diff --git a/flexiapi/app/Account.php b/flexiapi/app/Account.php
index ff77ec7..ba14374 100644
--- a/flexiapi/app/Account.php
+++ b/flexiapi/app/Account.php
@@ -307,7 +307,7 @@ class Account extends Authenticatable
->exists();
}
- public function updatePassword($newPassword, $algorithm)
+ public function updatePassword($newPassword, ?string $algorithm = 'SHA-256')
{
$this->passwords()->delete();
diff --git a/flexiapi/app/Http/Controllers/Account/ProvisioningController.php b/flexiapi/app/Http/Controllers/Account/ProvisioningController.php
index d9d94bd..23427d1 100644
--- a/flexiapi/app/Http/Controllers/Account/ProvisioningController.php
+++ b/flexiapi/app/Http/Controllers/Account/ProvisioningController.php
@@ -32,7 +32,7 @@ use Endroid\QrCode\Writer\PngWriter;
class ProvisioningController extends Controller
{
- public function qrcode(Request $request, $provisioningToken)
+ public function qrcode(Request $request, string $provisioningToken)
{
$account = Account::withoutGlobalScopes()
->where('provisioning_token', $provisioningToken)
@@ -40,16 +40,26 @@ class ProvisioningController extends Controller
if ($account->activationExpired()) abort(404);
+ $params = ['provisioning_token' => $provisioningToken];
+
+ if ($request->has('reset_password')) {
+ $params['reset_password'] = true;
+ }
+
+ $url = route('provisioning.show', $params);
+
$result = Builder::create()
->writer(new PngWriter())
- ->data(route('provisioning.show', ['provisioning_token' => $provisioningToken]))
+ ->data($url)
->encoding(new Encoding('UTF-8'))
->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
->size(300)
->margin(10)
->build();
- return response($result->getString())->header('Content-Type', $result->getMimeType());
+ return response($result->getString())
+ ->header('Content-Type', $result->getMimeType())
+ ->header('X-Qrcode-URL', $url);
}
/**
@@ -133,6 +143,11 @@ class ProvisioningController extends Controller
->first();
}
+ // Password reset
+ if ($request->has('reset_password')) {
+ $account->updatePassword(Str::random(10));
+ }
+
$section = $dom->createElement('section');
$section->setAttribute('name', 'misc');
diff --git a/flexiapi/resources/views/api/documentation_markdown.blade.php b/flexiapi/resources/views/api/documentation_markdown.blade.php
index de1f4ca..32a6a55 100644
--- a/flexiapi/resources/views/api/documentation_markdown.blade.php
+++ b/flexiapi/resources/views/api/documentation_markdown.blade.php
@@ -453,17 +453,25 @@ When an account is having an available `provisioning_token` it can be provisione
Public
Return the provisioning information available in the liblinphone configuration file (if correctly configured).
-### `GET /provisioning/{provisioning_token}`
+### `GET /provisioning/{provisioning_token}?reset_password`
Public
Return the provisioning information available in the liblinphone configuration file.
If the `provisioning_token` is valid the related account information are added to the returned XML. The account is then considered as "provisioned" and those account related information will be removed in the upcoming requests (the content will be the same as the previous url).
If the account is not activated and the `provisioning_token` is valid. The account will be activated.
-### `GET /provisioning/qrcode/{provisioning_token}`
+URL parameters:
+
+* `reset_password` optional, reset the password while doing the provisioning
+
+### `GET /provisioning/qrcode/{provisioning_token}?reset_password`
Public
Return a QRCode that points to the provisioning URL.
