mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-02-16 18:55:15 +00:00
Code Issues Projects Releases Wiki Activity

API user creation behing a toggle

Browse source 
I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.

I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
This commit is contained in:
Jeremy Benoist 2017-06-02 10:19:33 +02:00
parent a687c8d915
commit 426bb453d2
No known key found for this signature in database
GPG key ID: BCA73962457ACC3C
10 changed files with 297 additions and 343 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
app/DoctrineMigrations/Version20170602075214.php Normal file
View file

@ -0,0 +1,52 @@
<?php
namespace Application\Migrations;
use Doctrine\DBAL\Migrations\AbstractMigration;
use Doctrine\DBAL\Schema\Schema;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
/**
* Add api_user_registration in craue_config_setting.
*/
class Version20170602075214 extends AbstractMigration implements ContainerAwareInterface
{
/**
* @var ContainerInterface
*/
private $container;
public function setContainer(ContainerInterface $container = null)
{
$this->container = $container;
}
private function getTable($tableName)
{
return $this->container->getParameter('database_table_prefix').$tableName;
}
/**
* @param Schema $schema
*/
public function up(Schema $schema)
{
$apiUserRegistration = $this->container
->get('doctrine.orm.default_entity_manager')
->getConnection()
->fetchArray('SELECT * FROM '.$this->getTable('craue_config_setting')." WHERE name = 'api_user_registration'");
$this->skipIf(false !== $apiUserRegistration, 'It seems that you already played this migration.');
$this->addSql('INSERT INTO '.$this->getTable('craue_config_setting')." (name, value, section) VALUES ('api_user_registration', '0', 'api')");
}
/**
* @param Schema $schema
*/
public function down(Schema $schema)
{
$this->addSql('DELETE FROM '.$this->getTable('craue_config_setting')." WHERE name = 'api_user_registration';");
}
}

129
app/config/config.yml
View file

@ -62,6 +62,135 @@ wallabag_core:
fetching_error_message: |
wallabag can't retrieve contents for this article. Please <a href="http://doc.wallabag.org/en/user/errors_during_fetching.html#how-can-i-help-to-fix-that">troubleshoot this issue</a>.
api_limit_mass_actions: 10
default_internal_settings:
-
name: share_public
value: 1
section: entry
-
name: carrot
value: 1
section: entry
-
name: share_diaspora
value: 1
section: entry
-
name: diaspora_url
value: http://diasporapod.com
section: entry
-
name: share_unmark
value: 1
section: entry
-
name: unmark_url
value: https://unmark.it
section: entry
-
name: share_shaarli
value: 1
section: entry
-
name: share_scuttle
value: 1
section: entry
-
name: shaarli_url
value: http://myshaarli.com
section: entry
-
name: scuttle_url
value: http://scuttle.org
section: entry
-
name: share_mail
value: 1
section: entry
-
name: share_twitter
value: 1
section: entry
-
name: show_printlink
value: 1
section: entry
-
name: restricted_access
value: 0
section: entry
-
name: export_epub
value: 1
section: export
-
name: export_mobi
value: 1
section: export
-
name: export_pdf
value: 1
section: export
-
name: export_csv
value: 1
section: export
-
name: export_json
value: 1
section: export
-
name: export_txt
value: 1
section: export
-
name: export_xml
value: 1
section: export
-
name: import_with_redis
value: 0
section: import
-
name: import_with_rabbitmq
value: 0
section: import
-
name: piwik_enabled
value: 0
section: analytics
-
name: piwik_host
value: v2.wallabag.org
section: analytics
-
name: piwik_site_id
value: 1
section: analytics
-
name: demo_mode_enabled
value: 0
section: misc
-
name: demo_mode_username
value: wallabag
section: misc
-
name: download_images_enabled
value: 0
section: misc
-
name: wallabag_support_url
value: https://www.wallabag.org/pages/support.html
section: misc
-
name: wallabag_url
value: http://v2.wallabag.org
section: misc
-
name: api_user_registration
value: 0
section: api
wallabag_user:
registration_enabled: "%fosuser_registration%"

1
app/config/security.yml
View file

@ -56,6 +56,7 @@ security:
access_control:
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/version, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/user, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

6
src/Wallabag/ApiBundle/Controller/UserRestController.php
View file

@ -43,7 +43,7 @@ class UserRestController extends WallabagRestController
*/
public function putUserAction(Request $request)
{
if (!$this->container->getParameter('fosuser_registration')) {
if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) {
$json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json');
return (new JsonResponse())->setJson($json)->setStatusCode(403);
@ -51,8 +51,8 @@ class UserRestController extends WallabagRestController
$userManager = $this->get('fos_user.user_manager');
$user = $userManager->createUser();
// enable created user by default
$user->setEnabled(true);
// user will be disabled BY DEFAULT to avoid spamming account to be created
$user->setEnabled(false);
$form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [
'csrf_protection' => false,

160
src/Wallabag/CoreBundle/Command/InstallCommand.php
View file

@ -292,165 +292,7 @@ class InstallCommand extends ContainerAwareCommand
// cleanup before insert new stuff
$em->createQuery('DELETE FROM CraueConfigBundle:Setting')->execute();
$settings = [
[
'name' => 'share_public',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'carrot',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'share_diaspora',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'diaspora_url',
'value' => 'http://diasporapod.com',
'section' => 'entry',
],
[
'name' => 'share_unmark',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'unmark_url',
'value' => 'https://unmark.it',
'section' => 'entry',
],
[
'name' => 'share_shaarli',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'shaarli_url',
'value' => 'http://myshaarli.com',
'section' => 'entry',
],
[
'name' => 'share_scuttle',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'scuttle_url',
'value' => 'http://scuttle.org',
'section' => 'entry',
],
[
'name' => 'share_mail',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'share_twitter',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'export_epub',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_mobi',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_pdf',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_csv',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_json',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_txt',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_xml',
'value' => '1',
'section' => 'export',
],
[
'name' => 'import_with_redis',
'value' => '0',
'section' => 'import',
],
[
'name' => 'import_with_rabbitmq',
'value' => '0',
'section' => 'import',
],
[
'name' => 'show_printlink',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'wallabag_support_url',
'value' => 'https://www.wallabag.org/pages/support.html',
'section' => 'misc',
],
[
'name' => 'wallabag_url',
'value' => '',
'section' => 'misc',
],
[
'name' => 'piwik_enabled',
'value' => '0',
'section' => 'analytics',
],
[
'name' => 'piwik_host',
'value' => 'v2.wallabag.org',
'section' => 'analytics',
],
[
'name' => 'piwik_site_id',
'value' => '1',
'section' => 'analytics',
],
[
'name' => 'demo_mode_enabled',
'value' => '0',
'section' => 'misc',
],
[
'name' => 'demo_mode_username',
'value' => 'wallabag',
'section' => 'misc',
],
[
'name' => 'download_images_enabled',
'value' => '0',
'section' => 'misc',
],
[
'name' => 'restricted_access',
'value' => '0',
'section' => 'entry',
],
];
foreach ($settings as $setting) {
foreach ($this->getContainer()->getParameter('wallabag_core.default_internal_settings') as $setting) {
$newSetting = new Setting();
$newSetting->setName($setting['name']);
$newSetting->setValue($setting['value']);

