From 8dd9fbe3912d74ab37d6654e83af8dd8fdf9d320 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Wed, 25 Mar 2015 11:38:33 +0100 Subject: API 1.2.0: Add user/delete_apikeys endpoint Signed-off-by: Florian Pritz --- NEWS | 1 + application/controllers/api/v1/api_info.php | 2 +- application/controllers/api/v1/user.php | 27 +++++++++++++++++++++ application/tests/test_api_v1.php | 37 +++++++++++++++++++++++++---- 4 files changed, 62 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index f8ee4af0c..47419238e 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ This file lists major, incompatible or otherwise important changes, you should look at it after every update. +2015-03-25 API v1.2: add user/delete_apikey endpoint 2015-03-08 API v1.1: return full URL in api/file/create_multipaste 2015-03-08 Rework file/cron and mfile->valid_id This pulls in mockery for testing, make sure you clone submodules. diff --git a/application/controllers/api/v1/api_info.php b/application/controllers/api/v1/api_info.php index e5e99f771..e7738294e 100644 --- a/application/controllers/api/v1/api_info.php +++ b/application/controllers/api/v1/api_info.php @@ -11,6 +11,6 @@ namespace controllers\api\v1; class api_info extends \controllers\api\api_controller { static public function get_version() { - return "1.1.0"; + return "1.2.0"; } } diff --git a/application/controllers/api/v1/user.php b/application/controllers/api/v1/user.php index e49b7c657..e96a6c6fb 100644 --- a/application/controllers/api/v1/user.php +++ b/application/controllers/api/v1/user.php @@ -36,4 +36,31 @@ class user extends \controllers\api\api_controller { "new_key" => $key, ); } + + public function delete_apikey() + { + $this->muser->require_access("full"); + + $userid = $this->muser->get_userid(); + $key = $this->input->post("delete_key"); + + $this->db->where('user', $userid) + ->where('key', $key) + ->delete('apikeys'); + + $affected = $this->db->affected_rows(); + + assert($affected >= 0 && $affected <= 1); + if ($affected == 1) { + return array( + "deleted_keys" => array( + $key => array ( + "key" => $key, + ), + ), + ); + } else { + throw new \exceptions\PublicApiException('user/delete_apikey/failed', 'Apikey deletion failed. Possibly wrong owner.'); + } + } } diff --git a/application/tests/test_api_v1.php b/application/tests/test_api_v1.php index 3dcca0728..8277f14d5 100644 --- a/application/tests/test_api_v1.php +++ b/application/tests/test_api_v1.php @@ -44,17 +44,17 @@ class test_api_v1 extends Test { return $CI->db->insert_id(); } - private function createApikey($userid) + private function createApikey($userid, $access_level = "apikey") { - return \service\user::create_apikey($userid, "", "apikey"); + return \service\user::create_apikey($userid, "", $access_level); } - private function createUserAndApikey() + private function createUserAndApikey($access_level = "apikey") { static $counter = 100; $counter++; $userid = $this->createUser($counter); - return $this->createApikey($userid); + return $this->createApikey($userid, $access_level); } private function callEndpoint($verb, $endpoint, $data) @@ -90,6 +90,7 @@ class test_api_v1 extends Test { $endpoints = array( "user/apikeys", "user/create_apikey", + "user/delete_apikey", ); foreach ($endpoints as $endpoint) { $ret = $this->CallEndpoint("POST", $endpoint, array( @@ -134,6 +135,34 @@ class test_api_v1 extends Test { $this->t->ok(is_int($ret["data"]["apikeys"][$apikey]["created"]) , "expected key 1 creation time is int"); } + public function test_delete_apikey_deleteOwnKey() + { + $apikey = $this->createUserAndApikey("full"); + $ret = $this->CallEndpoint("POST", "user/delete_apikey", array( + "apikey" => $apikey, + "delete_key" => $apikey, + )); + $this->expectSuccess("delete apikey", $ret); + + $this->t->is($ret["data"]["deleted_keys"][$apikey]["key"], $apikey, "expected key"); + } + + public function test_delete_apikey_errorDeleteOtherUserKey() + { + $apikey = $this->createUserAndApikey("full"); + $apikey2 = $this->createUserAndApikey("full"); + $ret = $this->CallEndpoint("POST", "user/delete_apikey", array( + "apikey" => $apikey, + "delete_key" => $apikey2, + )); + $this->expectError("delete apikey of other user", $ret); + $this->t->is_deeply(array( + 'status' => 'error', + 'error_id' => 'user/delete_apikey/failed', + 'message' => 'Apikey deletion failed. Possibly wrong owner.', + ), $ret, "expected error"); + } + public function test_authentication_invalidPassword() { $userid = $this->createUser(3); -- cgit v1.2.3-24-g4f1b