fix error
This commit is contained in:
parent
3c20404e71
commit
2030efee08
|
@ -3,31 +3,31 @@
|
|||
use Ahc\Jwt\JWT;
|
||||
use Appwrite\Auth\Auth;
|
||||
use Appwrite\Auth\Validator\Password;
|
||||
use Appwrite\Database\Validator\CustomId;
|
||||
use Appwrite\Detector\Detector;
|
||||
use Appwrite\Template\Template;
|
||||
use Appwrite\OpenSSL\OpenSSL;
|
||||
use Appwrite\URL\URL as URLParser;
|
||||
use Appwrite\Utopia\Response;
|
||||
use Appwrite\Network\Validator\Email;
|
||||
use Appwrite\Network\Validator\Host;
|
||||
use Appwrite\Network\Validator\URL;
|
||||
use Appwrite\OpenSSL\OpenSSL;
|
||||
use Appwrite\Template\Template;
|
||||
use Appwrite\URL\URL as URLParser;
|
||||
use Appwrite\Utopia\Response;
|
||||
use Utopia\App;
|
||||
use Utopia\Exception;
|
||||
use Utopia\Config\Config;
|
||||
use Utopia\Validator\Assoc;
|
||||
use Utopia\Validator\Text;
|
||||
use Utopia\Validator\WhiteList;
|
||||
use Utopia\Validator\ArrayList;
|
||||
use Utopia\Audit\Audit;
|
||||
use Utopia\Config\Config;
|
||||
use Utopia\Database\Document;
|
||||
use Utopia\Database\Exception\Duplicate;
|
||||
use Utopia\Database\Query;
|
||||
use Utopia\Database\Validator\Authorization;
|
||||
use Utopia\Database\Validator\UID;
|
||||
use Appwrite\Database\Validator\CustomId;
|
||||
use Utopia\Exception;
|
||||
use Utopia\Validator\ArrayList;
|
||||
use Utopia\Validator\Assoc;
|
||||
use Utopia\Validator\Text;
|
||||
use Utopia\Validator\WhiteList;
|
||||
|
||||
$oauthDefaultSuccess = App::getEnv('_APP_HOME').'/auth/oauth2/success';
|
||||
$oauthDefaultFailure = App::getEnv('_APP_HOME').'/auth/oauth2/failure';
|
||||
$oauthDefaultSuccess = App::getEnv('_APP_HOME') . '/auth/oauth2/success';
|
||||
$oauthDefaultFailure = App::getEnv('_APP_HOME') . '/auth/oauth2/failure';
|
||||
|
||||
App::post('/v1/account')
|
||||
->desc('Create Account')
|
||||
|
@ -78,7 +78,7 @@ App::post('/v1/account')
|
|||
if ($limit !== 0) {
|
||||
$sum = $dbForInternal->count('users', [], APP_LIMIT_USERS);
|
||||
|
||||
if($sum >= $limit) {
|
||||
if ($sum >= $limit) {
|
||||
throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
|
||||
}
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ App::post('/v1/account')
|
|||
$user = $dbForInternal->createDocument('users', new Document([
|
||||
'$id' => $userId,
|
||||
'$read' => ['role:all'],
|
||||
'$write' => ['user:'.$userId],
|
||||
'$write' => ['user:' . $userId],
|
||||
'email' => $email,
|
||||
'emailVerification' => false,
|
||||
'status' => true,
|
||||
|
@ -110,14 +110,14 @@ App::post('/v1/account')
|
|||
|
||||
Authorization::reset();
|
||||
|
||||
Authorization::unsetRole('role:'.Auth::USER_ROLE_GUEST);
|
||||
Authorization::setRole('user:'.$user->getId());
|
||||
Authorization::setRole('role:'.Auth::USER_ROLE_MEMBER);
|
||||
Authorization::unsetRole('role:' . Auth::USER_ROLE_GUEST);
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole('role:' . Auth::USER_ROLE_MEMBER);
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.create')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
$response->setStatusCode(Response::STATUS_CODE_CREATED);
|
||||
|
@ -158,14 +158,14 @@ App::post('/v1/account/sessions')
|
|||
|
||||
$email = \strtolower($email);
|
||||
$protocol = $request->getProtocol();
|
||||
|
||||
|
||||
$profile = $dbForInternal->findOne('users', [new Query('email', Query::TYPE_EQUAL, [$email])]); // Get user by email address
|
||||
