diff --git a/flexiapi/app/Account.php b/flexiapi/app/Account.php
index c22820e..e41e7ec 100644
--- a/flexiapi/app/Account.php
+++ b/flexiapi/app/Account.php
@@ -38,8 +38,8 @@ class Account extends Authenticatable
use HasFactory;
use Compoships;
- protected $with = ['passwords', 'admin', 'alias', 'currentRecoveryCode', 'activationExpiration', 'emailChangeCode', 'types', 'actions'];
- protected $hidden = ['alias', 'expire_time', 'confirmation_key', 'pivot'];
+ protected $with = ['passwords', 'admin', 'alias', 'activationExpiration', 'emailChangeCode', 'types', 'actions'];
+ protected $hidden = ['alias', 'expire_time', 'confirmation_key', 'pivot', 'currentProvisioningToken', 'currentRecoveryCode'];
protected $appends = ['realm', 'phone', 'confirmation_key_expires', 'provisioning_token'];
protected $casts = [
'activated' => 'boolean',
diff --git a/flexiapi/app/Http/Controllers/Api/Account/AccountController.php b/flexiapi/app/Http/Controllers/Api/Account/AccountController.php
index 71db563..d2e666c 100644
--- a/flexiapi/app/Http/Controllers/Api/Account/AccountController.php
+++ b/flexiapi/app/Http/Controllers/Api/Account/AccountController.php
@@ -256,6 +256,9 @@ class AccountController extends Controller
return (new AccountService)->store($request);
}
+ /**
+ * Deprecated
+ */
public function activateEmail(Request $request, string $sip)
{
$request->validate([
@@ -277,6 +280,9 @@ class AccountController extends Controller
return $account;
}
+ /**
+ * Deprecated
+ */
public function activatePhone(Request $request, string $sip)
{
$request->validate([
diff --git a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php
index 4944149..0a612f8 100644
--- a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php
+++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php
@@ -225,12 +225,4 @@ class AccountController extends Controller
return Account::findOrFail($id)->contactsLists()->detach($contactsListId);
}
-
- public function recoverByEmail(int $id)
- {
- $account = Account::findOrFail($id);
- $account = (new AccountService)->recoverByEmail($account);
-
- return $account->makeVisible(['confirmation_key', 'provisioning_token']);
- }
}
diff --git a/flexiapi/public/css/style.css b/flexiapi/public/css/style.css
index f4b54a5..6792aa7 100644
--- a/flexiapi/public/css/style.css
+++ b/flexiapi/public/css/style.css
@@ -103,6 +103,10 @@ body.show_menu {
overflow: hidden;
}
+ul {
+ margin-bottom: 1rem;
+}
+
p,
a,
ul li,
@@ -581,6 +585,10 @@ h3+p {
}
.badge.badge-error {
+ background-color: var(--color-pink);
+}
+
+.badge.badge-message {
background-color: var(--color-purple);
}
diff --git a/flexiapi/resources/views/api/documentation_markdown.blade.php b/flexiapi/resources/views/api/documentation_markdown.blade.php
index ab48f14..365f92a 100644
--- a/flexiapi/resources/views/api/documentation_markdown.blade.php
+++ b/flexiapi/resources/views/api/documentation_markdown.blade.php
@@ -144,7 +144,7 @@ Return `404` if the token is non existing or invalid.
## Accounts
-### `POST /accounts/public`
+### Deprecated `POST /accounts/public`
@if(!config('app.dangerous_endpoints'))Disabled@endif
@@ -187,7 +187,7 @@ JSON parameters:
Retrieve public information about the account.
Return `404` if the account doesn't exists.
-### `GET /accounts/{phone}/info-by-phone`
+### Deprecated `GET /accounts/{phone}/info-by-phone`
@if(!config('app.dangerous_endpoints'))Disabled@endif
@@ -199,7 +199,7 @@ Return `404` if the account doesn't exists.
Return `phone: true` if the returned account has a phone number.
-### `POST /accounts/recover-by-phone`
+### Deprecated `POST /accounts/recover-by-phone`
@if(!config('app.dangerous_endpoints'))Disabled@endif
@@ -216,7 +216,7 @@ JSON parameters:
* `phone` required the phone number to send the SMS to
* `account_creation_token` the unique `account_creation_token`
-### `GET /accounts/{sip}/recover/{recover_key}`
+### Deprecated `GET /accounts/{sip}/recover/{recover_key}`
@if(!config('app.dangerous_endpoints'))Disabled@endif
@@ -231,22 +231,28 @@ Return the account information (including the hashed password) if valid.
Return `404` if the account doesn't exists.
-### `POST /accounts/{sip}/activate/email`
+### Deprecated `POST /accounts/{sip}/activate/email`
+
+Use `POST /accounts/me/email/request` instead.
Public
Activate an account using a secret code received by email.
Return `404` if the account doesn't exists or if the code is incorrect, the validated account otherwise.
+
JSON parameters:
* `confirmation_key` the confirmation key
-### `POST /accounts/{sip}/activate/phone`
+### Deprecated `POST /accounts/{sip}/activate/phone`
+
+Use `POST /accounts/me/phone/request` instead.
Public
Activate an account using a pin code received by phone.
Return `404` if the account doesn't exists or if the code is incorrect, the validated account otherwise.
+
JSON parameters:
* `confirmation_key` the PIN code
@@ -293,6 +299,7 @@ Delete the account.
User
Change the account email. An email will be sent to the new email address to confirm the operation.
