WIP REST API: show checkbox in application password to (re-)generate new token and display it

This commit is contained in:
ralf 2023-07-04 11:22:49 +02:00
parent ec664540fd
commit 333750587c
5 changed files with 31 additions and 25 deletions

View File

@ -484,6 +484,7 @@ forward only disables imap mailbox / storing of mails and just forwards them to
full name admin de Vollständiger Name full name admin de Vollständiger Name
general admin de Allgemein general admin de Allgemein
generate certificate admin de Zertifikat erzeugen generate certificate admin de Zertifikat erzeugen
generate new token and display it once after saving admin de Neues Token erzeugen und einmalig nach dem Speichern anzeigen
git clone admin de Git Clone git clone admin de Git Clone
global categories common de Globale Kategorien global categories common de Globale Kategorien
global options admin de Globale Optionen global options admin de Globale Optionen
@ -911,7 +912,6 @@ the name used internaly (<= 20 chars), changeing it makes existing data unava
the name used internaly (<= 20 chars), changeing it makes existing data unavailible admin de intern benutzter Name (<= 20 Buchstaben), Veränderungen machen existierende Daten unerreichbar! the name used internaly (<= 20 chars), changeing it makes existing data unavailible admin de intern benutzter Name (<= 20 Buchstaben), Veränderungen machen existierende Daten unerreichbar!
the testjob sends you a mail everytime it is called. admin de Der Testjob sendet Ihnen jedes mal eine E-Mail wenn er aufgerufen wird. the testjob sends you a mail everytime it is called. admin de Der Testjob sendet Ihnen jedes mal eine E-Mail wenn er aufgerufen wird.
the text displayed to the user admin de Für den Benutzer angezeigter Text the text displayed to the user admin de Für den Benutzer angezeigter Text
the token is displayed once after saving. admin de Das Token wird nach dem Speichern einmalig angezeigt.
the two passwords are not the same admin de Die beiden Passwörter stimmen nicht überein the two passwords are not the same admin de Die beiden Passwörter stimmen nicht überein
the users bellow are still members of group %1 admin de Die unten angezeigten Benutzer sind Mitglied der Gruppe %1 the users bellow are still members of group %1 admin de Die unten angezeigten Benutzer sind Mitglied der Gruppe %1
there already is a group with this name. userid's can not have the same name as a groupid admin de Es gibt bereits ein Gruppe mit diesem Namen. Benutzernamen dürfen nicht identisch mit Gruppennamen sein. there already is a group with this name. userid's can not have the same name as a groupid admin de Es gibt bereits ein Gruppe mit diesem Namen. Benutzernamen dürfen nicht identisch mit Gruppennamen sein.

View File

@ -487,6 +487,7 @@ forward only disables imap mailbox / storing of mails and just forwards them to
full name admin en Full name full name admin en Full name
general admin en General general admin en General
generate certificate admin en Generate Certificate generate certificate admin en Generate Certificate
generate new token and display it once after saving admin en Generate new token and display it once after saving
git clone admin en Git clone git clone admin en Git clone
global categories common en Global categories global categories common en Global categories
global options admin en Global options global options admin en Global options
@ -914,7 +915,6 @@ the name used internaly (&lt;= 20 chars), changeing it makes existing data unava
the name used internaly (<= 20 chars), changeing it makes existing data unavailible admin en The name used internally, <= 20 chars, changing it makes existing data unavailable. the name used internaly (<= 20 chars), changeing it makes existing data unavailible admin en The name used internally, <= 20 chars, changing it makes existing data unavailable.
the testjob sends you a mail everytime it is called. admin en The TestJob sends you a mail every time it is called. the testjob sends you a mail everytime it is called. admin en The TestJob sends you a mail every time it is called.
the text displayed to the user admin en The text displayed to the user the text displayed to the user admin en The text displayed to the user
the token is displayed once after saving. admin en The token is displayed once after saving.
the two passwords are not the same admin en Passwords are not the same the two passwords are not the same admin en Passwords are not the same
the users bellow are still members of group %1 admin en The users below are still members of group %1 the users bellow are still members of group %1 admin en The users below are still members of group %1
there already is a group with this name. userid's can not have the same name as a groupid admin en There is already a group with this name. User ID's can not have the same name as a group ID. there already is a group with this name. userid's can not have the same name as a groupid admin en There is already a group with this name. User ID's can not have the same name as a group ID.