|
||||
if (!$profile || !Auth::passwordVerify($password, $profile->getAttribute('password'))) {
|
||||
$audits
|
||||
//->setParam('userId', $profile->getId())
|
||||
//->setParam('userId', $profile->getId())
|
||||
->setParam('event', 'account.sesssions.failed')
|
||||
->setParam('resource', 'users/'.($profile ? $profile->getId() : ''))
|
||||
->setParam('resource', 'users/' . ($profile ? $profile->getId() : ''))
|
||||
;
|
||||
|
||||
throw new Exception('Invalid credentials', 401); // Wrong password or username
|
||||
|
@ -193,11 +193,11 @@ App::post('/v1/account/sessions')
|
|||
], $detector->getOS(), $detector->getClient(), $detector->getDevice()
|
||||
));
|
||||
|
||||
Authorization::setRole('user:'.$profile->getId());
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
|
||||
$session = $dbForInternal->createDocument('sessions', $session
|
||||
->setAttribute('$read', ['user:'.$profile->getId()])
|
||||
->setAttribute('$write', ['user:'.$profile->getId()])
|
||||
->setAttribute('$read', ['user:' . $profile->getId()])
|
||||
->setAttribute('$write', ['user:' . $profile->getId()])
|
||||
);
|
||||
|
||||
$profile->setAttribute('sessions', $session, Document::SET_TYPE_APPEND);
|
||||
|
@ -206,7 +206,7 @@ App::post('/v1/account/sessions')
|
|||
$audits
|
||||
->setParam('userId', $profile->getId())
|
||||
->setParam('event', 'account.sessions.create')
|
||||
->setParam('resource', 'users/'.$profile->getId())
|
||||
->setParam('resource', 'users/' . $profile->getId())
|
||||
;
|
||||
|
||||
if (!Config::getParam('domainVerification')) {
|
||||
|
@ -214,9 +214,9 @@ App::post('/v1/account/sessions')
|
|||
->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($profile->getId(), $secret)]))
|
||||
;
|
||||
}
|
||||
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||
;
|
||||
|
@ -231,14 +231,14 @@ App::post('/v1/account/sessions')
|
|||
->setAttribute('current', true)
|
||||
->setAttribute('countryName', $countryName)
|
||||
;
|
||||
|
||||
|
||||
$response->dynamic($session, Response::MODEL_SESSION);
|
||||
});
|
||||
|
||||
App::get('/v1/account/sessions/oauth2/:provider')
|
||||
->desc('Create Account Session with OAuth2')
|
||||
->groups(['api', 'account'])
|
||||
->label('error', __DIR__.'/../../views/general/error.phtml')
|
||||
->label('error', __DIR__ . '/../../views/general/error.phtml')
|
||||
->label('scope', 'public')
|
||||
->label('sdk.auth', [])
|
||||
->label('sdk.namespace', 'account')
|
||||
|
@ -249,9 +249,9 @@ App::get('/v1/account/sessions/oauth2/:provider')
|
|||
->label('sdk.methodType', 'webAuth')
|
||||
->label('abuse-limit', 50)
|
||||
->label('abuse-key', 'ip:{ip}')
|
||||
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 Provider. Currently, supported providers are: ' . \implode(', ', \array_keys(\array_filter(Config::getParam('providers'), function($node) {return (!$node['mock']);}))).'.')
|
||||
->param('success', $oauthDefaultSuccess, function ($clients) { return new Host($clients); }, 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
|
||||
->param('failure', $oauthDefaultFailure, function ($clients) { return new Host($clients); }, 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
|
||||
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 Provider. Currently, supported providers are: ' . \implode(', ', \array_keys(\array_filter(Config::getParam('providers'), function ($node) {return (!$node['mock']);}))) . '.')