174
src/Wallabag/CoreBundle/DataFixtures/ORM/LoadSettingData.php
View file

@ -6,173 +6,27 @@ use Doctrine\Common\DataFixtures\AbstractFixture;
use Doctrine\Common\DataFixtures\OrderedFixtureInterface;
use Doctrine\Common\Persistence\ObjectManager;
use Craue\ConfigBundle\Entity\Setting;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
class LoadSettingData extends AbstractFixture implements OrderedFixtureInterface
class LoadSettingData extends AbstractFixture implements OrderedFixtureInterface, ContainerAwareInterface
{
/**
* @var ContainerInterface
*/
private $container;
public function setContainer(ContainerInterface $container = null)
{
$this->container = $container;
}
/**
* {@inheritdoc}
*/
public function load(ObjectManager $manager)
{
$settings = [
[
'name' => 'share_public',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'carrot',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'share_diaspora',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'diaspora_url',
'value' => 'http://diasporapod.com',
'section' => 'entry',
],
[
'name' => 'share_unmark',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'unmark_url',
'value' => 'https://unmark.it',
'section' => 'entry',
],
[
'name' => 'share_shaarli',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'share_scuttle',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'shaarli_url',
'value' => 'http://myshaarli.com',
'section' => 'entry',
],
[
'name' => 'scuttle_url',
'value' => 'http://scuttle.org',
'section' => 'entry',
],
[
'name' => 'share_mail',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'share_twitter',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'export_epub',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_mobi',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_pdf',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_csv',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_json',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_txt',
'value' => '1',
'section' => 'export',
],
[
'name' => 'export_xml',
'value' => '1',
'section' => 'export',
],
[
'name' => 'import_with_redis',
'value' => '0',
'section' => 'import',
],
[
'name' => 'import_with_rabbitmq',
'value' => '0',
'section' => 'import',
],
[
'name' => 'show_printlink',
'value' => '1',
'section' => 'entry',
],
[
'name' => 'wallabag_support_url',
'value' => 'https://www.wallabag.org/pages/support.html',
'section' => 'misc',
],
[
'name' => 'wallabag_url',
'value' => 'http://v2.wallabag.org',
'section' => 'misc',
],
[
'name' => 'piwik_enabled',
'value' => '0',
'section' => 'analytics',
],
[
'name' => 'piwik_host',
'value' => 'v2.wallabag.org',
'section' => 'analytics',
],
[
'name' => 'piwik_site_id',
'value' => '1',
'section' => 'analytics',
],
[
'name' => 'demo_mode_enabled',
'value' => '0',
'section' => 'misc',
],
[
'name' => 'demo_mode_username',
'value' => 'wallabag',
'section' => 'misc',
],
[
'name' => 'download_images_enabled',
'value' => '0',
'section' => 'misc',
],
[
'name' => 'restricted_access',
'value' => '0',
'section' => 'entry',
],
];
foreach ($settings as $setting) {
foreach ($this->container->getParameter('wallabag_core.default_internal_settings') as $setting) {
$newSetting = new Setting();
$newSetting->setName($setting['name']);
$newSetting->setValue($setting['value']);

11
src/Wallabag/CoreBundle/DependencyInjection/Configuration.php
View file

@ -52,6 +52,17 @@ class Configuration implements ConfigurationInterface
->scalarNode('api_limit_mass_actions')
->defaultValue(10)
->end()
->arrayNode('default_internal_settings')
->prototype('array')
->children()
->scalarNode('name')->end()
->scalarNode('value')->end()
->enumNode('section')
->values(['entry', 'misc', 'api', 'analytics', 'export', 'import'])
->end()
->end()
->end()
->end()
->end()
;

1
src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php
View file

@ -28,6 +28,7 @@ class WallabagCoreExtension extends Extension
$container->setParameter('wallabag_core.fetching_error_message', $config['fetching_error_message']);
$container->setParameter('wallabag_core.fetching_error_message_title', $config['fetching_error_message_title']);
$container->setParameter('wallabag_core.api_limit_mass_actions', $config['api_limit_mass_actions']);
$container->setParameter('wallabag_core.default_internal_settings', $config['default_internal_settings']);
$loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
$loader->load('services.yml');