View File

@ -60,7 +60,7 @@ class Token
} }
else else
{ {
$content = $this->token->init(); $content = $this->token->init()+['new_token' => true];
if (empty($GLOBALS['egw_info']['user']['apps']['admin'])) if (empty($GLOBALS['egw_info']['user']['apps']['admin']))
{ {
$content['account_id'] = $GLOBALS['egw_info']['user']['account_id']; $content['account_id'] = $GLOBALS['egw_info']['user']['account_id'];
@ -77,24 +77,16 @@ class Token
case 'save': case 'save':
case 'apply': case 'apply':
$content['token_limits'] = Api\Auth\Token::apps2limits($content['token_apps']); $content['token_limits'] = Api\Auth\Token::apps2limits($content['token_apps']);
if (empty($content['token_id'])) if (empty($content['token_id']) || $content['new_token'])
{ {
$content = Api\Auth\Token::create($content['account_id'] ?: 0, $content['token_valid_until'], $content['token_remark'], $content['new_token'] = true;
$content['token_limits']);
Api\Framework::refresh_opener(lang('Token created.'),
self::APP, $this->token->data['token_id'],'add');
$button = 'apply'; // must not close window to show token $button = 'apply'; // must not close window to show token
} }
elseif (!$this->token->save($content)) $this->token->save($content);
{ Api\Framework::refresh_opener(empty($content['new_token']) ? lang('Token saved.') : lang('Token created.'),
Api\Framework::refresh_opener(lang('Token saved.'), self::APP, $this->token->data['token_id'],'edit');
self::APP, $this->token->data['token_id'],'edit'); unset($content['new_token']);
$content = array_merge($content, $this->token->data); $content = array_merge($content, $this->token->data);
}
else
{
throw new \Exception(lang('Error storing token!'));
}
if ($button === 'save') if ($button === 'save')
{ {
Api\Framework::window_close(); // does NOT return Api\Framework::window_close(); // does NOT return

View File

@ -45,8 +45,16 @@
<et2-date-time id="token_updated" readonly="true" align="right"></et2-date-time> <et2-date-time id="token_updated" readonly="true" align="right"></et2-date-time>
</et2-hbox> </et2-hbox>
</row> </row>
<row disabled="!@token_revoked">
<et2-description value="Revoked"></et2-description>
<et2-hbox>
<et2-select-account id="token_revoked_by" readonly="true"></et2-select-account>
<et2-date-time id="token_revoked" readonly="true" align="right"></et2-date-time>
</et2-hbox>
</row>
<row disabled="@token"> <row disabled="@token">
<et2-description value="The token is displayed once after saving." span="all"></et2-description> <et2-description></et2-description>
<et2-checkbox id="new_token" label="Generate new token and display it once after saving" span="all"></et2-checkbox>
</row> </row>
<row> <row>
<et2-hbox span="all"> <et2-hbox span="all">

View File

@ -88,20 +88,17 @@ class Token extends APi\Storage\Base
{ {
$account_id = $GLOBALS['egw_info']['user']['account_id']; $account_id = $GLOBALS['egw_info']['user']['account_id'];
} }
$token = Api\Auth::randomstring(16);
$inst = self::getInstance(); $inst = self::getInstance();
$inst->init([ $inst->init([
'account_id' => $account_id, 'account_id' => $account_id,
'token_hash' => password_hash($token, PASSWORD_DEFAULT), 'new_token' => true,
'token_valid_until' => $until, 'token_valid_until' => $until,
'token_remark' => $remark, 'token_remark' => $remark,
'token_limits' => $limits, 'token_limits' => $limits,
]); ]);
$inst->save(); $inst->save();
return $inst->data+[ return $inst->data;
'token' => self::PREFIX.$inst->data['token_id'].'_'.$token,
];
} }
/** /**
@ -130,7 +127,6 @@ class Token extends APi\Storage\Base
* @param string|array $extra_where =null extra where clause, eg. to check an etag, returns true if no affected rows! * @param string|array $extra_where =null extra where clause, eg. to check an etag, returns true if no affected rows!
* @return int|boolean 0 on success, or errno != 0 on error, or true if $extra_where is given and no rows affected * @return int|boolean 0 on success, or errno != 0 on error, or true if $extra_where is given and no rows affected
* @throws Api\Exception\NoPermission\Admin if non-admin user tries to create token for anyone else * @throws Api\Exception\NoPermission\Admin if non-admin user tries to create token for anyone else
* @throws Api\Exception\NotFound if token_id does NOT exist
* @throws Api\Db\Exception if token could not be stored * @throws Api\Db\Exception if token could not be stored
*/ */
function save($keys=null,$extra_where=null) function save($keys=null,$extra_where=null)
@ -152,10 +148,20 @@ class Token extends APi\Storage\Base
$this->data['token_updated_by'] = $GLOBALS['egw_info']['user']['account_id']; $this->data['token_updated_by'] = $GLOBALS['egw_info']['user']['account_id'];
$this->data['token_updated'] = $this->now; $this->data['token_updated'] = $this->now;
} }
if (!empty($keys['new_token']))
{
$token = Api\Auth::randomstring(16);
$this->data['token_hash'] = password_hash($token, PASSWORD_DEFAULT);
$this->data['token_revoked'] = null;
}
if (($ret = parent::save(null, $extra_where))) if (($ret = parent::save(null, $extra_where)))
{ {
throw new Api\Db\Exception(lang('Error storing token')); throw new Api\Db\Exception(lang('Error storing token'));
} }
if (isset($token))
{
$this->data['token'] = self::PREFIX.$this->data['token_id'].'_'.$token;
}
return $ret; return $ret;
} }