|
||||
->param('success', $oauthDefaultSuccess, function ($clients) {return new Host($clients);}, 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
|
||||
->param('failure', $oauthDefaultFailure, function ($clients) {return new Host($clients);}, 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
|
||||
->param('scopes', [], new ArrayList(new Text(128)), 'A list of custom OAuth2 scopes. Check each provider internal docs for a list of supported scopes.', true)
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
|
@ -262,20 +262,20 @@ App::get('/v1/account/sessions/oauth2/:provider')
|
|||
/** @var Utopia\Database\Document $project */
|
||||
|
||||
$protocol = $request->getProtocol();
|
||||
$callback = $protocol.'://'.$request->getHostname().'/v1/account/sessions/oauth2/callback/'.$provider.'/'.$project->getId();
|
||||
$appId = $project->getAttribute('usersOauth2'.\ucfirst($provider).'Appid', '');
|
||||
$appSecret = $project->getAttribute('usersOauth2'.\ucfirst($provider).'Secret', '{}');
|
||||
$callback = $protocol . '://' . $request->getHostname() . '/v1/account/sessions/oauth2/callback/' . $provider . '/' . $project->getId();
|
||||
$appId = $project->getAttribute('usersOauth2' . \ucfirst($provider) . 'Appid', '');
|
||||
$appSecret = $project->getAttribute('usersOauth2' . \ucfirst($provider) . 'Secret', '{}');
|
||||
|
||||
if (!empty($appSecret) && isset($appSecret['version'])) {
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$appSecret['version']);
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V' . $appSecret['version']);
|
||||
$appSecret = OpenSSL::decrypt($appSecret['data'], $appSecret['method'], $key, 0, \hex2bin($appSecret['iv']), \hex2bin($appSecret['tag']));
|
||||
}
|
||||
|
||||
if (empty($appId) || empty($appSecret)) {
|
||||
throw new Exception('This provider is disabled. Please configure the provider app ID and app secret key from your '.APP_NAME.' console to continue.', 412);
|
||||
throw new Exception('This provider is disabled. Please configure the provider app ID and app secret key from your ' . APP_NAME . ' console to continue.', 412);
|
||||
}
|
||||
|
||||
$classname = 'Appwrite\\Auth\\OAuth2\\'.\ucfirst($provider);
|
||||
$classname = 'Appwrite\\Auth\\OAuth2\\' . \ucfirst($provider);
|
||||
|
||||
if (!\class_exists($classname)) {
|
||||
throw new Exception('Provider is not supported', 501);
|
||||
|
@ -292,7 +292,7 @@ App::get('/v1/account/sessions/oauth2/:provider')
|
|||
App::get('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
||||
->desc('OAuth2 Callback')
|
||||
->groups(['api', 'account'])
|
||||
->label('error', __DIR__.'/../../views/general/error.phtml')
|
||||
->label('error', __DIR__ . '/../../views/general/error.phtml')
|
||||
->label('scope', 'public')
|
||||
->label('docs', false)
|
||||
->param('projectId', '', new Text(1024), 'Project unique ID.')
|
||||
|
@ -307,18 +307,18 @@ App::get('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
|||
|
||||
$domain = $request->getHostname();
|
||||
$protocol = $request->getProtocol();
|
||||
|
||||
|
||||
$response
|
||||
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
||||
->addHeader('Pragma', 'no-cache')
|
||||
->redirect($protocol.'://'.$domain.'/v1/account/sessions/oauth2/'.$provider.'/redirect?'
|
||||
.\http_build_query(['project' => $projectId, 'code' => $code, 'state' => $state]));
|
||||
->redirect($protocol . '://' . $domain . '/v1/account/sessions/oauth2/' . $provider . '/redirect?'
|
||||
. \http_build_query(['project' => $projectId, 'code' => $code, 'state' => $state]));
|
||||
});
|
||||
|
||||
App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
||||
->desc('OAuth2 Callback')
|
||||
->groups(['api', 'account'])
|
||||
->label('error', __DIR__.'/../../views/general/error.phtml')
|
||||
->label('error', __DIR__ . '/../../views/general/error.phtml')
|
||||
->label('scope', 'public')
|
||||
->label('origin', '*')
|
||||
->label('docs', false)
|
||||
|
@ -334,18 +334,18 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
|||
|
||||
$domain = $request->getHostname();
|
||||
$protocol = $request->getProtocol();
|
||||
|
||||
|
||||
$response
|
||||
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
||||
->addHeader('Pragma', 'no-cache')
|
||||
->redirect($protocol.'://'.$domain.'/v1/account/sessions/oauth2/'.$provider.'/redirect?'
|
||||
.\http_build_query(['project' => $projectId, 'code' => $code, 'state' => $state]));
|
||||
->redirect($protocol . '://' . $domain . '/v1/account/sessions/oauth2/' . $provider . '/redirect?'
