Fix #99 Remove username restriction in Public unsecure endpoint

2026-01-17 10:08:05 +00:00 · 2023-05-04 14:36:53 +00:00 · 2023-05-04 14:36:53 +00:00 · f409f19ab4
commit f409f19ab4
parent 23f35da223
2 changed files with 10 additions and 17 deletions
--- a/flexiapi/app/Http/Controllers/Api/AccountController.php
+++ b/flexiapi/app/Http/Controllers/Api/AccountController.php
@ -91,9 +91,8 @@ class AccountController extends Controller

        $request->validate([
            'username' => [
-                'prohibits:phone',
+                'required_without:phone',
                new NoUppercase,
-                new IsNotPhoneNumber,
                new BlacklistedUsername,
                new SIPUsername,
                Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
@ -112,7 +111,7 @@ class AccountController extends Controller
                : 'required_without:phone|email',
            'phone' => [
                'required_without:email',
-                'prohibits:username',
+                'required_without:username',
                'unique:aliases,alias',
                'unique:accounts,username',
                new WithoutSpaces, 'starts_with:+'
@ -134,7 +133,7 @@ class AccountController extends Controller
            : config('app.sip_domain');
        $account->ip_address = $request->ip();
        $account->creation_time = Carbon::now();
-        $account->user_agent = config('app.name');
+        $account->user_agent = $request->header('User-Agent') ?? config('app.name');
        $account->provision();
        $account->save();

@ -154,6 +153,7 @@ class AccountController extends Controller
            $account->save();

            Log::channel('events')->info('API: Account created using the public endpoint by phone', ['id' => $account->identifier]);
+            Log::channel('events')->info('OVH SMS sending: Sending an SMS with the recovery code', ['id' => $account->identifier, 'confirmation_key', $account->conformation_key]);

            $ovhSMS = new OvhSMS;
            $ovhSMS->send($request->get('phone'), 'Your ' . config('app.name') . ' recovery code is ' . $account->confirmation_key);
--- a/flexiapi/tests/Feature/ApiAccountTest.php
+++ b/flexiapi/tests/Feature/ApiAccountTest.php
@ -699,8 +699,11 @@ class ApiAccountTest extends TestCase
            ->assertJsonValidationErrors(['account_creation_token']);

        $token = AccountCreationToken::factory()->create();
+        $userAgent = 'User Agent Test';

-        $this->json($this->method, $this->route . '/public', [
+        $this->withHeaders([
+            'User-Agent' => $userAgent,
+        ])->json($this->method, $this->route . '/public', [
            'username' => $username,
            'algorithm' => 'SHA-256',
            'password' => '2',
@ -736,7 +739,8 @@ class ApiAccountTest extends TestCase

        $this->assertDatabaseHas('accounts', [
            'username' => $username,
-            'domain' => config('app.sip_domain')
+            'domain' => config('app.sip_domain'),
+            'user_agent' => $userAgent
        ]);
    }

@ -746,17 +750,6 @@ class ApiAccountTest extends TestCase

        config()->set('app.dangerous_endpoints', true);

-        // Username and phone
-        $this->json($this->method, $this->route . '/public', [
-            'username' => 'myusername',
-            'phone' => $phone,
-            'algorithm' => 'SHA-256',
-            'password' => '2',
-            'email' => 'john@doe.tld',
-        ])
-            ->assertStatus(422)
-            ->assertJsonValidationErrors(['phone', 'username']);
-
        // Bad phone format
        $this->json($this->method, $this->route . '/public', [
            'phone' => 'username',