From 82fc56b2036c4076a94dcbfffb6da98ffedffa15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Mon, 3 Feb 2025 16:20:49 +0000
Subject: [PATCH] Fix FLEXIAPI-264 Add -k|api_key_ip parameter to
 accounts:create-admin-account...

---
 CHANGELOG.md                                              | 1 +
 README.md                                                 | 4 ++--
 flexiapi/app/Account.php                                  | 4 ++--
 .../app/Console/Commands/Accounts/CreateAdminAccount.php  | 8 ++++----
 .../app/Http/Controllers/Account/ApiKeyController.php     | 2 +-
 .../app/Http/Controllers/Api/Account/ApiKeyController.php | 4 ++--
 .../views/admin/account/activity/index.blade.php          | 2 +-
 7 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f67972a..49fc6d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ v1.6
 - Fix FLEXIAPI-252 Update the hCaptcha Laravel library, use file instead of cookies to store the session to prevent empty errors bags
 - Fix FLEXIAPI-254 Allow no data on POST requests to not trigger the ValidateJSON middleware
 - Fix FLEXIAPI-262 Bypass the JWT auth if we have an API Key
+- Fix FLEXIAPI-264 Add -k|api_key_ip parameter to accounts:create-admin-account to set/clear the related API Key restriction
 
 v1.5
 ---
diff --git a/README.md b/README.md
index 5ef48e9..bc5b5cb 100644
--- a/README.md
+++ b/README.md
@@ -156,11 +156,11 @@ Create or update a SIP Domain, required to then create accounts afterward. The `
 
 ### Create an admin account
 
-Create an admin account, an API Key will also be generated along the way, it might expire after a while.
+Create an admin account, an API Key will also be generated along the way, it might expire after a while (regarding the API Key expiration policy). An empty `api_key_ip` will remove the IP restriction on the key.
 
 If no parameters are put, a default admin account will be created.
 
-    php artisan accounts:create-admin-account {-u|username=} {-p|password=} {-d|domain=}
+    php artisan accounts:create-admin-account {-u|username=} {-p|password=} {-d|domain=} {-k|api_key_ip=}
 
 ### Clear the expired API Keys
 
diff --git a/flexiapi/app/Account.php b/flexiapi/app/Account.php
index bdba0ba..c47307b 100644
--- a/flexiapi/app/Account.php
+++ b/flexiapi/app/Account.php
@@ -347,7 +347,7 @@ class Account extends Authenticatable
         return ($this->activationExpiration && $this->activationExpiration->isExpired());
     }
 
-    public function generateApiKey(?Request $request = null): ApiKey
+    public function generateApiKey(?string $ip = null): ApiKey
     {
         $this->apiKey()->delete();
 
@@ -355,7 +355,7 @@ class Account extends Authenticatable
         $apiKey->account_id = $this->id;
         $apiKey->last_used_at = Carbon::now();
         $apiKey->key = Str::random(40);
-        $apiKey->ip = $request ? $request->ip() : '127.0.0.1';
+        $apiKey->ip = $ip;
         $apiKey->save();
 
         return $apiKey;
diff --git a/flexiapi/app/Console/Commands/Accounts/CreateAdminAccount.php b/flexiapi/app/Console/Commands/Accounts/CreateAdminAccount.php
index 98335f2..4f7c5f6 100644
--- a/flexiapi/app/Console/Commands/Accounts/CreateAdminAccount.php
+++ b/flexiapi/app/Console/Commands/Accounts/CreateAdminAccount.php
@@ -27,8 +27,8 @@ use App\SipDomain;
 
 class CreateAdminAccount extends Command
 {
-    protected $signature = 'accounts:create-admin-account {--u|username=} {--p|password=} {--d|domain=}';
-    protected $description = 'Create an admin account';
+    protected $signature = 'accounts:create-admin-account {--u|username=} {--p|password=} {--d|domain=} {--k|api_key_ip=}';
+    protected $description = 'Create an admin account and generate an API Key';
 
     public function __construct()
     {
@@ -90,10 +90,10 @@ class CreateAdminAccount extends Command
         $account->created_at = Carbon::now()->subYears(3);
         $account->save();
 
-        $account->generateApiKey();
+        $account->generateApiKey(ip: $this->option('api_key_ip') ?? null);
         $account->updatePassword($password);
 
-        $this->info('Admin test account created: "' . $username . '@' . $domain . '" | Password: "' . $password . '" | API Key: "' . $account->apiKey->key . '"');
+        $this->info('Admin test account created: "' . $username . '@' . $domain . '" | Password: "' . $password . '" | API Key: "' . $account->apiKey->key . '" (valid on ' . ($account->apiKey->ip ?? 'any') . ' ip)');
 
         return 0;
     }
diff --git a/flexiapi/app/Http/Controllers/Account/ApiKeyController.php b/flexiapi/app/Http/Controllers/Account/ApiKeyController.php
index 700f182..381dddb 100644
--- a/flexiapi/app/Http/Controllers/Account/ApiKeyController.php
+++ b/flexiapi/app/Http/Controllers/Account/ApiKeyController.php
@@ -34,7 +34,7 @@ class ApiKeyController extends Controller
     public function update(Request $request)
     {
         $account = $request->user();
-        $account->generateApiKey($request);
+        $account->generateApiKey($request->ip());
 
         return redirect()->back();
     }
diff --git a/flexiapi/app/Http/Controllers/Api/Account/ApiKeyController.php b/flexiapi/app/Http/Controllers/Api/Account/ApiKeyController.php
index 0dbab97..0a04814 100644
--- a/flexiapi/app/Http/Controllers/Api/Account/ApiKeyController.php
+++ b/flexiapi/app/Http/Controllers/Api/Account/ApiKeyController.php
@@ -29,7 +29,7 @@ class ApiKeyController extends Controller
     public function generate(Request $request)
     {
         $account = $request->user();
-        $account->generateApiKey($request);
+        $account->generateApiKey($request->ip());
 
         $account->refresh();
         Cookie::queue('x-api-key', $account->apiKey->key, config('app.api_key_expiration_minutes'));
@@ -42,7 +42,7 @@ class ApiKeyController extends Controller
         $authToken = AuthToken::where('token', $token)->valid()->firstOrFail();
 
         if ($authToken->account) {
-            $authToken->account->generateApiKey($request);
+            $authToken->account->generateApiKey($request->ip());
 
             $authToken->account->refresh();
             Cookie::queue('x-api-key', $authToken->account->apiKey->key, config('app.api_key_expiration_minutes'));
diff --git a/flexiapi/resources/views/admin/account/activity/index.blade.php b/flexiapi/resources/views/admin/account/activity/index.blade.php
index c3ab8cc..c1d9f60 100644
--- a/flexiapi/resources/views/admin/account/activity/index.blade.php
+++ b/flexiapi/resources/views/admin/account/activity/index.blade.php
@@ -38,7 +38,7 @@
                     {{ $account->apiKey->last_used_at }}
                 </td>
                 <td>
-                    {{ $account->apiKey->ip ?? '-' }}
+                    {{ $account->apiKey->ip ?? '*' }}
                 </td>
                 <td>
                     {{ $account->apiKey->requests }}