|
||||
. \http_build_query(['project' => $projectId, 'code' => $code, 'state' => $state]));
|
||||
});
|
||||
|
||||
App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||
->desc('OAuth2 Redirect')
|
||||
->groups(['api', 'account'])
|
||||
->label('error', __DIR__.'/../../views/general/error.phtml')
|
||||
->label('error', __DIR__ . '/../../views/general/error.phtml')
|
||||
->label('event', 'account.sessions.create')
|
||||
->label('scope', 'public')
|
||||
->label('abuse-limit', 50)
|
||||
|
@ -370,21 +370,21 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
/** @var Utopia\Database\Database $dbForInternal */
|
||||
/** @var MaxMind\Db\Reader $geodb */
|
||||
/** @var Appwrite\Event\Event $audits */
|
||||
|
||||
|
||||
$protocol = $request->getProtocol();
|
||||
$callback = $protocol.'://'.$request->getHostname().'/v1/account/sessions/oauth2/callback/'.$provider.'/'.$project->getId();
|
||||
$callback = $protocol . '://' . $request->getHostname() . '/v1/account/sessions/oauth2/callback/' . $provider . '/' . $project->getId();
|
||||
$defaultState = ['success' => $project->getAttribute('url', ''), 'failure' => ''];
|
||||
$validateURL = new URL();
|
||||
|
||||
$appId = $project->getAttribute('usersOauth2'.\ucfirst($provider).'Appid', '');
|
||||
$appSecret = $project->getAttribute('usersOauth2'.\ucfirst($provider).'Secret', '{}');
|
||||
$appId = $project->getAttribute('usersOauth2' . \ucfirst($provider) . 'Appid', '');
|
||||
$appSecret = $project->getAttribute('usersOauth2' . \ucfirst($provider) . 'Secret', '{}');
|
||||
|
||||
if (!empty($appSecret) && isset($appSecret['version'])) {
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$appSecret['version']);
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V' . $appSecret['version']);
|
||||
$appSecret = OpenSSL::decrypt($appSecret['data'], $appSecret['method'], $key, 0, \hex2bin($appSecret['iv']), \hex2bin($appSecret['tag']));
|
||||
}
|
||||
|
||||
$classname = 'Appwrite\\Auth\\OAuth2\\'.\ucfirst($provider);
|
||||
$classname = 'Appwrite\\Auth\\OAuth2\\' . \ucfirst($provider);
|
||||
|
||||
if (!\class_exists($classname)) {
|
||||
throw new Exception('Provider is not supported', 501);
|
||||
|
@ -395,7 +395,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
if (!empty($state)) {
|
||||
try {
|
||||
$state = \array_merge($defaultState, $oauth2->parseState($state));
|
||||
} catch (\Exception $exception) {
|
||||
} catch (\Exception$exception) {
|
||||
throw new Exception('Failed to parse login state params as passed from OAuth2 provider');
|
||||
}
|
||||
} else {
|
||||
|
@ -409,7 +409,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
if (!empty($state['failure']) && !$validateURL->isValid($state['failure'])) {
|
||||
throw new Exception('Invalid redirect URL for failure login', 400);
|
||||
}
|
||||
|
||||
|
||||
$state['failure'] = null;
|
||||
$accessToken = $oauth2->getAccessToken($code);
|
||||
|
||||
|
@ -422,7 +422,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
}
|
||||
|
||||
$oauth2ID = $oauth2->getUserID($accessToken);
|
||||
|
||||
|
||||
if (empty($oauth2ID)) {
|
||||
if (!empty($state['failure'])) {
|
||||
$response->redirect($state['failure'], 301, 0);
|
||||
|
@ -434,11 +434,11 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
$sessions = $user->getAttribute('sessions', []);
|
||||
$current = Auth::sessionVerify($sessions, Auth::$secret);
|
||||
|
||||
if($current) { // Delete current session of new one.
|
||||
foreach ($sessions as $key => $session) { /** @var Document $session */
|
||||
if ($current) { // Delete current session of new one.
|
||||
foreach ($sessions as $key => $session) {/** @var Document $session */
|
||||
if ($current === $session['$id']) {
|
||||
unset($sessions[$key]);
|
||||
|
||||
|
||||
$dbForInternal->deleteDocument('sessions', $session->getId());
|
||||
$dbForInternal->updateDocument('users', $user->getId(), $user->setAttribute('sessions', $sessions));
|
||||
}
|
||||
|
@ -458,15 +458,15 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
|
||||
if ($user === false || $user->isEmpty()) { // Last option -> create the user, generate random password
|
||||
$limit = $project->getAttribute('usersAuthLimit', 0);
|
||||
|
||||
|
||||
if ($limit !== 0) {
|
||||
$sum = $dbForInternal->count('users', [], APP_LIMIT_COUNT);
|
||||
|
||||
if($sum >= $limit) {
|
||||
if ($sum >= $limit) {
|
||||
throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Authorization::disable();
|
||||
|
||||
try {
|
||||
|
@ -474,7 +474,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
$user = $dbForInternal->createDocument('users', new Document([
|
||||
'$id' => $userId,
|
||||
'$read' => ['role:all'],
|
||||
'$write' => ['user:'.$userId],
|
||||
'$write' => ['user:' . $userId],
|
||||
'email' => $email,
|
||||
