From 3d1e313ca39bce5e23cb68276be02e4fed471b8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?= Date: Thu, 30 May 2024 12:36:27 +0000 Subject: [PATCH] Fix FLEXIAPI-159 Add the account_creation_tokens/consume endpoint --- CHANGELOG.md | 1 + .../Api/Account/CreationTokenController.php | 18 ++++++++++ .../api/documentation_markdown.blade.php | 14 +++++++- flexiapi/routes/api.php | 1 + .../Feature/ApiAccountCreationTokenTest.php | 34 +++++++++++++++++++ .../Feature/ApiAccountPhoneChangeTest.php | 1 + 6 files changed, 68 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6fb69f..b3733cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ v1.5 - Fix FLEXIAPI-163 Complete AccountService hooks - Fix FLEXIAPI-162 Drop the aliases table and migrate the data to the phone column - Fix FLEXIAPI-161 Complete the Dictionary tests to cover the collection accessor +- Fix FLEXIAPI-159 Add the account_creation_tokens/consume endpoint - Fix FLEXIAPI-158 Restrict the phone number change API endpoint to return 403 if the account doesn't have a validated Account Creation Token - Fix FLEXIAPI-156 Disable the Phone change web form when PHONE_AUTHENTICATION is disabled - Fix FLEXIAPI-155 Add a new accountServiceAccountUpdatedHook and accountServiceAccountDeletedHook diff --git a/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php b/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php index 45ea3cc..57db8cf 100644 --- a/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php +++ b/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php @@ -101,4 +101,22 @@ class CreationTokenController extends Controller return abort(404); } + + public function consume(Request $request) + { + $accountCreationToken = AccountCreationToken::where('token', $request->get('account_creation_token')) + ->where('used', false) + ->where('account_id', null) + ->first(); + + if ($accountCreationToken) { + $accountCreationToken->account_id = $request->user()->id; + $accountCreationToken->fillRequestInfo($request); + $accountCreationToken->consume(); + + return $accountCreationToken; + } + + return abort(404); + } } diff --git a/flexiapi/resources/views/api/documentation_markdown.blade.php b/flexiapi/resources/views/api/documentation_markdown.blade.php index 628834e..e4444f8 100644 --- a/flexiapi/resources/views/api/documentation_markdown.blade.php +++ b/flexiapi/resources/views/api/documentation_markdown.blade.php @@ -130,6 +130,18 @@ JSON parameters: * `account_creation_request_token` required +### `POST /account_creation_tokens/consume` +User + +Consume an `account_creation_token` and link it to the authenticated account. +Return an `account_creation_token`. + +Return `404` if the `account_creation_token` provided is not valid. + +JSON parameters: + +* `account_creation_token` required + ### `POST /account_creation_tokens` Admin @@ -401,7 +413,7 @@ Activate the account. JSON parameters: -* `code` the received SMS code +* `code` the code received by email Return the updated account. diff --git a/flexiapi/routes/api.php b/flexiapi/routes/api.php index 776ad6f..fe9b425 100644 --- a/flexiapi/routes/api.php +++ b/flexiapi/routes/api.php @@ -60,6 +60,7 @@ Route::get('accounts/me/api_key/{auth_token}', 'Api\Account\ApiKeyController@gen Route::group(['middleware' => ['auth.jwt', 'auth.digest_or_key', 'auth.check_blocked']], function () { Route::get('accounts/auth_token/{auth_token}/attach', 'Api\Account\AuthTokenController@attach'); + Route::post('account_creation_tokens/consume', 'Api\Account\CreationTokenController@consume'); Route::prefix('accounts/me')->group(function () { Route::get('api_key', 'Api\Account\ApiKeyController@generate')->middleware('cookie', 'cookie.encrypt'); diff --git a/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php b/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php index 519d8ac..0d50360 100644 --- a/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php +++ b/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php @@ -28,6 +28,7 @@ use Carbon\Carbon; class ApiAccountCreationTokenTest extends TestCase { protected $tokenRoute = '/api/account_creation_tokens/send-by-push'; + protected $tokenConsumeRoute = '/api/account_creation_tokens/consume'; protected $tokenRequestRoute = '/api/account_creation_request_tokens'; protected $tokenUsingCreationTokenRoute = '/api/account_creation_tokens/using-account-creation-request-token'; protected $accountRoute = '/api/accounts/with-account-creation-token'; @@ -201,4 +202,37 @@ class ApiAccountCreationTokenTest extends TestCase AccountCreationToken::where('token', $creationToken)->first()->id ); } + + public function testConsume() + { + $account = Account::factory()->create(); + $account->generateApiKey(); + + $accountCreationToken = AccountCreationToken::factory()->create(); + $token = $accountCreationToken->token; + + $this->keyAuthenticated($account) + ->json($this->method, $this->tokenConsumeRoute, [ + 'account_creation_token' => '123' + ]) + ->assertStatus(404); + + $this->keyAuthenticated($account) + ->json($this->method, $this->tokenConsumeRoute, [ + 'account_creation_token' => $token + ]) + ->assertStatus(200); + + $this->keyAuthenticated($account) + ->json($this->method, $this->tokenConsumeRoute, [ + 'account_creation_token' => $token + ]) + ->assertStatus(404); + + $this->keyAuthenticated($account) + ->json($this->method, '/api/accounts/me/phone/request', [ + 'phone' => '+33123' + ]) + ->assertStatus(200); + } } diff --git a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php index 4a6f811..ffb442a 100644 --- a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php +++ b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php @@ -20,6 +20,7 @@ namespace Tests\Feature; use App\Account; +use App\AccountCreationToken; use App\PhoneChangeCode; use Tests\TestCase;