+
JSON parameters:
* `email` the new email address, must be unique if `ACCOUNT_EMAIL_UNIQUE` is set to `true`
@@ -302,6 +309,7 @@ JSON parameters:
User
Change the account password.
+
JSON parameters:
* `algorithm` required, values can be `SHA-256` or `MD5`
@@ -313,7 +321,8 @@ JSON parameters:
Admin
To create an account directly from the API.
-If `activated` is set to `false` a random generated `confirmation_key` and `provisioning_token` will be returned to allow further activation using the public endpoints and provision the account. Check `confirmation_key_expires` to also set an expiration date on that `confirmation_key`.
+
+Deprecated If `activated` is set to `false` a random generated `confirmation_key` and `provisioning_token` will be returned to allow further activation using the public endpoints and provision the account. Check `confirmation_key_expires` to also set an expiration date on that `confirmation_key`.
JSON parameters:
@@ -327,7 +336,7 @@ JSON parameters:
* `admin` optional, a boolean, set to `false` by default, create an admin account
* `phone` optional, a phone number, set a phone number to the account
* `dtmf_protocol` optional, values must be `sipinfo`, `sipmessage` or `rfc2833`
-* `confirmation_key_expires` optional, a datetime of this format: Y-m-d H:i:s. Only used when `activated` is not used or `false`. Enforces an expiration date on the returned `confirmation_key`. After that datetime public email or phone activation endpoints will return `403`.
+* Deprecated `confirmation_key_expires` optional, a datetime of this format: Y-m-d H:i:s. Only used when `activated` is not used or `false`. Enforces an expiration date on the returned `confirmation_key`. After that datetime public email or phone activation endpoints will return `403`.
### `PUT /accounts/{id}`
@@ -358,12 +367,6 @@ Retrieve all the accounts, paginated.
Retrieve a specific account.
-### `POST /accounts/{id}/recover-by-email`
-
-Admin
-
-Send the account recovery email containing a fresh `provisioning_token` and `confirmation_key`
-
### `GET /accounts/{sip}/search`
Admin
@@ -407,6 +410,7 @@ Provision an account by generating a fresh `provisioning_token`.
User
Request a specific code by SMS
+
JSON parameters:
* `phone` the phone number to send the SMS
@@ -415,12 +419,14 @@ JSON parameters:
User
-Confirm the code received and change the phone number
+Confirm the code received and change the phone number.
+Activate the account.
+
JSON parameters:
* `code` the received SMS code
-Return the updated account
+Return the updated account.
## Accounts devices
diff --git a/flexiapi/routes/api.php b/flexiapi/routes/api.php
index cc2849b..82605a9 100644
--- a/flexiapi/routes/api.php
+++ b/flexiapi/routes/api.php
@@ -41,10 +41,11 @@ Route::post('accounts/with-account-creation-token', 'Api\Account\AccountControll
Route::get('accounts/{sip}/info', 'Api\Account\AccountController@info');
+// Deprecated endpoints
Route::post('accounts/{sip}/activate/email', 'Api\Account\AccountController@activateEmail');
Route::post('accounts/{sip}/activate/phone', 'Api\Account\AccountController@activatePhone');
-// /!\ Dangerous endpoints
+// Deprecated endpoints /!\ Dangerous endpoints
Route::post('accounts/public', 'Api\Account\AccountController@storePublic');
Route::get('accounts/{sip}/recover/{recovery_key}', 'Api\Account\AccountController@recoverUsingKey');
Route::post('accounts/recover-by-phone', 'Api\Account\AccountController@recoverByPhone');
@@ -71,6 +72,7 @@ Route::group(['middleware' => ['auth.digest_or_key']], function () {
Route::delete('devices/{uuid}', 'Api\Account\DeviceController@destroy');
Route::post('email/request', 'Api\Account\EmailController@requestUpdate');
+
Route::post('password', 'Api\Account\PasswordController@update');
Route::get('contacts/{sip}', 'Api\Account\ContactController@show');
@@ -91,8 +93,6 @@ Route::group(['middleware' => ['auth.digest_or_key']], function () {
Route::get('{id}/deactivate', 'deactivate');
Route::get('{id}/provision', 'provision');
- Route::post('{id}/recover-by-email', 'recoverByEmail');
-
Route::post('/', 'store');
Route::put('{id}', 'update');
Route::get('/', 'index');
diff --git a/flexiapi/tests/Feature/ApiAccountTest.php b/flexiapi/tests/Feature/ApiAccountTest.php
index f9e4d25..6582fe9 100644
--- a/flexiapi/tests/Feature/ApiAccountTest.php
+++ b/flexiapi/tests/Feature/ApiAccountTest.php
@@ -1141,26 +1141,6 @@ class ApiAccountTest extends TestCase
->assertStatus(404);
}
- public function testRecoverByEmail()
- {
- $email = 'collision@email.com';
-
- $account = Password::factory()->create();
- $account->account->email = $email;
- $account->account->save();
-
- $admin = Admin::factory()->create();
- $admin->account->generateApiKey();
- $admin->account->save();
-
- $response = $this->keyAuthenticated($admin->account)
- ->post($this->route . '/' . $account->id . '/recover-by-email')
- ->assertStatus(200);
-
- $this->assertNotEquals($response->json('confirmation_key'), $account->confirmation_key);
- $this->assertNotEquals($response->json('provisioning_token'), $account->provisioning_token);
- }
-
public function testGetAll()
{
Password::factory()->create();