'emailVerification' => true,
|
||||
'status' => true, // Email should already be authenticated by OAuth2 provider
|
||||
|
@ -533,11 +533,11 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
->setAttribute('sessions', $session, Document::SET_TYPE_APPEND)
|
||||
;
|
||||
|
||||
Authorization::setRole('user:'.$user->getId());
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
|
||||
$session = $dbForInternal->createDocument('sessions', $session
|
||||
->setAttribute('$read', ['user:'.$user->getId()])
|
||||
->setAttribute('$write', ['user:'.$user->getId()])
|
||||
->setAttribute('$read', ['user:' . $user->getId()])
|
||||
->setAttribute('$write', ['user:' . $user->getId()])
|
||||
);
|
||||
|
||||
$user = $dbForInternal->updateDocument('users', $user->getId(), $user);
|
||||
|
@ -545,7 +545,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.sessions.create')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
->setParam('data', ['provider' => $provider])
|
||||
;
|
||||
|
||||
|
@ -556,7 +556,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($user->getId(), $secret)]))
|
||||
;
|
||||
}
|
||||
|
||||
|
||||
// Add keys for non-web platforms - TODO - add verification phase to aviod session sniffing
|
||||
if (parse_url($state['success'], PHP_URL_PATH) === parse_url($oauthDefaultSuccess, PHP_URL_PATH)) {
|
||||
$state['success'] = URLParser::parse($state['success']);
|
||||
|
@ -572,7 +572,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
$response
|
||||
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
||||
->addHeader('Pragma', 'no-cache')
|
||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||
->redirect($state['success'])
|
||||
;
|
||||
|
@ -626,7 +626,7 @@ App::post('/v1/account/sessions/anonymous')
|
|||
if ($limit !== 0) {
|
||||
$sum = $dbForInternal->count('users', [], APP_LIMIT_COUNT);
|
||||
|
||||
if($sum >= $limit) {
|
||||
if ($sum >= $limit) {
|
||||
throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
|
||||
}
|
||||
}
|
||||
|
@ -636,8 +636,8 @@ App::post('/v1/account/sessions/anonymous')
|
|||
$userId = $dbForInternal->getId();
|
||||
$user = $dbForInternal->createDocument('users', new Document([
|
||||
'$id' => $userId,
|
||||
'$read' => ['role:all'],
|
||||
'$write' => ['user:'.$userId],
|
||||
'$read' => ['role:all'],
|
||||
'$write' => ['user:' . $userId],
|
||||
'email' => null,
|
||||
'emailVerification' => false,
|
||||
'status' => true,
|
||||
|
@ -676,32 +676,20 @@ App::post('/v1/account/sessions/anonymous')
|
|||
$detector->getDevice()
|
||||
));
|
||||
|
||||
Authorization::setRole('user:'.$user->getId());
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
|
||||
$session = $dbForInternal->createDocument('sessions', $session
|
||||
->setAttribute('$read', ['user:'.$user->getId()])
|
||||
->setAttribute('$write', ['user:'.$user->getId()])
|
||||
->setAttribute('$read', ['user:' . $user->getId()])
|
||||
->setAttribute('$write', ['user:' . $user->getId()])
|
||||
);
|
||||
it', 50)
|
||||
->label('abuse-key', 'ip:{ip}')
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
->inject('locale')
|
||||
->inject('user')
|
||||
->inject('project')
|
||||
->inject('dbForInternal')
|
||||
->inject('geodb')
|
||||
->inject('audits')
|
||||
->action(function ($request, $response, $locale, $user, $project, $dbForInternal, $geodb, $audits) {
|
||||
/** @var Utopia\Swoole\Request $request */
|
||||
/** @var Appwrite\Utopia\Response $respons
|
||||
|
||||
$user = $dbForInternal->updateDocument('users', $user->getId(),
|
||||
$user->setAttribute('sessions', $session, Document::SET_TYPE_APPEND));
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.sessions.create')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
if (!Config::getParam('domainVerification')) {
|
||||
|
@ -711,7 +699,7 @@ App::post('/v1/account/sessions/anonymous')
|
|||
}
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||
;
|
||||
|
@ -747,11 +735,11 @@ App::post('/v1/account/jwt')
|
|||
->action(function ($response, $user) {
|
||||
/** @var Appwrite\Utopia\Response $response */
|
||||
/** @var Utopia\Database\Document $user */
|
||||
|
||||
|
||||
$sessions = $user->getAttribute('sessions', []);
|
||||
$current = new Document();
|
||||
|
||||
foreach ($sessions as $session) {
|
||||
foreach ($sessions as $session) {
|
||||
/** @var Utopia\Database\Document $session */
|
||||
|
||||
if ($session->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||
|
@ -759,10 +747,10 @@ App::post('/v1/account/jwt')
|
|||
}
|
||||
}
|
||||
|
||||
if($current->isEmpty()) {
|
||||
if ($current->isEmpty()) {
|
||||
throw new Exception('No valid session found', 401);
|
||||
}
|
||||
|
||||
|
||||
$jwt = new JWT(App::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 900, 10); // Instantiate with key, algo, maxAge and leeway.