+URL parameters:
+
+* `reset_password` optional, reset the password while doing the provisioning
+
### `GET /provisioning/me`
User
Return the same base content as the previous URL and the account related information, similar to the `provisioning_token` endpoint. However this endpoint will always return those information.
diff --git a/flexiapi/tests/Feature/AccountProvisioningTest.php b/flexiapi/tests/Feature/AccountProvisioningTest.php
index 43dadcb..c35c4af 100644
--- a/flexiapi/tests/Feature/AccountProvisioningTest.php
+++ b/flexiapi/tests/Feature/AccountProvisioningTest.php
@@ -88,7 +88,7 @@ class AccountProvisioningTest extends TestCase
$password->account->refresh();
// And use the fresh provisioning token
- $this->get($this->route.'/'.$password->account->provisioning_token)
+ $this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee($password->account->username)
@@ -96,9 +96,42 @@ class AccountProvisioningTest extends TestCase
->assertSee('ha1');
}
+ public function testPasswordResetProvisioning()
+ {
+ $password = Password::factory()->create();
+ $password->account->generateApiKey();
+
+ $currentPassword = $password->password;
+
+ $provioningUrl = route(
+ 'provisioning.show',
+ [
+ 'provisioning_token' => $password->account->provisioning_token,
+ 'reset_password' => true
+ ]
+ );
+
+ // Check the QRCode
+ $this->get($this->route . '/qrcode/' . $password->account->provisioning_token . '?reset_password')
+ ->assertStatus(200)
+ ->assertHeader('Content-Type', 'image/png')
+ ->assertHeader('X-Qrcode-URL', $provioningUrl);
+
+ // And use the fresh provisioning token
+ $this->get($provioningUrl)
+ ->assertStatus(200)
+ ->assertHeader('Content-Type', 'application/xml')
+ ->assertSee($password->account->username)
+ ->assertSee($password->account->display_name)
+ ->assertSee('ha1')
+ ->assertSee($password->account->passwords()->first()->password);
+
+ $this->assertNotEquals($password->account->passwords()->first()->password, $currentPassword);
+ }
+
public function testConfirmationKeyProvisioning()
{
- $response = $this->get($this->route.'/1234');
+ $response = $this->get($this->route . '/1234');
$response->assertStatus(200);
$response->assertHeader('Content-Type', 'application/xml');
$response->assertDontSee('ha1');
@@ -109,7 +142,7 @@ class AccountProvisioningTest extends TestCase
$password->account->save();
// Ensure that we get the authentication password once
- $response = $this->get($this->route.'/'.$password->account->provisioning_token)
+ $response = $this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee('ha1');
@@ -118,7 +151,7 @@ class AccountProvisioningTest extends TestCase
$this->assertEquals(true, DBAccount::where('id', $password->account->id)->first()->activated);
// And then twice
- $response = $this->get($this->route.'/'.$password->account->provisioning_token)
+ $response = $this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertDontSee('ha1');
@@ -132,7 +165,7 @@ class AccountProvisioningTest extends TestCase
$admin->account->generateApiKey();
$this->keyAuthenticated($admin->account)
- ->json($this->method, '/api/accounts/'.$password->account->id.'/provision')
+ ->json($this->method, '/api/accounts/' . $password->account->id . '/provision')
->assertStatus(200)
->assertSee('provisioning_token')
->assertDontSee($provisioningToken);
@@ -142,7 +175,7 @@ class AccountProvisioningTest extends TestCase
$this->assertNotEquals($provisioningToken, $password->account->provisioning_token);
// And then provision one last time
- $this->get($this->route.'/'.$password->account->provisioning_token)
+ $this->get($this->route . '/' . $password->account->provisioning_token)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee('ha1');
@@ -169,7 +202,7 @@ class AccountProvisioningTest extends TestCase
// Use the auth_token to provision the account
$this->assertEquals(AuthToken::count(), 1);
- $this->get($this->route.'/auth_token/'.$authToken)
+ $this->get($this->route . '/auth_token/' . $authToken)
->assertStatus(200)
->assertHeader('Content-Type', 'application/xml')
->assertSee('ha1');
@@ -177,7 +210,7 @@ class AccountProvisioningTest extends TestCase
$this->assertEquals(AuthToken::count(), 0);
// Try to re-use the auth_token
- $this->get($this->route.'/auth_token/'.$authToken)
+ $this->get($this->route . '/auth_token/' . $authToken)
->assertStatus(404);
}
}