From 333750587ced487368390a565933fce265d0a465 Mon Sep 17 00:00:00 2001 From: ralf Date: Tue, 4 Jul 2023 11:22:49 +0200 Subject: [PATCH] WIP REST API: show checkbox in application password to (re-)generate new token and display it --- admin/lang/egw_de.lang | 2 +- admin/lang/egw_en.lang | 2 +- admin/src/Token.php | 24 ++++++++---------------- admin/templates/default/token.edit.xet | 10 +++++++++- api/src/Auth/Token.php | 18 ++++++++++++------ 5 files changed, 31 insertions(+), 25 deletions(-) diff --git a/admin/lang/egw_de.lang b/admin/lang/egw_de.lang index eb54166981..5677a67982 100644 --- a/admin/lang/egw_de.lang +++ b/admin/lang/egw_de.lang @@ -484,6 +484,7 @@ forward only disables imap mailbox / storing of mails and just forwards them to full name admin de Vollständiger Name general admin de Allgemein generate certificate admin de Zertifikat erzeugen +generate new token and display it once after saving admin de Neues Token erzeugen und einmalig nach dem Speichern anzeigen git clone admin de Git Clone global categories common de Globale Kategorien global options admin de Globale Optionen @@ -911,7 +912,6 @@ the name used internaly (<= 20 chars), changeing it makes existing data unava the name used internaly (<= 20 chars), changeing it makes existing data unavailible admin de intern benutzter Name (<= 20 Buchstaben), Veränderungen machen existierende Daten unerreichbar! the testjob sends you a mail everytime it is called. admin de Der Testjob sendet Ihnen jedes mal eine E-Mail wenn er aufgerufen wird. the text displayed to the user admin de Für den Benutzer angezeigter Text -the token is displayed once after saving. admin de Das Token wird nach dem Speichern einmalig angezeigt. the two passwords are not the same admin de Die beiden Passwörter stimmen nicht überein the users bellow are still members of group %1 admin de Die unten angezeigten Benutzer sind Mitglied der Gruppe %1 there already is a group with this name. userid's can not have the same name as a groupid admin de Es gibt bereits ein Gruppe mit diesem Namen. Benutzernamen dürfen nicht identisch mit Gruppennamen sein. diff --git a/admin/lang/egw_en.lang b/admin/lang/egw_en.lang index 237429938a..31800570a3 100644 --- a/admin/lang/egw_en.lang +++ b/admin/lang/egw_en.lang @@ -487,6 +487,7 @@ forward only disables imap mailbox / storing of mails and just forwards them to full name admin en Full name general admin en General generate certificate admin en Generate Certificate +generate new token and display it once after saving admin en Generate new token and display it once after saving git clone admin en Git clone global categories common en Global categories global options admin en Global options @@ -914,7 +915,6 @@ the name used internaly (<= 20 chars), changeing it makes existing data unava the name used internaly (<= 20 chars), changeing it makes existing data unavailible admin en The name used internally, <= 20 chars, changing it makes existing data unavailable. the testjob sends you a mail everytime it is called. admin en The TestJob sends you a mail every time it is called. the text displayed to the user admin en The text displayed to the user -the token is displayed once after saving. admin en The token is displayed once after saving. the two passwords are not the same admin en Passwords are not the same the users bellow are still members of group %1 admin en The users below are still members of group %1 there already is a group with this name. userid's can not have the same name as a groupid admin en There is already a group with this name. User ID's can not have the same name as a group ID. diff --git a/admin/src/Token.php b/admin/src/Token.php index 9f9e2b90af..1f1c40422c 100644 --- a/admin/src/Token.php +++ b/admin/src/Token.php @@ -60,7 +60,7 @@ class Token } else { - $content = $this->token->init(); + $content = $this->token->init()+['new_token' => true]; if (empty($GLOBALS['egw_info']['user']['apps']['admin'])) { $content['account_id'] = $GLOBALS['egw_info']['user']['account_id']; @@ -77,24 +77,16 @@ class Token case 'save': case 'apply': $content['token_limits'] = Api\Auth\Token::apps2limits($content['token_apps']); - if (empty($content['token_id'])) + if (empty($content['token_id']) || $content['new_token']) { - $content = Api\Auth\Token::create($content['account_id'] ?: 0, $content['token_valid_until'], $content['token_remark'], - $content['token_limits']); - Api\Framework::refresh_opener(lang('Token created.'), - self::APP, $this->token->data['token_id'],'add'); + $content['new_token'] = true; $button = 'apply'; // must not close window to show token } - elseif (!$this->token->save($content)) - { - Api\Framework::refresh_opener(lang('Token saved.'), - self::APP, $this->token->data['token_id'],'edit'); - $content = array_merge($content, $this->token->data); - } - else - { - throw new \Exception(lang('Error storing token!')); - } + $this->token->save($content); + Api\Framework::refresh_opener(empty($content['new_token']) ? lang('Token saved.') : lang('Token created.'), + self::APP, $this->token->data['token_id'],'edit'); + unset($content['new_token']); + $content = array_merge($content, $this->token->data); if ($button === 'save') { Api\Framework::window_close(); // does NOT return diff --git a/admin/templates/default/token.edit.xet b/admin/templates/default/token.edit.xet index 51d1c53b4f..cd22b0d682 100644 --- a/admin/templates/default/token.edit.xet +++ b/admin/templates/default/token.edit.xet @@ -45,8 +45,16 @@ + + + + + + + - + + diff --git a/api/src/Auth/Token.php b/api/src/Auth/Token.php index 1eed01e374..d7457d6764 100644 --- a/api/src/Auth/Token.php +++ b/api/src/Auth/Token.php @@ -88,20 +88,17 @@ class Token extends APi\Storage\Base { $account_id = $GLOBALS['egw_info']['user']['account_id']; } - $token = Api\Auth::randomstring(16); $inst = self::getInstance(); $inst->init([ 'account_id' => $account_id, - 'token_hash' => password_hash($token, PASSWORD_DEFAULT), + 'new_token' => true, 'token_valid_until' => $until, 'token_remark' => $remark, 'token_limits' => $limits, ]); $inst->save(); - return $inst->data+[ - 'token' => self::PREFIX.$inst->data['token_id'].'_'.$token, - ]; + return $inst->data; } /** @@ -130,7 +127,6 @@ class Token extends APi\Storage\Base * @param string|array $extra_where =null extra where clause, eg. to check an etag, returns true if no affected rows! * @return int|boolean 0 on success, or errno != 0 on error, or true if $extra_where is given and no rows affected * @throws Api\Exception\NoPermission\Admin if non-admin user tries to create token for anyone else - * @throws Api\Exception\NotFound if token_id does NOT exist * @throws Api\Db\Exception if token could not be stored */ function save($keys=null,$extra_where=null) @@ -152,10 +148,20 @@ class Token extends APi\Storage\Base $this->data['token_updated_by'] = $GLOBALS['egw_info']['user']['account_id']; $this->data['token_updated'] = $this->now; } + if (!empty($keys['new_token'])) + { + $token = Api\Auth::randomstring(16); + $this->data['token_hash'] = password_hash($token, PASSWORD_DEFAULT); + $this->data['token_revoked'] = null; + } if (($ret = parent::save(null, $extra_where))) { throw new Api\Db\Exception(lang('Error storing token')); } + if (isset($token)) + { + $this->data['token'] = self::PREFIX.$this->data['token_id'].'_'.$token; + } return $ret; }