|
||||
|
||||
$response->setStatusCode(Response::STATUS_CODE_CREATED);
|
||||
|
@ -841,7 +829,7 @@ App::get('/v1/account/sessions')
|
|||
$countries = $locale->getText('countries');
|
||||
$current = Auth::sessionVerify($sessions, Auth::$secret);
|
||||
|
||||
foreach ($sessions as $key => $session) { /** @var Document $session */
|
||||
foreach ($sessions as $key => $session) {/** @var Document $session */
|
||||
$countryName = (isset($countries[strtoupper($session->getAttribute('countryCode'))]))
|
||||
? $countries[strtoupper($session->getAttribute('countryCode'))]
|
||||
: $locale->getText('locale.country.unknown');
|
||||
|
@ -954,23 +942,23 @@ App::get('/v1/account/sessions/:sessionId')
|
|||
/** @var Utopia\Locale\Locale $locale */
|
||||
/** @var Utopia\Database\Database $dbForInternal */
|
||||
|
||||
$sessions = $user->getAttribute('sessions', []);
|
||||
$sessionId = ($sessionId === 'current')
|
||||
? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret)
|
||||
: $sessionId;
|
||||
$sessions = $user->getAttribute('sessions', []);
|
||||
$sessionId = ($sessionId === 'current')
|
||||
? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret)
|
||||
: $sessionId;
|
||||
|
||||
foreach ($sessions as $session) { /** @var Document $session */
|
||||
foreach ($sessions as $session) {/** @var Document $session */
|
||||
if ($sessionId == $session->getId()) {
|
||||
|
||||
$countryName = (isset($countries[strtoupper($session->getAttribute('countryCode'))]))
|
||||
? $countries[strtoupper($session->getAttribute('countryCode'))]
|
||||
: $locale->getText('locale.country.unknown');
|
||||
? $countries[strtoupper($session->getAttribute('countryCode'))]
|
||||
: $locale->getText('locale.country.unknown');
|
||||
|
||||
$session
|
||||
->setAttribute('current', ($session->getAttribute('secret') == Auth::hash(Auth::$secret)))
|
||||
->setAttribute('countryName', $countryName)
|
||||
;
|
||||
|
||||
|
||||
return $response->dynamic($session, Response::MODEL_SESSION);
|
||||
}
|
||||
}
|
||||
|
@ -1006,7 +994,7 @@ App::patch('/v1/account/name')
|
|||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.update.name')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
$response->dynamic($user, Response::MODEL_USER);
|
||||
|
@ -1042,14 +1030,14 @@ App::patch('/v1/account/password')
|
|||
}
|
||||
|
||||
$user = $dbForInternal->updateDocument('users', $user->getId(), $user
|
||||
->setAttribute('password', Auth::passwordHash($password))
|
||||
->setAttribute('passwordUpdate', \time())
|
||||
->setAttribute('password', Auth::passwordHash($password))
|
||||
->setAttribute('passwordUpdate', \time())
|
||||
);
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.update.password')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
$response->dynamic($user, Response::MODEL_USER);
|
||||
|
@ -1096,15 +1084,15 @@ App::patch('/v1/account/email')
|
|||
}
|
||||
|
||||
$user = $dbForInternal->updateDocument('users', $user->getId(), $user
|
||||
->setAttribute('password', $isAnonymousUser ? Auth::passwordHash($password) : $user->getAttribute('password', ''))
|
||||
->setAttribute('email', $email)
|
||||
->setAttribute('emailVerification', false) // After this user needs to confirm mail again
|
||||
->setAttribute('password', $isAnonymousUser ? Auth::passwordHash($password) : $user->getAttribute('password', ''))
|
||||
->setAttribute('email', $email)
|
||||
->setAttribute('emailVerification', false) // After this user needs to confirm mail again
|
||||
);
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.update.email')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
$response->dynamic($user, Response::MODEL_USER);
|
||||
|
@ -1137,7 +1125,7 @@ App::patch('/v1/account/prefs')
|
|||
|
||||
$audits
|
||||
->setParam('event', 'account.update.prefs')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
$response->dynamic($user, Response::MODEL_USER);
|
||||
|
@ -1174,15 +1162,15 @@ App::delete('/v1/account')
|
|||
// TODO delete all tokens or only current session?
