Fix FLEXIAPI-184 Append phone_change_code and email_change_code to the admin...

2026-01-17 10:08:05 +00:00 · 2024-06-13 07:39:55 +00:00 · 2024-06-13 07:39:55 +00:00 · 61a0339442
commit 61a0339442
parent 880f0cbc74
5 changed files with 58 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,7 @@

 v1.5
 ----
+- Fix FLEXIAPI-184 Append phone_change_code and email_change_code to the admin /accounts/<id> endpoint if they are available
 - Fix FLEXIAPI-183 Complete the account hooks on the dictionnary actions
 - Fix FLEXIAPI-181 Replace APP_ADMINS_MANAGE_MULTI_DOMAINS with APP_SUPER_ADMINS_SIP_DOMAINS
 - Fix FLEXIAPI-180 Fix the token and activation flow for the provisioning with token endpoint when the header is missing
--- a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php
+++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php
@ -35,12 +35,24 @@ class AccountController extends Controller
 {
    public function index(Request $request)
    {
-        return Account::without(['passwords', 'admin'])->paginate(20);
+        return Account::without(['passwords', 'admin'])->with(['phoneChangeCode', 'emailChangeCode'])->paginate(20);
    }

-    public function show($accountId)
+    public function show(Request $request, $accountId)
    {
-        return Account::without(['passwords', 'admin'])->findOrFail($accountId)->makeVisible(['confirmation_key', 'provisioning_token']);
+        $account = Account::without(['passwords', 'admin'])->with(['phoneChangeCode', 'emailChangeCode'])->findOrFail($accountId);
+
+        if ($request->user()->admin) {
+            if ($account->phoneChangeCode) {
+                $account->phoneChangeCode->makeVisible(['code']);
+            }
+
+            if ($account->emailChangeCode) {
+                $account->emailChangeCode->makeVisible(['code']);
+            }
+        }
+
+        return $account;
    }

    public function search(string $sip)
--- a/flexiapi/resources/views/api/documentation_markdown.blade.php
+++ b/flexiapi/resources/views/api/documentation_markdown.blade.php
@ -367,6 +367,8 @@ Using this endpoint you can also set a fresh dictionnary if the parameter is set

 * `dictionary` optional, an associative array attached to the account, <a href="#dictionary">see also the related endpoints</a>.

+This endpoint also return the current `phone_change_code` and `email_change_code` if they are available.
+
 ### `GET /accounts`
 <span class="badge badge-warning">Admin</span>

--- a/flexiapi/tests/Feature/ApiAccountEmailChangeTest.php
+++ b/flexiapi/tests/Feature/ApiAccountEmailChangeTest.php
@ -102,6 +102,9 @@ class ApiAccountEmailChangeTest extends TestCase
        $emailChange = EmailChangeCode::factory()->create();
        $email = $emailChange->email;

+        $admin = Account::factory()->admin()->create();
+        $admin->generateApiKey();
+
        $this->keyAuthenticated($emailChange->account)
            ->get('/api/accounts/me')
            ->assertStatus(200)
@ -109,6 +112,17 @@ class ApiAccountEmailChangeTest extends TestCase
                'email' => null
            ]);

+        // Check who can see the code
+        $this->keyAuthenticated($admin)
+            ->json('GET', '/api/accounts/' . $emailChange->account->id)
+            ->assertStatus(200)
+            ->assertSee($emailChange->code);
+
+        $this->keyAuthenticated($emailChange->account)
+            ->json('GET', '/api/accounts/me')
+            ->assertStatus(200)
+            ->assertDontSee($emailChange->code);
+
        $this->keyAuthenticated($emailChange->account)
            ->json($this->method, $this->route, [
                'code' => $emailChange->code
@ -124,5 +138,11 @@ class ApiAccountEmailChangeTest extends TestCase
            ->assertJson([
                'email' => $email
            ]);
+
+        // Check that the code is gone
+        $this->keyAuthenticated($admin)
+            ->json('GET', '/api/accounts/' . $emailChange->account->id)
+            ->assertStatus(200)
+            ->assertDontSee($emailChange->code);
    }
 }
--- a/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php
+++ b/flexiapi/tests/Feature/ApiAccountPhoneChangeTest.php
@ -76,6 +76,9 @@ class ApiAccountPhoneChangeTest extends TestCase
        $phoneChange = PhoneChangeCode::factory()->create();
        $phone = $phoneChange->phone;

+        $admin = Account::factory()->admin()->create();
+        $admin->generateApiKey();
+
        $this->keyAuthenticated($phoneChange->account)
            ->get('/api/accounts/me')
            ->assertStatus(200)
@ -83,6 +86,17 @@ class ApiAccountPhoneChangeTest extends TestCase
                'phone' => null
            ]);

+        // Check who can see the code
+        $this->keyAuthenticated($admin)
+            ->json('GET', '/api/accounts/' . $phoneChange->account->id)
+            ->assertStatus(200)
+            ->assertSee($phoneChange->code);
+
+        $this->keyAuthenticated($phoneChange->account)
+            ->json('GET', '/api/accounts/me')
+            ->assertStatus(200)
+            ->assertDontSee($phoneChange->code);
+
        $this->keyAuthenticated($phoneChange->account)
            ->json($this->method, $this->route, [
                'code' => $phoneChange->code
@ -98,5 +112,11 @@ class ApiAccountPhoneChangeTest extends TestCase
            ->assertJson([
                'phone' => $phone
            ]);
+
+        // Check that the code is gone
+        $this->keyAuthenticated($admin)
+            ->json('GET', '/api/accounts/' . $phoneChange->account->id)
+            ->assertStatus(200)
+            ->assertDontSee($phoneChange->code);
    }
 }