summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
Diffstat (limited to 'application')
-rw-r--r--application/controllers/api/v1/api_info.php2
-rw-r--r--application/controllers/api/v1/user.php27
-rw-r--r--application/tests/test_api_v1.php37
3 files changed, 61 insertions, 5 deletions
diff --git a/application/controllers/api/v1/api_info.php b/application/controllers/api/v1/api_info.php
index e5e99f771..e7738294e 100644
--- a/application/controllers/api/v1/api_info.php
+++ b/application/controllers/api/v1/api_info.php
@@ -11,6 +11,6 @@ namespace controllers\api\v1;
class api_info extends \controllers\api\api_controller {
static public function get_version()
{
- return "1.1.0";
+ return "1.2.0";
}
}
diff --git a/application/controllers/api/v1/user.php b/application/controllers/api/v1/user.php
index e49b7c657..e96a6c6fb 100644
--- a/application/controllers/api/v1/user.php
+++ b/application/controllers/api/v1/user.php
@@ -36,4 +36,31 @@ class user extends \controllers\api\api_controller {
"new_key" => $key,
);
}
+
+ public function delete_apikey()
+ {
+ $this->muser->require_access("full");
+
+ $userid = $this->muser->get_userid();
+ $key = $this->input->post("delete_key");
+
+ $this->db->where('user', $userid)
+ ->where('key', $key)
+ ->delete('apikeys');
+
+ $affected = $this->db->affected_rows();
+
+ assert($affected >= 0 && $affected <= 1);
+ if ($affected == 1) {
+ return array(
+ "deleted_keys" => array(
+ $key => array (
+ "key" => $key,
+ ),
+ ),
+ );
+ } else {
+ throw new \exceptions\PublicApiException('user/delete_apikey/failed', 'Apikey deletion failed. Possibly wrong owner.');
+ }
+ }
}
diff --git a/application/tests/test_api_v1.php b/application/tests/test_api_v1.php
index 3dcca0728..8277f14d5 100644
--- a/application/tests/test_api_v1.php
+++ b/application/tests/test_api_v1.php
@@ -44,17 +44,17 @@ class test_api_v1 extends Test {
return $CI->db->insert_id();
}
- private function createApikey($userid)
+ private function createApikey($userid, $access_level = "apikey")
{
- return \service\user::create_apikey($userid, "", "apikey");
+ return \service\user::create_apikey($userid, "", $access_level);
}
- private function createUserAndApikey()
+ private function createUserAndApikey($access_level = "apikey")
{
static $counter = 100;
$counter++;
$userid = $this->createUser($counter);
- return $this->createApikey($userid);
+ return $this->createApikey($userid, $access_level);
}
private function callEndpoint($verb, $endpoint, $data)
@@ -90,6 +90,7 @@ class test_api_v1 extends Test {
$endpoints = array(
"user/apikeys",
"user/create_apikey",
+ "user/delete_apikey",
);
foreach ($endpoints as $endpoint) {
$ret = $this->CallEndpoint("POST", $endpoint, array(
@@ -134,6 +135,34 @@ class test_api_v1 extends Test {
$this->t->ok(is_int($ret["data"]["apikeys"][$apikey]["created"]) , "expected key 1 creation time is int");
}
+ public function test_delete_apikey_deleteOwnKey()
+ {
+ $apikey = $this->createUserAndApikey("full");
+ $ret = $this->CallEndpoint("POST", "user/delete_apikey", array(
+ "apikey" => $apikey,
+ "delete_key" => $apikey,
+ ));
+ $this->expectSuccess("delete apikey", $ret);
+
+ $this->t->is($ret["data"]["deleted_keys"][$apikey]["key"], $apikey, "expected key");
+ }
+
+ public function test_delete_apikey_errorDeleteOtherUserKey()
+ {
+ $apikey = $this->createUserAndApikey("full");
+ $apikey2 = $this->createUserAndApikey("full");
+ $ret = $this->CallEndpoint("POST", "user/delete_apikey", array(
+ "apikey" => $apikey,
+ "delete_key" => $apikey2,
+ ));
+ $this->expectError("delete apikey of other user", $ret);
+ $this->t->is_deeply(array(
+ 'status' => 'error',
+ 'error_id' => 'user/delete_apikey/failed',
+ 'message' => 'Apikey deletion failed. Possibly wrong owner.',
+ ), $ret, "expected error");
+ }
+
public function test_authentication_invalidPassword()
{
$userid = $this->createUser(3);