|
||||
// TODO delete all user data according to GDPR. Make sure everything is backed up and backups are deleted later
|
||||
/*
|
||||
* Data to delete
|
||||
* * Tokens
|
||||
* * Memberships
|
||||
*/
|
||||
* Data to delete
|
||||
* * Tokens
|
||||
* * Memberships
|
||||
*/
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.delete')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
->setParam('data', $user->getArrayCopy())
|
||||
;
|
||||
|
||||
|
@ -1197,7 +1185,7 @@ App::delete('/v1/account')
|
|||
}
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName . '_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||
->noContent()
|
||||
;
|
||||
|
@ -1234,12 +1222,12 @@ App::delete('/v1/account/sessions/:sessionId')
|
|||
|
||||
$protocol = $request->getProtocol();
|
||||
$sessionId = ($sessionId === 'current')
|
||||
? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret)
|
||||
: $sessionId;
|
||||
|
||||
? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret)
|
||||
: $sessionId;
|
||||
|
||||
$sessions = $user->getAttribute('sessions', []);
|
||||
|
||||
foreach ($sessions as $key => $session) { /** @var Document $session */
|
||||
foreach ($sessions as $key => $session) {/** @var Document $session */
|
||||
if ($sessionId == $session->getId()) {
|
||||
unset($sessions[$key]);
|
||||
|
||||
|
@ -1248,17 +1236,17 @@ App::delete('/v1/account/sessions/:sessionId')
|
|||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.sessions.delete')
|
||||
->setParam('resource', '/user/'.$user->getId())
|
||||
->setParam('resource', '/user/' . $user->getId())
|
||||
;
|
||||
|
||||
$session->setAttribute('current', false);
|
||||
|
||||
|
||||
if ($session->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||
$session
|
||||
->setAttribute('current', true)
|
||||
->setAttribute('countryName', (isset($countries[strtoupper($session->getAttribute('countryCode'))])) ? $countries[strtoupper($session->getAttribute('countryCode'))] : $locale->getText('locale.country.unknown'))
|
||||
;
|
||||
|
||||
|
||||
if (!Config::getParam('domainVerification')) {
|
||||
$response
|
||||
->addHeader('X-Fallback-Cookies', \json_encode([]))
|
||||
|
@ -1266,7 +1254,7 @@ App::delete('/v1/account/sessions/:sessionId')
|
|||
}
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName . '_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||
;
|
||||
}
|
||||
|
@ -1315,13 +1303,13 @@ App::delete('/v1/account/sessions')
|
|||
$protocol = $request->getProtocol();
|
||||
$sessions = $user->getAttribute('sessions', []);
|
||||
|
||||
foreach ($sessions as $session) { /** @var Document $session */
|
||||
foreach ($sessions as $session) {/** @var Document $session */
|
||||
$dbForInternal->deleteDocument('sessions', $session->getId());
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.sessions.delete')
|
||||
->setParam('resource', '/user/'.$user->getId())
|
||||
->setParam('resource', '/user/' . $user->getId())
|
||||
;
|
||||
|
||||
if (!Config::getParam('domainVerification')) {
|
||||
|
@ -1338,14 +1326,14 @@ App::delete('/v1/account/sessions')
|
|||
if ($session->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||
$session->setAttribute('current', true);
|
||||
$response
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName . '_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||
;
|
||||
}
|
||||
}
|
||||
|
||||
$dbForInternal->updateDocument('users', $user->getId(), $user->setAttribute('sessions', []));
|
||||
|
||||
|
||||
$events
|
||||
->setParam('eventData', $response->output(new Document([
|
||||
'sessions' => $sessions,
|
||||
|
@ -1371,7 +1359,7 @@ App::post('/v1/account/recovery')
|
|||
->label('abuse-limit', 10)
|
||||
->label('abuse-key', 'url:{url},email:{param-email}')
|
||||
->param('email', '', new Email(), 'User email.')
