Fix FLEXIAPI-180 Fix the token and activation flow for the provisioning with...

2026-01-17 10:08:05 +00:00 · 2024-06-03 13:19:43 +00:00 · 2024-06-03 13:19:43 +00:00 · afe29811ac
commit afe29811ac
parent 3d1e313ca3
5 changed files with 54 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,7 @@
 v1.5
 ----
 - Fix FLEXIAPI-180 Fix the token and activation flow for the provisioning with token endpoint when the header is missing
 - Fix FLEXIAPI-178 Show the unused code in the Activity tab of the accounts in the admin panel
 - Fix FLEXIAPI-177 Complete vcards-storage and devices related endpoints with their User/Admin ones
 - Fix FLEXIAPI-176 Improve logs for the deprecated endpoints and AccountCreationToken related serialization
--- a/flexiapi/app/Http/Controllers/Account/ProvisioningController.php
+++ b/flexiapi/app/Http/Controllers/Account/ProvisioningController.php
@ -96,6 +96,8 @@ class ProvisioningController extends Controller
     */
    public function me(Request $request)
    {
        $this->checkProvisioningHeader($request);
        return $this->generateProvisioning($request, $request->user());
    }
@ -104,6 +106,8 @@ class ProvisioningController extends Controller
     */
    public function show(Request $request)
    {
        $this->checkProvisioningHeader($request);
        return $this->generateProvisioning($request);
    }
@ -112,6 +116,8 @@ class ProvisioningController extends Controller
     */
    public function provision(Request $request, string $provisioningToken)
    {
        $this->checkProvisioningHeader($request);
        $account = Account::withoutGlobalScopes()
            ->where('id', function ($query) use ($provisioningToken) {
                $query->select('account_id')
@ -132,13 +138,16 @@ class ProvisioningController extends Controller
        return $this->generateProvisioning($request, $account);
    }
-    private function generateProvisioning(Request $request, Account $account = null)
+    private function checkProvisioningHeader(Request $request)
    {
        if (!$request->hasHeader('x-linphone-provisioning')
          && config('app.provisioning_use_x_linphone_provisioning_header')) {
            abort(400, 'x-linphone-provisioning header is missing');
        }
    }
    private function generateProvisioning(Request $request, Account $account = null)
    {
        // Load the hooks if they exists
        $provisioningHooks = config_path('provisioning_hooks.php');
--- a/flexiapi/app/ProvisioningToken.php
+++ b/flexiapi/app/ProvisioningToken.php
@ -25,6 +25,10 @@ class ProvisioningToken extends Consommable
 {
    use HasFactory;
    protected $casts = [
        'used' => 'boolean',
    ];
    public function consume()
    {
        $this->used = true;
--- a/flexiapi/database/factories/AccountFactory.php
+++ b/flexiapi/database/factories/AccountFactory.php
@ -55,6 +55,13 @@ class AccountFactory extends Factory
        ]);
    }
    public function deactivated()
    {
        return $this->state(fn (array $attributes) => [
            'activated' => false,
        ]);
    }
    public function withEmail()
    {
        return $this->state(fn (array $attributes) => [
--- a/flexiapi/tests/Feature/AccountProvisioningTest.php
+++ b/flexiapi/tests/Feature/AccountProvisioningTest.php
@ -56,6 +56,35 @@ class AccountProvisioningTest extends TestCase
            ->assertDontSee('ha1');
    }
    public function testDontProvisionHeaderDisabled()
    {
        $account = Account::factory()->deactivated()->create();
        $account->generateApiKey();
        $this->assertEquals(false, $account->activated);
        $this->assertFalse($account->currentProvisioningToken->used);
        // /provisioning/me
        $this->keyAuthenticated($account)
            ->get($this->accountRoute)
            ->assertStatus(400);
        $account->refresh();
        $this->assertEquals(false, $account->activated);
        $this->assertFalse($account->currentProvisioningToken->used);
        // /provisioning/{token}
        $this->keyAuthenticated($account)
            ->get($this->route . '/' . $account->currentProvisioningToken->token)
            ->assertStatus(400);
        $account->refresh();
        $this->assertEquals(false, $account->activated);
        $this->assertFalse($account->currentProvisioningToken->used);
    }
    public function testXLinphoneProvisioningHeader()
    {
        $this->withHeaders([
@ -166,7 +195,9 @@ class AccountProvisioningTest extends TestCase
    public function testConfirmationKeyProvisioning()
    {
-        $response = $this->get($this->route . '/1234');
+        $response = $this->withHeaders([
            'x-linphone-provisioning' => true,
        ])->get($this->route . '/1234');
        $response->assertStatus(404);
        $password = Password::factory()->create();