From 61a0339442c93d0584aed9c31a8b4d42dc814675 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?= Date: Thu, 13 Jun 2024 07:39:55 +0000 Subject: [PATCH] Fix FLEXIAPI-184 Append phone_change_code and email_change_code to the admin... --- CHANGELOG.md | 1 + .../Api/Admin/AccountController.php | 18 ++++++++++++++--- .../api/documentation_markdown.blade.php | 2 ++ .../Feature/ApiAccountEmailChangeTest.php | 20 +++++++++++++++++++ .../Feature/ApiAccountPhoneChangeTest.php | 20 +++++++++++++++++++ 5 files changed, 58 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c425065..3a0f0cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ v1.5 ---- +- Fix FLEXIAPI-184 Append phone_change_code and email_change_code to the admin /accounts/ endpoint if they are available - Fix FLEXIAPI-183 Complete the account hooks on the dictionnary actions - Fix FLEXIAPI-181 Replace APP_ADMINS_MANAGE_MULTI_DOMAINS with APP_SUPER_ADMINS_SIP_DOMAINS - Fix FLEXIAPI-180 Fix the token and activation flow for the provisioning with token endpoint when the header is missing diff --git a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php index f4a6259..12a988c 100644 --- a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php +++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php @@ -35,12 +35,24 @@ class AccountController extends Controller { public function index(Request $request) { - return Account::without(['passwords', 'admin'])->paginate(20); + return Account::without(['passwords', 'admin'])->with(['phoneChangeCode', 'emailChangeCode'])->paginate(20); } - public function show($accountId) + public function show(Request $request, $accountId) { - return Account::without(['passwords', 'admin'])->findOrFail($accountId)->makeVisible(['confirmation_key', 'provisioning_token']); + $account = Account::without(['passwords', 'admin'])->with(['phoneChangeCode', 'emailChangeCode'])->findOrFail($accountId); + + if ($request->user()->admin) { + if ($account->phoneChangeCode) { + $account->phoneChangeCode->makeVisible(['code']); + } + + if ($account->emailChangeCode) { + $account->emailChangeCode->makeVisible(['code']); + } + } + + return $account; } public function search(string $sip) diff --git a/flexiapi/resources/views/api/documentation_markdown.blade.php b/flexiapi/resources/views/api/documentation_markdown.blade.php index b789937..98e590f 100644 --- a/flexiapi/resources/views/api/documentation_markdown.blade.php +++ b/flexiapi/resources/views/api/documentation_markdown.blade.php @@ -367,6 +367,8 @@ Using this endpoint you can also set a fresh dictionnary if the parameter is set * `dictionary` optional, an associative array attached to the account, see also the related endpoints. +This endpoint also return the current `phone_change_code` and `email_change_code` if they are available. + ### `GET /accounts` Admin diff --git a/flexiapi/tests/Feature/ApiAccountEmailChangeTest.php b/flexiapi/tests/Feature/ApiAccountEmailChangeTest.php index 3d736aa..dde1834 100644 --- a/flexiapi/tests/Feature/ApiAccountEmailChangeTest.php +++ b/flexiapi/tests/Feature/ApiAccountEmailChangeTest.php @@ -102,6 +102,9 @@ class ApiAccountEmailChangeTest extends TestCase $emailChange = EmailChangeCode::factory()->create(); $email = $emailChange->email; + $admin = Account::factory()->admin()->create(); + $admin->generateApiKey(); + $this->keyAuthenticated($emailChange->account) ->get('/api/accounts/me') ->assertStatus(200) @@ -109,6 +112,17 @@ class ApiAccountEmailChangeTest extends TestCase 'email' => null ]); + // Check who can see the code + $this->keyAuthenticated($admin) + ->json('GET', '/api/accounts/' . $emailChange->account->id) + ->assertStatus(200) + ->assertSee($emailChange->code); + + $this->keyAuthenticated($emailChange->account) + ->json('GET', '/api/accounts/me') + ->assertStatus(200) + ->assertDontSee($emailChange->code); + $this->keyAuthenticated($emailChange->account) ->json($this->method, $this->route, [ 'code' => $emailChange->code @@ -124,5 +138,11 @@ class ApiAccountEmailChangeTest extends TestCase ->assertJson([ 'email' => $email ]); + + // Check that the code is gone + $this->keyAuthenticated($admin) + ->json('GET', '/api/accounts/' . $emailChange->account->id) + ->assertStatus(200) + ->assertDontSee($emailChange->code); } } diff --git a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php index ffb442a..8a95bf7 100644 --- a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php +++ b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php @@ -76,6 +76,9 @@ class ApiAccountPhoneChangeTest extends TestCase $phoneChange = PhoneChangeCode::factory()->create(); $phone = $phoneChange->phone; + $admin = Account::factory()->admin()->create(); + $admin->generateApiKey(); + $this->keyAuthenticated($phoneChange->account) ->get('/api/accounts/me') ->assertStatus(200) @@ -83,6 +86,17 @@ class ApiAccountPhoneChangeTest extends TestCase 'phone' => null ]); + // Check who can see the code + $this->keyAuthenticated($admin) + ->json('GET', '/api/accounts/' . $phoneChange->account->id) + ->assertStatus(200) + ->assertSee($phoneChange->code); + + $this->keyAuthenticated($phoneChange->account) + ->json('GET', '/api/accounts/me') + ->assertStatus(200) + ->assertDontSee($phoneChange->code); + $this->keyAuthenticated($phoneChange->account) ->json($this->method, $this->route, [ 'code' => $phoneChange->code @@ -98,5 +112,11 @@ class ApiAccountPhoneChangeTest extends TestCase ->assertJson([ 'phone' => $phone ]); + + // Check that the code is gone + $this->keyAuthenticated($admin) + ->json('GET', '/api/accounts/' . $phoneChange->account->id) + ->assertStatus(200) + ->assertDontSee($phoneChange->code); } }