-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11416 from snipe/features/personal_access_endpoint
Added personal access endpoint to API
- Loading branch information
Showing
3 changed files
with
232 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
<?php | ||
|
||
namespace App\Console\Commands; | ||
|
||
use App\Helpers\Helper; | ||
use Illuminate\Console\Command; | ||
use App\Models\User; | ||
use Laravel\Passport\TokenRepository; | ||
use Illuminate\Contracts\Validation\Factory as ValidationFactory; | ||
use DB; | ||
|
||
class GeneratePersonalAccessToken extends Command | ||
{ | ||
|
||
/** | ||
* The name and signature of the console command. | ||
* | ||
* @var string | ||
*/ | ||
protected $signature = 'snipeit:make-api-key | ||
{--user_id= : The ID of the user to create the token for.} | ||
{--name= : The name of the new API token} | ||
{--key-only : Only return the value of the API key}'; | ||
|
||
/** | ||
* The console command description. | ||
* | ||
* @var string | ||
*/ | ||
protected $description = 'This console command allows you to generate Personal API tokens to be used with the Snipe-IT JSON REST API on behalf of a user.'; | ||
|
||
|
||
/** | ||
* The token repository implementation. | ||
* | ||
* @var \Laravel\Passport\TokenRepository | ||
*/ | ||
protected $tokenRepository; | ||
|
||
|
||
/** | ||
* Create a new command instance. | ||
* | ||
* @return void | ||
*/ | ||
public function __construct(TokenRepository $tokenRepository, ValidationFactory $validation) | ||
{ | ||
$this->validation = $validation; | ||
$this->tokenRepository = $tokenRepository; | ||
parent::__construct(); | ||
} | ||
|
||
/** | ||
* Execute the console command. | ||
* | ||
* @return int | ||
*/ | ||
public function handle() | ||
{ | ||
|
||
$accessTokenName = $this->option('name'); | ||
if ($accessTokenName=='') { | ||
$accessTokenName = 'CLI Auth Token'; | ||
} | ||
|
||
if ($this->option('user_id')=='') { | ||
return $this->error('ERROR: user_id cannot be blank.'); | ||
} | ||
|
||
if ($user = User::find($this->option('user_id'))) { | ||
|
||
$createAccessToken = $user->createToken($accessTokenName)->accessToken; | ||
|
||
if ($this->option('key-only')) { | ||
$this->info($createAccessToken); | ||
|
||
} else { | ||
|
||
$this->warn('Your API Token has been created. Be sure to copy this token now, as it will not be accessible again.'); | ||
|
||
if ($token = DB::table('oauth_access_tokens')->where('user_id', '=', $user->id)->where('name','=',$accessTokenName)->orderBy('created_at', 'desc')->first()) { | ||
$this->info('API Token ID: '.$token->id); | ||
} | ||
|
||
$this->info('API Token User: '.$user->present()->fullName.' ('.$user->username.')'); | ||
$this->info('API Token Name: '.$accessTokenName); | ||
$this->info('API Token: '.$createAccessToken); | ||
} | ||
} else { | ||
return $this->error('ERROR: Invalid user. API key was not created.'); | ||
} | ||
|
||
|
||
|
||
|
||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,10 +5,37 @@ | |
use App\Helpers\Helper; | ||
use App\Http\Controllers\Controller; | ||
use App\Models\CheckoutRequest; | ||
use Auth; | ||
use Illuminate\Http\Response; | ||
use Illuminate\Support\Facades\Auth; | ||
use Illuminate\Http\Request; | ||
use Laravel\Passport\TokenRepository; | ||
use Illuminate\Contracts\Validation\Factory as ValidationFactory; | ||
use Gate; | ||
use DB; | ||
|
||
class ProfileController extends Controller | ||
{ | ||
|
||
/** | ||
* The token repository implementation. | ||
* | ||
* @var \Laravel\Passport\TokenRepository | ||
*/ | ||
protected $tokenRepository; | ||
|
||
/** | ||
* Create a controller instance. | ||
* | ||
* @param \Laravel\Passport\TokenRepository $tokenRepository | ||
* @param \Illuminate\Contracts\Validation\Factory $validation | ||
* @return void | ||
*/ | ||
public function __construct(TokenRepository $tokenRepository, ValidationFactory $validation) | ||
{ | ||
$this->validation = $validation; | ||
$this->tokenRepository = $tokenRepository; | ||
} | ||
|
||
/** | ||
* Display a listing of requested assets. | ||
* | ||
|
@@ -42,4 +69,90 @@ public function requestedAssets() | |
|
||
return $results; | ||
} | ||
|
||
|
||
/** | ||
* Delete an API token | ||
* | ||
* @author [A. Gianotto] [<[email protected]>] | ||
* @since [v6.0.5] | ||
* | ||
* @return \Illuminate\Http\Response | ||
*/ | ||
public function createApiToken(Request $request) { | ||
|
||
if (!Gate::allows('self.api')) { | ||
abort(403); | ||
} | ||
|
||
$accessTokenName = $request->input('name', 'Auth Token'); | ||
|
||
if ($accessToken = Auth::user()->createToken($accessTokenName)->accessToken) { | ||
|
||
// Get the ID so we can return that with the payload | ||
$token = DB::table('oauth_access_tokens')->where('user_id', '=', Auth::user()->id)->where('name','=',$accessTokenName)->orderBy('created_at', 'desc')->first(); | ||
$accessTokenData['id'] = $token->id; | ||
$accessTokenData['token'] = $accessToken; | ||
$accessTokenData['name'] = $accessTokenName; | ||
return response()->json(Helper::formatStandardApiResponse('success', $accessTokenData, 'Personal access token '.$accessTokenName.' created successfully')); | ||
} | ||
return response()->json(Helper::formatStandardApiResponse('error', null, 'Token could not be created.')); | ||
|
||
} | ||
|
||
|
||
/** | ||
* Delete an API token | ||
* | ||
* @author [A. Gianotto] [<[email protected]>] | ||
* @since [v6.0.5] | ||
* | ||
* @return \Illuminate\Http\Response | ||
*/ | ||
public function deleteApiToken($tokenId) { | ||
|
||
if (!Gate::allows('self.api')) { | ||
abort(403); | ||
} | ||
|
||
$token = $this->tokenRepository->findForUser( | ||
$tokenId, Auth::user()->getAuthIdentifier() | ||
); | ||
|
||
if (is_null($token)) { | ||
return new Response('', 404); | ||
} | ||
|
||
$token->revoke(); | ||
|
||
return new Response('', Response::HTTP_NO_CONTENT); | ||
|
||
} | ||
|
||
|
||
/** | ||
* Show user's API tokens | ||
* | ||
* @author [A. Gianotto] [<[email protected]>] | ||
* @since [v6.0.5] | ||
* | ||
* @return \Illuminate\Http\Response | ||
*/ | ||
public function showApiTokens(Request $request) { | ||
|
||
if (!Gate::allows('self.api')) { | ||
abort(403); | ||
} | ||
|
||
$tokens = $this->tokenRepository->forUser(Auth::user()->getAuthIdentifier()); | ||
$token_values = $tokens->load('client')->filter(function ($token) { | ||
return $token->client->personal_access_client && ! $token->revoked; | ||
})->values(); | ||
|
||
return response()->json(Helper::formatStandardApiResponse('success', $token_values, null)); | ||
|
||
} | ||
|
||
|
||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters