mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-02-07 13:58:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix #79 Add a refresh_password parameter to the provisioning URLs

Browse source
This commit is contained in:
Timothée Jaussoin 2023-03-15 16:16:58 +00:00
parent eb0c97804e
commit d0f5bf24f5
4 changed files with 70 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flexiapi/app/Account.php
View file

@ -307,7 +307,7 @@ class Account extends Authenticatable
->exists();
}
public function updatePassword($newPassword, $algorithm)
public function updatePassword($newPassword, ?string $algorithm = 'SHA-256')
{
$this->passwords()->delete();

21
flexiapi/app/Http/Controllers/Account/ProvisioningController.php
View file

@ -32,7 +32,7 @@ use Endroid\QrCode\Writer\PngWriter;
class ProvisioningController extends Controller
{
public function qrcode(Request $request, $provisioningToken)
public function qrcode(Request $request, string $provisioningToken)
{
$account = Account::withoutGlobalScopes()
->where('provisioning_token', $provisioningToken)
@ -40,16 +40,26 @@ class ProvisioningController extends Controller
if ($account->activationExpired()) abort(404);
$params = ['provisioning_token' => $provisioningToken];
if ($request->has('reset_password')) {
$params['reset_password'] = true;
}
$url = route('provisioning.show', $params);
$result = Builder::create()
->writer(new PngWriter())
->data(route('provisioning.show', ['provisioning_token' => $provisioningToken]))
->data($url)
->encoding(new Encoding('UTF-8'))
->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
->size(300)
->margin(10)
->build();
return response($result->getString())->header('Content-Type', $result->getMimeType());
return response($result->getString())
->header('Content-Type', $result->getMimeType())
->header('X-Qrcode-URL', $url);
}
/**
@ -133,6 +143,11 @@ class ProvisioningController extends Controller
->first();
}
// Password reset
if ($request->has('reset_password')) {
$account->updatePassword(Str::random(10));
}
$section = $dom->createElement('section');
$section->setAttribute('name', 'misc');

12
flexiapi/resources/views/api/documentation_markdown.blade.php
View file

@ -453,17 +453,25 @@ When an account is having an available `provisioning_token` it can be provisione
<span class="badge badge-success">Public</span>
Return the provisioning information available in the liblinphone configuration file (if correctly configured).
### `GET /provisioning/{provisioning_token}`
### `GET /provisioning/{provisioning_token}?reset_password`
<span class="badge badge-success">Public</span>
Return the provisioning information available in the liblinphone configuration file.
If the `provisioning_token` is valid the related account information are added to the returned XML. The account is then considered as "provisioned" and those account related information will be removed in the upcoming requests (the content will be the same as the previous url).
If the account is not activated and the `provisioning_token` is valid. The account will be activated.
### `GET /provisioning/qrcode/{provisioning_token}`
URL parameters:
* `reset_password` optional, reset the password while doing the provisioning
### `GET /provisioning/qrcode/{provisioning_token}?reset_password`
<span class="badge badge-success">Public</span>
Return a QRCode that points to the provisioning URL.
URL parameters:
* `reset_password` optional, reset the password while doing the provisioning
### `GET /provisioning/me`
<span class="badge badge-info">User</span>
Return the same base content as the previous URL and the account related information, similar to the `provisioning_token` endpoint. However this endpoint will always return those information.

49
flexiapi/tests/Feature/AccountProvisioningTest.php
View file

@ -88,7 +88,7 @@ class AccountProvisioningTest extends TestCase
$password->account->refresh();
// And use the fresh provisioning token
$this->get($this->route.'/'.$password->account->provisioning_token)
$this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee($password->account->username)
@ -96,9 +96,42 @@ class AccountProvisioningTest extends TestCase
->assertSee('ha1');
}
public function testPasswordResetProvisioning()
{
$password = Password::factory()->create();
$password->account->generateApiKey();
$currentPassword = $password->password;
$provioningUrl = route(
'provisioning.show',
[
'provisioning_token' => $password->account->provisioning_token,
'reset_password' => true
]
);
// Check the QRCode
$this->get($this->route . '/qrcode/' . $password->account->provisioning_token . '?reset_password')
->assertStatus(200)
->assertHeader('Content-Type', 'image/png')
->assertHeader('X-Qrcode-URL', $provioningUrl);
// And use the fresh provisioning token
$this->get($provioningUrl)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee($password->account->username)
->assertSee($password->account->display_name)
->assertSee('ha1')
->assertSee($password->account->passwords()->first()->password);
$this->assertNotEquals($password->account->passwords()->first()->password, $currentPassword);
}
public function testConfirmationKeyProvisioning()
{
$response = $this->get($this->route.'/1234');
$response = $this->get($this->route . '/1234');
$response->assertStatus(200);
$response->assertHeader('Content-Type', 'application/xml');
$response->assertDontSee('ha1');
@ -109,7 +142,7 @@ class AccountProvisioningTest extends TestCase
$password->account->save();
// Ensure that we get the authentication password once
$response = $this->get($this->route.'/'.$password->account->provisioning_token)
$response = $this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee('ha1');
@ -118,7 +151,7 @@ class AccountProvisioningTest extends TestCase
$this->assertEquals(true, DBAccount::where('id', $password->account->id)->first()->activated);
// And then twice
$response = $this->get($this->route.'/'.$password->account->provisioning_token)
$response = $this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertDontSee('ha1');
@ -132,7 +165,7 @@ class AccountProvisioningTest extends TestCase
$admin->account->generateApiKey();
$this->keyAuthenticated($admin->account)
->json($this->method, '/api/accounts/'.$password->account->id.'/provision')
->json($this->method, '/api/accounts/' . $password->account->id . '/provision')
->assertStatus(200)
->assertSee('provisioning_token')
->assertDontSee($provisioningToken);
@ -142,7 +175,7 @@ class AccountProvisioningTest extends TestCase
$this->assertNotEquals($provisioningToken, $password->account->provisioning_token);
// And then provision one last time
$this->get($this->route.'/'.$password->account->provisioning_token)
$this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee('ha1');
@ -169,7 +202,7 @@ class AccountProvisioningTest extends TestCase
// Use the auth_token to provision the account
$this->assertEquals(AuthToken::count(), 1);
$this->get($this->route.'/auth_token/'.$authToken)
$this->get($this->route . '/auth_token/' . $authToken)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee('ha1');
@ -177,7 +210,7 @@ class AccountProvisioningTest extends TestCase
$this->assertEquals(AuthToken::count(), 0);
// Try to re-use the auth_token
$this->get($this->route.'/auth_token/'.$authToken)
$this->get($this->route . '/auth_token/' . $authToken)
->assertStatus(404);
}
}