diff --git a/pub/api/classes/API_apitoken.php b/pub/api/classes/API_apitoken.php index 6c8b5cf..4e19144 100644 --- a/pub/api/classes/API_apitoken.php +++ b/pub/api/classes/API_apitoken.php @@ -30,14 +30,15 @@ class API_apitoken extends API $api_token = bin2hex(random_bytes(64 / 2)); - $api_token_hash = password_hash($api_token, PASSWORD_BCRYPT, ["cost" => 12]); $api_token_expiration_timestamp = strtotime('+1 year'); - $query = "INSERT INTO system_api_tokens (api_token_uuid, user_uuid, api_token, api_token_expiration_timestamp, api_token_created_timestamp) VALUES (UUID(), ?, ?, ?, ?)"; - + $api_token_name = $this->data['api_token_name'] ?? null; + $query = "INSERT INTO system_api_tokens (api_token_uuid, user_uuid, api_token, api_token_name, api_token_expiration_timestamp, api_token_created_timestamp) VALUES (UUID(), ?, ?, ?, ?, ?)"; $stmt = $this->prepareStatement($query); - $stmt->bind_param('ssii', $this->data['user_uuid'], $api_token_hash, $api_token_expiration_timestamp, time()); + $created_timestamp = time(); + + $stmt->bind_param('sssii', $this->data['user_uuid'], $api_token_hash, $api_token_name, $api_token_expiration_timestamp, $created_timestamp); $this->executeStatement($stmt); diff --git a/pub/api/v1/user/apitoken/index.php b/pub/api/v1/user/apitoken/index.php index 3979ed2..280b43f 100644 --- a/pub/api/v1/user/apitoken/index.php +++ b/pub/api/v1/user/apitoken/index.php @@ -37,9 +37,14 @@ if ($API_apitoken->request_method === 'GET') { # Creates a new API Token. First check if the uuid is correct and then check the permission # After that create a new token, retrieve the newly created api_token and give a response. $requiredFields = [ - 'user_uuid' => ['type' => 'uuid'], + 'user_uuid' => ['type' => 'uuid'] ]; - $API_apitoken->validateData($requiredFields); + + $optionalFields = [ + 'api_token_name' => ['type' => 'string'] + ]; + + $API_apitoken->validateData($requiredFields, $optionalFields); # First retrieve the user_uuid from the post and lookup the user require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php'; @@ -48,8 +53,6 @@ if ($API_apitoken->request_method === 'GET') { $_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_apitoken->data['user_uuid']]]]; $user_data = $API_users->getUser()[0]; - $API_apitoken->validateData($requiredFields); - if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) { $API_apitoken->checkPermissions('user-apitoken-self', 'RW'); @@ -57,6 +60,7 @@ if ($API_apitoken->request_method === 'GET') { if ($user_data['user_email'] === 'superuser') { $API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']); } + $API_apitoken->checkPermissions('user-apitoken-others', 'RW'); } diff --git a/pub/bin/locales/en.php b/pub/bin/locales/en.php index 0a3c7c6..1f57256 100644 --- a/pub/bin/locales/en.php +++ b/pub/bin/locales/en.php @@ -242,7 +242,7 @@ return [ 'api_token' => 'API token', 'api_tokens' => 'API tokens', 'api_token_copy_new' => 'This token is visible only once. Make sure to copy and save it now if you plan to use it later.', - 'generate_new_api_token' => 'Generate new API token', + 'generate_new_api_token' => 'Generate', 'inserve_url' => 'Inserve URL', 'inserve_source' => 'Inserve Configuration', 'test_connection' => 'Test Connection', diff --git a/pub/bin/locales/nl.php b/pub/bin/locales/nl.php index 382a844..7e3dcaa 100644 --- a/pub/bin/locales/nl.php +++ b/pub/bin/locales/nl.php @@ -242,7 +242,7 @@ return [ 'api_token' => 'API token', 'api_tokens' => 'API tokens', 'api_token_copy_new' => 'Deze token is alleen nu zichtbaar, kopieer hem nu als je hem later wilt gebruiken.', - 'generate_new_api_token' => 'Genereer API token', + 'generate_new_api_token' => 'Genereer', 'inserve_url' => 'Inserve URL', 'inserve_source' => 'Inserve Configuratie', 'test_connection' => 'Test Connectie', diff --git a/pub/bin/pages/pageUserProfile_view.php b/pub/bin/pages/pageUserProfile_view.php index 9903463..9a06205 100644 --- a/pub/bin/pages/pageUserProfile_view.php +++ b/pub/bin/pages/pageUserProfile_view.php @@ -275,9 +275,12 @@ if ($user_data) { ?>
@@ -286,6 +289,7 @@ if ($user_data) { ?>