Fix FLEXIAPI-159 Add the account_creation_tokens/consume endpoint

2026-01-17 10:08:05 +00:00 · 2024-05-30 12:36:27 +00:00 · 2024-05-30 12:36:27 +00:00 · 3d1e313ca3
commit 3d1e313ca3
parent 676760579d
6 changed files with 68 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@ v1.5
 - Fix FLEXIAPI-163 Complete AccountService hooks
 - Fix FLEXIAPI-162 Drop the aliases table and migrate the data to the phone column
 - Fix FLEXIAPI-161 Complete the Dictionary tests to cover the collection accessor
+- Fix FLEXIAPI-159 Add the account_creation_tokens/consume endpoint
 - Fix FLEXIAPI-158 Restrict the phone number change API endpoint to return 403 if the account doesn't have a validated Account Creation Token
 - Fix FLEXIAPI-156 Disable the Phone change web form when PHONE_AUTHENTICATION is disabled
 - Fix FLEXIAPI-155 Add a new accountServiceAccountUpdatedHook and accountServiceAccountDeletedHook
--- a/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
+++ b/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
@ -101,4 +101,22 @@ class CreationTokenController extends Controller

        return abort(404);
    }
+
+    public function consume(Request $request)
+    {
+        $accountCreationToken = AccountCreationToken::where('token', $request->get('account_creation_token'))
+            ->where('used', false)
+            ->where('account_id', null)
+            ->first();
+
+        if ($accountCreationToken) {
+            $accountCreationToken->account_id = $request->user()->id;
+            $accountCreationToken->fillRequestInfo($request);
+            $accountCreationToken->consume();
+
+            return $accountCreationToken;
+        }
+
+        return abort(404);
+    }
 }
--- a/flexiapi/resources/views/api/documentation_markdown.blade.php
+++ b/flexiapi/resources/views/api/documentation_markdown.blade.php
@ -130,6 +130,18 @@ JSON parameters:

 * `account_creation_request_token` required

+### `POST /account_creation_tokens/consume`
+<span class="badge badge-info">User</span>
+
+Consume an `account_creation_token` and link it to the authenticated account.
+Return an `account_creation_token`.
+
+Return `404` if the `account_creation_token` provided is not valid.
+
+JSON parameters:
+
+* `account_creation_token` required
+
 ### `POST /account_creation_tokens`
 <span class="badge badge-warning">Admin</span>

@ -401,7 +413,7 @@ Activate the account.

 JSON parameters:

-* `code` the received SMS code
+* `code` the code received by email

 Return the updated account.

--- a/flexiapi/routes/api.php
+++ b/flexiapi/routes/api.php
@ -60,6 +60,7 @@ Route::get('accounts/me/api_key/{auth_token}', 'Api\Account\ApiKeyController@gen

 Route::group(['middleware' => ['auth.jwt', 'auth.digest_or_key', 'auth.check_blocked']], function () {
    Route::get('accounts/auth_token/{auth_token}/attach', 'Api\Account\AuthTokenController@attach');
+    Route::post('account_creation_tokens/consume', 'Api\Account\CreationTokenController@consume');

    Route::prefix('accounts/me')->group(function () {
        Route::get('api_key', 'Api\Account\ApiKeyController@generate')->middleware('cookie', 'cookie.encrypt');
--- a/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php
+++ b/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php
@ -28,6 +28,7 @@ use Carbon\Carbon;
 class ApiAccountCreationTokenTest extends TestCase
 {
    protected $tokenRoute = '/api/account_creation_tokens/send-by-push';
+    protected $tokenConsumeRoute = '/api/account_creation_tokens/consume';
    protected $tokenRequestRoute = '/api/account_creation_request_tokens';
    protected $tokenUsingCreationTokenRoute = '/api/account_creation_tokens/using-account-creation-request-token';
    protected $accountRoute = '/api/accounts/with-account-creation-token';
@ -201,4 +202,37 @@ class ApiAccountCreationTokenTest extends TestCase
            AccountCreationToken::where('token', $creationToken)->first()->id
        );
    }
+
+    public function testConsume()
+    {
+        $account = Account::factory()->create();
+        $account->generateApiKey();
+
+        $accountCreationToken = AccountCreationToken::factory()->create();
+        $token = $accountCreationToken->token;
+
+        $this->keyAuthenticated($account)
+            ->json($this->method, $this->tokenConsumeRoute, [
+                'account_creation_token' => '123'
+            ])
+            ->assertStatus(404);
+
+        $this->keyAuthenticated($account)
+            ->json($this->method, $this->tokenConsumeRoute, [
+                'account_creation_token' => $token
+            ])
+            ->assertStatus(200);
+
+        $this->keyAuthenticated($account)
+            ->json($this->method, $this->tokenConsumeRoute, [
+                'account_creation_token' => $token
+            ])
+            ->assertStatus(404);
+
+        $this->keyAuthenticated($account)
+            ->json($this->method, '/api/accounts/me/phone/request', [
+                'phone' => '+33123'
+            ])
+            ->assertStatus(200);
+    }
 }
--- a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php
+++ b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php
@ -20,6 +20,7 @@
 namespace Tests\Feature;

 use App\Account;
+use App\AccountCreationToken;
 use App\PhoneChangeCode;
 use Tests\TestCase;