96
tests/Wallabag/ApiBundle/Controller/UserRestControllerTest.php
View file

@ -27,8 +27,25 @@ class UserRestControllerTest extends WallabagApiTestCase
$this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
}
public function testGetUserWithoutAuthentication()
{
$client = static::createClient();
$client->request('GET', '/api/user.json');
$this->assertEquals(401, $client->getResponse()->getStatusCode());
$content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('error', $content);
$this->assertArrayHasKey('error_description', $content);
$this->assertEquals('access_denied', $content['error']);
$this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
}
public function testCreateNewUser()
{
$this->client->getContainer()->get('craue_config')->set('api_user_registration', 1);
$this->client->request('PUT', '/api/user.json', [
'username' => 'google',
'password' => 'googlegoogle',
@ -50,30 +67,51 @@ class UserRestControllerTest extends WallabagApiTestCase
$this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
// remove the created user to avoid side effect on other tests
// @todo remove these lines when test will be isolated
$em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
$this->client->getContainer()->get('craue_config')->set('api_user_registration', 0);
}
$query = $em->createQuery('DELETE FROM Wallabag\CoreBundle\Entity\Config c WHERE c.user = :user_id');
$query->setParameter('user_id', $content['id']);
$query->execute();
public function testCreateNewUserWithoutAuthentication()
{
// create a new client instead of using $this->client to be sure client isn't authenticated
$client = static::createClient();
$client->getContainer()->get('craue_config')->set('api_user_registration', 1);
$client->request('PUT', '/api/user.json', [
'username' => 'google',
'password' => 'googlegoogle',
'email' => 'wallabag@google.com',
]);
$query = $em->createQuery('DELETE FROM Wallabag\UserBundle\Entity\User u WHERE u.id = :id');
$query->setParameter('id', $content['id']);
$query->execute();
$this->assertEquals(200, $client->getResponse()->getStatusCode());
$content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('id', $content);
$this->assertArrayHasKey('email', $content);
$this->assertArrayHasKey('username', $content);
$this->assertArrayHasKey('created_at', $content);
$this->assertArrayHasKey('updated_at', $content);
$this->assertEquals('wallabag@google.com', $content['email']);
$this->assertEquals('google', $content['username']);
$this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
$client->getContainer()->get('craue_config')->set('api_user_registration', 0);
}
public function testCreateNewUserWithExistingEmail()
{
$this->client->request('PUT', '/api/user.json', [
$client = static::createClient();
$client->getContainer()->get('craue_config')->set('api_user_registration', 1);
$client->request('PUT', '/api/user.json', [
'username' => 'admin',
'password' => 'googlegoogle',
'email' => 'bigboss@wallabag.org',
]);
$this->assertEquals(400, $this->client->getResponse()->getStatusCode());
$this->assertEquals(400, $client->getResponse()->getStatusCode());
$content = json_decode($this->client->getResponse()->getContent(), true);
$content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('error', $content);
$this->assertArrayHasKey('username', $content['error']);
@ -85,26 +123,50 @@ class UserRestControllerTest extends WallabagApiTestCase
$this->assertEquals('This value is already used.', $content['error']['username'][0]);
$this->assertEquals('This value is already used.', $content['error']['email'][0]);
$this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
$this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
$client->getContainer()->get('craue_config')->set('api_user_registration', 0);
}
public function testCreateNewUserWithTooShortPassword()
{
$this->client->request('PUT', '/api/user.json', [
$client = static::createClient();
$client->getContainer()->get('craue_config')->set('api_user_registration', 1);
$client->request('PUT', '/api/user.json', [
'username' => 'facebook',
'password' => 'face',
'email' => 'facebook@wallabag.org',
]);
$this->assertEquals(400, $this->client->getResponse()->getStatusCode());
$this->assertEquals(400, $client->getResponse()->getStatusCode());
$content = json_decode($this->client->getResponse()->getContent(), true);
$content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('error', $content);
$this->assertArrayHasKey('password', $content['error']);
$this->assertEquals('validator.password_too_short', $content['error']['password'][0]);
$this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
$this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
$client->getContainer()->get('craue_config')->set('api_user_registration', 0);
}
public function testCreateNewUserWhenRegistrationIsDisabled()
{
$client = static::createClient();
$client->request('PUT', '/api/user.json', [
'username' => 'facebook',
'password' => 'face',
'email' => 'facebook@wallabag.org',
]);
$this->assertEquals(403, $client->getResponse()->getStatusCode());
$content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('error', $content);
$this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
}
}

10
tests/Wallabag/ApiBundle/Controller/WallabagRestControllerTest.php
View file

@ -8,12 +8,14 @@ class WallabagRestControllerTest extends WallabagApiTestCase
{
public function testGetVersion()
{
$this->client->request('GET', '/api/version');
// create a new client instead of using $this->client to be sure client isn't authenticated
$client = static::createClient();
$client->request('GET', '/api/version');
$this->assertEquals(200, $this->client->getResponse()->getStatusCode());
$this->assertEquals(200, $client->getResponse()->getStatusCode());
$content = json_decode($this->client->getResponse()->getContent(), true);
$content = json_decode($client->getResponse()->getContent(), true);
$this->assertEquals($this->client->getContainer()->getParameter('wallabag_core.version'), $content);
$this->assertEquals($client->getContainer()->getParameter('wallabag_core.version'), $content);
}
}