confirm')
}
) }} ) }}
</form> </form>
@ -77,9 +80,13 @@
{% if has_permission_to('atom') %} {% if has_permission_to('atom') %}
<p id="news_hide" class="collapse" data-bs-parent="#exports_hide"> <p id="news_hide" class="collapse" data-bs-parent="#exports_hide">
<code>{{ url('/atom', {'key': user.api_key}) }}</code> <code>{{ url('/atom', {'key': user.api_key}) }}</code>
<code>{{ url('/atom', {'meetings': 1, 'key': user.api_key}) }}</code> {% if has_permission_to('user_meetings') %}
<code>{{ url('/rss', {'key': user.api_key}) }}</code> <br><code>{{ url('/atom', {'meetings': 1, 'key': user.api_key}) }}</code>
<code>{{ url('/rss', {'meetings': 1, 'key': user.api_key}) }}</code> {% endif %}
<br><code>{{ url('/rss', {'key': user.api_key}) }}</code>
{% if has_permission_to('user_meetings') %}
<br><code>{{ url('/rss', {'meetings': 1, 'key': user.api_key}) }}</code>
{% endif %}
</p> </p>
{% endif %} {% endif %}
@ -88,7 +95,15 @@
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
{{ __('settings.api.about', [url('/api/v0-beta'), url('/api/v0-beta/openapi')])|markdown|nl2br }} {% if has_permission_to('api') %}
{{ __('settings.api.about', [
config('app_name'),
url('/api/v0-beta'),
url('/api/v0-beta/openapi')
])|markdown|nl2br }}
{% endif %}
{{ __('settings.api.about.warning')|markdown|nl2br }}
</div> </div>
</div> </div>

6
src/Controllers/SettingsController.php
View File

@ -23,8 +23,8 @@ class SettingsController extends BaseController
/** @var string[] */ /** @var string[] */
protected array $permissions = [ protected array $permissions = [
'user_settings', 'user_settings',
'api' => 'api', 'api' => 'api||shifts_json_export||ical||atom',
'apiKeyReset' => 'api', 'apiKeyReset' => 'api||shifts_json_export||ical||atom',
]; ];
public function __construct( public function __construct(
@ -414,7 +414,7 @@ class SettingsController extends BaseController
$menu[url('/settings/oauth')] = ['title' => 'settings.oauth', 'hidden' => $this->checkOauthHidden()]; $menu[url('/settings/oauth')] = ['title' => 'settings.oauth', 'hidden' => $this->checkOauthHidden()];
} }
if ($this->auth->can('api')) { if ($this->auth->canAny(['api', 'shifts_json_export', 'ical', 'atom'])) {
$menu[url('/settings/api')] = ['title' => 'settings.api', 'icon' => 'braces']; $menu[url('/settings/api')] = ['title' => 'settings.api', 'icon' => 'braces'];
} }

2
tests/Unit/Controllers/SettingsControllerTest.php
View File

@ -1065,7 +1065,7 @@ class SettingsControllerTest extends ControllerTest
*/ */
public function testSettingsMenuApi(): void public function testSettingsMenuApi(): void
{ {
$this->setExpects($this->auth, 'can', ['api'], true, $this->atLeastOnce()); $this->setExpects($this->auth, 'canAny', null, true, $this->atLeastOnce());
$menu = $this->controller->settingsMenu(); $menu = $this->controller->settingsMenu();
$this->assertArrayHasKey('http://localhost/settings/profile', $menu); $this->assertArrayHasKey('http://localhost/settings/profile', $menu);