From e2aeab285a93645c49bf5f35c228ba4710405b29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?= Date: Mon, 15 Feb 2021 10:05:33 +0100 Subject: [PATCH] Allow admin accounts creation through the admin account creation API Fix a small issue in the account panel authentication controller (realm->domain) Update the dependencies Bump the release version --- flexiapi/app/Account.php | 1 - flexiapi/app/Admin.php | 1 + .../Account/AuthenticateController.php | 2 +- .../Api/Admin/AccountController.php | 13 ++++- flexiapi/composer.lock | 49 ++++++++++--------- .../resources/views/documentation.blade.php | 1 + flexiapi/tests/Feature/AccountApiTest.php | 29 +++++++++++ flexisip-account-manager.spec | 2 +- 8 files changed, 69 insertions(+), 29 deletions(-) diff --git a/flexiapi/app/Account.php b/flexiapi/app/Account.php index 3950422..8e212a1 100644 --- a/flexiapi/app/Account.php +++ b/flexiapi/app/Account.php @@ -32,7 +32,6 @@ use App\EmailChanged; use App\Helpers\Utils; use App\Events\AccountDeleting; use App\Mail\ChangingEmail; -use App\Mail\ChangedEmail; class Account extends Authenticatable { diff --git a/flexiapi/app/Admin.php b/flexiapi/app/Admin.php index 5c56380..ba02c26 100644 --- a/flexiapi/app/Admin.php +++ b/flexiapi/app/Admin.php @@ -28,6 +28,7 @@ class Admin extends Model protected $connection = 'local'; protected $table = 'admins'; + protected $hidden = ['id', 'account_id']; public function account() { diff --git a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php index 6d7a080..0894e13 100644 --- a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php +++ b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php @@ -59,7 +59,7 @@ class AuthenticateController extends Controller foreach ($account->passwords as $password) { if (hash_equals( $password->password, - Utils::bchash($request->get('username'), $account->resolvedRealm, $request->get('password'), $password->algorithm) + Utils::bchash($request->get('username'), $account->domain, $request->get('password'), $password->algorithm) )) { Auth::login($account); return redirect()->route('account.panel'); diff --git a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php index b760c7f..8b1cf92 100644 --- a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php +++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php @@ -26,6 +26,7 @@ use Illuminate\Validation\Rule; use Carbon\Carbon; use App\Account; +use App\Admin; use App\Password; use App\Rules\WithoutSpaces; use App\Helpers\Utils; @@ -81,11 +82,10 @@ class AccountController extends Controller 'algorithm' => 'required|in:SHA-256,MD5', 'password' => 'required|filled', 'domain' => 'min:3', + 'admin' => 'boolean|nullable', 'activated' => 'boolean|nullable', ]); - $algorithm = $request->has('password_sha256') ? 'SHA-256' : 'MD5'; - $account = new Account; $account->username = $request->get('username'); $account->email = $request->get('email'); @@ -111,6 +111,15 @@ class AccountController extends Controller $password->algorithm = $request->get('algorithm'); $password->save(); + if ($request->has('admin') && (bool)$request->get('admin')) { + $admin = new Admin; + $admin->account_id = $account->id; + $admin->save(); + } + + // Full reload + $account = Account::withoutGlobalScopes()->find($account->id); + return response()->json($account->makeVisible(['confirmation_key'])); } } diff --git a/flexiapi/composer.lock b/flexiapi/composer.lock index ba2e1a1..984e067 100644 --- a/flexiapi/composer.lock +++ b/flexiapi/composer.lock @@ -970,16 +970,16 @@ }, { "name": "laravel/framework", - "version": "v8.26.1", + "version": "v8.27.0", "source": { "type": "git", "url": "https://github.com/laravel/framework.git", - "reference": "275c78c97e007e4a9d771d4d1caa1c77ebfdcf94" + "reference": "a6680d98f9dadaa363aa7d5218517a08706cee64" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/framework/zipball/275c78c97e007e4a9d771d4d1caa1c77ebfdcf94", - "reference": "275c78c97e007e4a9d771d4d1caa1c77ebfdcf94", + "url": "https://api.github.com/repos/laravel/framework/zipball/a6680d98f9dadaa363aa7d5218517a08706cee64", + "reference": "a6680d98f9dadaa363aa7d5218517a08706cee64", "shasum": "" }, "require": { @@ -1134,7 +1134,7 @@ "issues": "https://github.com/laravel/framework/issues", "source": "https://github.com/laravel/framework" }, - "time": "2021-02-02T14:07:24+00:00" + "time": "2021-02-09T15:14:54+00:00" }, { "name": "laravel/tinker", @@ -1683,16 +1683,16 @@ }, { "name": "nesbot/carbon", - "version": "2.45.0", + "version": "2.45.1", "source": { "type": "git", "url": "https://github.com/briannesbitt/Carbon.git", - "reference": "e2ba3174ce869da1713c38340dbb36572dfacd5a" + "reference": "528783b188bdb853eb21239b1722831e0f000a8d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/e2ba3174ce869da1713c38340dbb36572dfacd5a", - "reference": "e2ba3174ce869da1713c38340dbb36572dfacd5a", + "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/528783b188bdb853eb21239b1722831e0f000a8d", + "reference": "528783b188bdb853eb21239b1722831e0f000a8d", "shasum": "" }, "require": { @@ -1772,7 +1772,7 @@ "type": "tidelift" } ], - "time": "2021-02-07T21:35:59+00:00" + "time": "2021-02-11T18:30:17+00:00" }, { "name": "nikic/php-parser", @@ -2067,24 +2067,25 @@ }, { "name": "propaganistas/laravel-phone", - "version": "4.2.7", + "version": "4.3.0", "source": { "type": "git", "url": "https://github.com/Propaganistas/Laravel-Phone.git", - "reference": "f2765e308977511c7ee42a48d635dca7026fa427" + "reference": "6953b54542f530c75ab8eb953b38cca4bfdc5d88" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Propaganistas/Laravel-Phone/zipball/f2765e308977511c7ee42a48d635dca7026fa427", - "reference": "f2765e308977511c7ee42a48d635dca7026fa427", + "url": "https://api.github.com/repos/Propaganistas/Laravel-Phone/zipball/6953b54542f530c75ab8eb953b38cca4bfdc5d88", + "reference": "6953b54542f530c75ab8eb953b38cca4bfdc5d88", "shasum": "" }, "require": { "giggsey/libphonenumber-for-php": "^7.0|^8.0", - "illuminate/support": "^6.0|^7.0|^8.0", - "illuminate/validation": "^6.0|^7.0|^8.0", + "illuminate/contracts": "^8.9", + "illuminate/support": "^8.0", + "illuminate/validation": "^8.0", "league/iso3166": "^2.0|^3.0", - "php": "^7.1|^8.0" + "php": "^7.3|^8.0" }, "require-dev": { "orchestra/testbench": "*", @@ -2126,9 +2127,9 @@ ], "support": { "issues": "https://github.com/Propaganistas/Laravel-Phone/issues", - "source": "https://github.com/Propaganistas/Laravel-Phone/tree/4.2.7" + "source": "https://github.com/Propaganistas/Laravel-Phone/tree/4.3.0" }, - "time": "2020-12-06T10:57:11+00:00" + "time": "2021-02-11T17:06:47+00:00" }, { "name": "psr/container", @@ -5320,16 +5321,16 @@ }, { "name": "facade/ignition", - "version": "2.5.11", + "version": "2.5.12", "source": { "type": "git", "url": "https://github.com/facade/ignition.git", - "reference": "e91d67353054bf827c64687fcac5ea44e4dcec54" + "reference": "be73521836f978106b3c3cf57de7eaeb261af520" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/facade/ignition/zipball/e91d67353054bf827c64687fcac5ea44e4dcec54", - "reference": "e91d67353054bf827c64687fcac5ea44e4dcec54", + "url": "https://api.github.com/repos/facade/ignition/zipball/be73521836f978106b3c3cf57de7eaeb261af520", + "reference": "be73521836f978106b3c3cf57de7eaeb261af520", "shasum": "" }, "require": { @@ -5393,7 +5394,7 @@ "issues": "https://github.com/facade/ignition/issues", "source": "https://github.com/facade/ignition" }, - "time": "2021-02-05T12:52:11+00:00" + "time": "2021-02-15T07:55:43+00:00" }, { "name": "facade/ignition-contracts", diff --git a/flexiapi/resources/views/documentation.blade.php b/flexiapi/resources/views/documentation.blade.php index 880bc67..42290af 100644 --- a/flexiapi/resources/views/documentation.blade.php +++ b/flexiapi/resources/views/documentation.blade.php @@ -141,6 +141,7 @@ For the moment only DIGEST-MD5 and DIGEST-SHA-256 are supported through the auth
  • algorithm required, values can be SHA-256 or MD5
  • domain optional, the value is set to the default registration domain if not set
  • activated optional, a boolean, set to false by default
    • +
  • admin optional, a boolean, set to false by default, create an admin account

    • GET /accounts

    diff --git a/flexiapi/tests/Feature/AccountApiTest.php b/flexiapi/tests/Feature/AccountApiTest.php index 0fc11f5..dd2038c 100644 --- a/flexiapi/tests/Feature/AccountApiTest.php +++ b/flexiapi/tests/Feature/AccountApiTest.php @@ -151,6 +151,35 @@ class AccountApiTest extends TestCase $response1->assertStatus(422); } + public function testAdmin() + { + $admin = Admin::factory()->create(); + $admin->account->generateApiKey(); + $password = $admin->account->passwords()->first(); + + $username = 'username'; + + $response0 = $this->generateFirstResponse($password); + $response1 = $this->generateSecondResponse($password, $response0) + ->json($this->method, $this->route, [ + 'username' => $username, + 'algorithm' => 'SHA-256', + 'password' => '2', + 'admin' => true, + ]); + + $response1 + ->assertStatus(200) + ->assertJson([ + 'id' => 2, + 'username' => $username, + 'domain' => config('app.sip_domain'), + 'admin' => true, // Not a boolean but actually the admin JSON object + ]); + + $this->assertTrue(!empty($response1['confirmation_key'])); + } + public function testActivated() { $admin = Admin::factory()->create(); diff --git a/flexisip-account-manager.spec b/flexisip-account-manager.spec index 1f8e8b0..579a37e 100644 --- a/flexisip-account-manager.spec +++ b/flexisip-account-manager.spec @@ -8,7 +8,7 @@ #%define _datadir %{_datarootdir} #%define _docdir %{_datadir}/doc -%define build_number 50 +%define build_number 51 %define var_dir /var/opt/belledonne-communications %define opt_dir /opt/belledonne-communications/share/flexisip-account-manager %define env_file "$RPM_BUILD_ROOT/etc/flexisip-account-manager/flexiapi.env"