diff --git a/CHANGELOG.md b/CHANGELOG.md
index d6fb69f..b3733cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ v1.5
- Fix FLEXIAPI-163 Complete AccountService hooks
- Fix FLEXIAPI-162 Drop the aliases table and migrate the data to the phone column
- Fix FLEXIAPI-161 Complete the Dictionary tests to cover the collection accessor
+- Fix FLEXIAPI-159 Add the account_creation_tokens/consume endpoint
- Fix FLEXIAPI-158 Restrict the phone number change API endpoint to return 403 if the account doesn't have a validated Account Creation Token
- Fix FLEXIAPI-156 Disable the Phone change web form when PHONE_AUTHENTICATION is disabled
- Fix FLEXIAPI-155 Add a new accountServiceAccountUpdatedHook and accountServiceAccountDeletedHook
diff --git a/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php b/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
index 45ea3cc..57db8cf 100644
--- a/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
+++ b/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
@@ -101,4 +101,22 @@ class CreationTokenController extends Controller
return abort(404);
}
+
+ public function consume(Request $request)
+ {
+ $accountCreationToken = AccountCreationToken::where('token', $request->get('account_creation_token'))
+ ->where('used', false)
+ ->where('account_id', null)
+ ->first();
+
+ if ($accountCreationToken) {
+ $accountCreationToken->account_id = $request->user()->id;
+ $accountCreationToken->fillRequestInfo($request);
+ $accountCreationToken->consume();
+
+ return $accountCreationToken;
+ }
+
+ return abort(404);
+ }
}
diff --git a/flexiapi/resources/views/api/documentation_markdown.blade.php b/flexiapi/resources/views/api/documentation_markdown.blade.php
index 628834e..e4444f8 100644
--- a/flexiapi/resources/views/api/documentation_markdown.blade.php
+++ b/flexiapi/resources/views/api/documentation_markdown.blade.php
@@ -130,6 +130,18 @@ JSON parameters:
* `account_creation_request_token` required
+### `POST /account_creation_tokens/consume`
+User
+
+Consume an `account_creation_token` and link it to the authenticated account.
+Return an `account_creation_token`.
+
+Return `404` if the `account_creation_token` provided is not valid.
+
+JSON parameters:
+
+* `account_creation_token` required
+
### `POST /account_creation_tokens`
Admin
@@ -401,7 +413,7 @@ Activate the account.
JSON parameters:
-* `code` the received SMS code
+* `code` the code received by email
Return the updated account.
diff --git a/flexiapi/routes/api.php b/flexiapi/routes/api.php
index 776ad6f..fe9b425 100644
--- a/flexiapi/routes/api.php
+++ b/flexiapi/routes/api.php
@@ -60,6 +60,7 @@ Route::get('accounts/me/api_key/{auth_token}', 'Api\Account\ApiKeyController@gen
Route::group(['middleware' => ['auth.jwt', 'auth.digest_or_key', 'auth.check_blocked']], function () {
Route::get('accounts/auth_token/{auth_token}/attach', 'Api\Account\AuthTokenController@attach');
+ Route::post('account_creation_tokens/consume', 'Api\Account\CreationTokenController@consume');
Route::prefix('accounts/me')->group(function () {
Route::get('api_key', 'Api\Account\ApiKeyController@generate')->middleware('cookie', 'cookie.encrypt');
diff --git a/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php b/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php
index 519d8ac..0d50360 100644
--- a/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php
+++ b/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php
@@ -28,6 +28,7 @@ use Carbon\Carbon;
class ApiAccountCreationTokenTest extends TestCase
{
protected $tokenRoute = '/api/account_creation_tokens/send-by-push';
+ protected $tokenConsumeRoute = '/api/account_creation_tokens/consume';
protected $tokenRequestRoute = '/api/account_creation_request_tokens';
protected $tokenUsingCreationTokenRoute = '/api/account_creation_tokens/using-account-creation-request-token';
protected $accountRoute = '/api/accounts/with-account-creation-token';
@@ -201,4 +202,37 @@ class ApiAccountCreationTokenTest extends TestCase
AccountCreationToken::where('token', $creationToken)->first()->id
);
}
+
+ public function testConsume()
+ {
+ $account = Account::factory()->create();
+ $account->generateApiKey();
+
+ $accountCreationToken = AccountCreationToken::factory()->create();
+ $token = $accountCreationToken->token;
+
+ $this->keyAuthenticated($account)
+ ->json($this->method, $this->tokenConsumeRoute, [
+ 'account_creation_token' => '123'
+ ])
+ ->assertStatus(404);
+
+ $this->keyAuthenticated($account)
+ ->json($this->method, $this->tokenConsumeRoute, [
+ 'account_creation_token' => $token
+ ])
+ ->assertStatus(200);
+
+ $this->keyAuthenticated($account)
+ ->json($this->method, $this->tokenConsumeRoute, [
+ 'account_creation_token' => $token
+ ])
+ ->assertStatus(404);
+
+ $this->keyAuthenticated($account)
+ ->json($this->method, '/api/accounts/me/phone/request', [
+ 'phone' => '+33123'
+ ])
+ ->assertStatus(200);
+ }
}
diff --git a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php
index 4a6f811..ffb442a 100644
--- a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php
+++ b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php
@@ -20,6 +20,7 @@
namespace Tests\Feature;
use App\Account;
+use App\AccountCreationToken;
use App\PhoneChangeCode;
use Tests\TestCase;