archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-18 18:38:44 +00:00
Code Issues Projects Releases Wiki Activity

Fixed some empty-expiry conditions of token ui flows

Browse source
This commit is contained in:
Dan Brown 2019-12-29 20:18:37 +00:00
parent 692fc46c7d
commit 2cfa37399c
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
2 changed files with 33 additions and 5 deletions

14
app/Http/Controllers/UserApiTokenController.php
View file

@ -40,7 +40,11 @@ class UserApiTokenController extends Controller
$user = User::query()->findOrFail($userId); $user = User::query()->findOrFail($userId);
$secret = Str::random(32); $secret = Str::random(32);
$expiry = $request->get('expires_at', (Carbon::now()->addYears(100))->format('Y-m-d'));
$expiry = $request->get('expires_at', null);
if (empty($expiry)) {
$expiry = Carbon::now()->addYears(100)->format('Y-m-d');
}
$token = (new ApiToken())->forceFill([ $token = (new ApiToken())->forceFill([
'name' => $request->get('name'), 'name' => $request->get('name'),
@ -83,14 +87,18 @@ class UserApiTokenController extends Controller
*/ */
public function update(Request $request, int $userId, int $tokenId) public function update(Request $request, int $userId, int $tokenId)
{ {
$this->validate($request, [ $requestData = $this->validate($request, [
'name' => 'required|max:250', 'name' => 'required|max:250',
'expires_at' => 'date_format:Y-m-d', 'expires_at' => 'date_format:Y-m-d',
]); ]);
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
$token->fill($request->all())->save(); if (empty($requestData['expires_at'])) {
$requestData['expires_at'] = Carbon::now()->addYears(100)->format('Y-m-d');
}
$token->fill($requestData)->save();
$this->showSuccessNotification(trans('settings.user_api_token_update_success')); $this->showSuccessNotification(trans('settings.user_api_token_update_success'));
return redirect($user->getEditUrl('/api-tokens/' . $token->id)); return redirect($user->getEditUrl('/api-tokens/' . $token->id));
} }

24
tests/User/UserApiTokenTest.php
View file

@ -9,7 +9,7 @@ class UserApiTokenTest extends TestCase
protected $testTokenData = [ protected $testTokenData = [
'name' => 'My test API token', 'name' => 'My test API token',
'expires_at' => '2099-04-01', 'expires_at' => '2050-04-01',
]; ];
public function test_tokens_section_not_visible_without_access_api_permission() public function test_tokens_section_not_visible_without_access_api_permission()
@ -72,7 +72,7 @@ class UserApiTokenTest extends TestCase
public function test_create_with_no_expiry_sets_expiry_hundred_years_away() public function test_create_with_no_expiry_sets_expiry_hundred_years_away()
{ {
$editor = $this->getEditor(); $editor = $this->getEditor();
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token']); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']);
$token = ApiToken::query()->latest()->first(); $token = ApiToken::query()->latest()->first();
$over = Carbon::now()->addYears(101); $over = Carbon::now()->addYears(101);
@ -126,6 +126,26 @@ class UserApiTokenTest extends TestCase
$this->assertSessionHas('success'); $this->assertSessionHas('success');
} }
public function test_token_update_with_blank_expiry_sets_to_hundred_years_away()
{
$editor = $this->getEditor();
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$token = ApiToken::query()->latest()->first();
$resp = $this->put($editor->getEditUrl('/api-tokens/' . $token->id), [
'name' => 'My updated token',
'expires_at' => '',
]);
$token->refresh();
$over = Carbon::now()->addYears(101);
$under = Carbon::now()->addYears(99);
$this->assertTrue(
($token->expires_at < $over && $token->expires_at > $under),
"Token expiry set at 100 years in future"
);
}
public function test_token_delete() public function test_token_delete()
{ {
$editor = $this->getEditor(); $editor = $this->getEditor();