|
||||
->param('url', '', function ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
|
||||
->param('url', '', function ($clients) {return new Host($clients);}, 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
->inject('dbForInternal')
|
||||
|
@ -1416,8 +1404,8 @@ App::post('/v1/account/recovery')
|
|||
'userAgent' => $request->getUserAgent('UNKNOWN'),
|
||||
'ip' => $request->getIP(),
|
||||
]);
|
||||
|
||||
Authorization::setRole('user:'.$profile->getId());
|
||||
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
|
||||
$profile->setAttribute('tokens', $recovery, Document::SET_TYPE_APPEND);
|
||||
|
||||
|
@ -1427,9 +1415,9 @@ App::post('/v1/account/recovery')
|
|||
$url['query'] = Template::mergeQuery(((isset($url['query'])) ? $url['query'] : ''), ['userId' => $profile->getId(), 'secret' => $secret, 'expire' => $expire]);
|
||||
$url = Template::unParseURL($url);
|
||||
|
||||
$body = new Template(__DIR__.'/../../config/locale/templates/email-base.tpl');
|
||||
$content = new Template(__DIR__.'/../../config/locale/translations/templates/'.$locale->getText('account.emails.recovery.body'));
|
||||
$cta = new Template(__DIR__.'/../../config/locale/templates/email-cta.tpl');
|
||||
$body = new Template(__DIR__ . '/../../config/locale/templates/email-base.tpl');
|
||||
$content = new Template(__DIR__ . '/../../config/locale/translations/templates/' . $locale->getText('account.emails.recovery.body'));
|
||||
$cta = new Template(__DIR__ . '/../../config/locale/templates/email-cta.tpl');
|
||||
|
||||
$body
|
||||
->setParam('{{content}}', $content->render(false))
|
||||
|
@ -1459,18 +1447,18 @@ App::post('/v1/account/recovery')
|
|||
$events
|
||||
->setParam('eventData',
|
||||
$response->output($recovery->setAttribute('secret', $secret),
|
||||
Response::MODEL_TOKEN
|
||||
))
|
||||
Response::MODEL_TOKEN
|
||||
))
|
||||
;
|
||||
|
||||
$recovery // Hide secret for clients, sp
|
||||
$recovery // Hide secret for clients, sp
|
||||
->setAttribute('secret',
|
||||
($isPrivilegedUser || $isAppUser) ? $secret : '');
|
||||
|
||||
$audits
|
||||
->setParam('userId', $profile->getId())
|
||||
->setParam('event', 'account.recovery.create')
|
||||
->setParam('resource', 'users/'.$profile->getId())
|
||||
->setParam('resource', 'users/' . $profile->getId())
|
||||
;
|
||||
|
||||
$response->setStatusCode(Response::STATUS_CODE_CREATED);
|
||||
|
@ -1502,7 +1490,7 @@ App::put('/v1/account/recovery')
|
|||
/** @var Appwrite\Utopia\Response $response */
|
||||
/** @var Utopia\Database\Database $dbForInternal */
|
||||
/** @var Appwrite\Event\Event $audits */
|
||||
|
||||
|
||||
if ($password !== $passwordAgain) {
|
||||
throw new Exception('Passwords must match', 400);
|
||||
}
|
||||
|
@ -1520,21 +1508,21 @@ App::put('/v1/account/recovery')
|
|||
throw new Exception('Invalid recovery token', 401);
|
||||
}
|
||||
|
||||
Authorization::setRole('user:'.$profile->getId());
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
|
||||
$profile = $dbForInternal->updateDocument('users', $profile->getId(), $profile
|
||||
->setAttribute('password', Auth::passwordHash($password))
|
||||
->setAttribute('passwordUpdate', \time())
|
||||
->setAttribute('emailVerification', true)
|
||||
->setAttribute('password', Auth::passwordHash($password))
|
||||
->setAttribute('passwordUpdate', \time())
|
||||
->setAttribute('emailVerification', true)
|
||||
);
|
||||
|
||||
/**
|
||||
* We act like we're updating and validating
|
||||
* the recovery token but actually we don't need it anymore.
|
||||
*/
|
||||
* We act like we're updating and validating
|
||||
* the recovery token but actually we don't need it anymore.
|
||||
*/
|
||||
|
||||
foreach ($tokens as $key => $token) {
|
||||
if($recovery === $token->getId()) {
|
||||
if ($recovery === $token->getId()) {
|
||||
$recovery = $token;
|
||||
unset($tokens[$key]);
|
||||
}
|
||||
|
@ -1545,7 +1533,7 @@ App::put('/v1/account/recovery')
|
|||
$audits
|
||||
->setParam('userId', $profile->getId())
|
||||
->setParam('event', 'account.recovery.update')
|
||||
->setParam('resource', 'users/'.$profile->getId())
|
||||
->setParam('resource', 'users/' . $profile->getId())
|
||||
;
|
||||
|
||||
$response->dynamic($recovery, Response::MODEL_TOKEN);
|
||||
|
@ -1565,7 +1553,7 @@ App::post('/v1/account/verification')
|
|||
->label('sdk.response.model', Response::MODEL_TOKEN)
|
||||
->label('abuse-limit', 10)
|
||||
->label('abuse-key', 'url:{url},email:{param-email}')
|
||||
->param('url', '', function ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
|
||||
->param('url', '', function ($clients) {return new Host($clients);}, 'URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
->inject('project')
|
||||
|
@ -1592,7 +1580,7 @@ App::post('/v1/account/verification')
|
|||
$verificationSecret = Auth::tokenGenerator();
|
||||
|
||||
$expire = \time() + Auth::TOKEN_EXPIRATION_CONFIRM;
|
||||
|
||||
|
||||
$verification = new Document([
|
||||
'$id' => $dbForInternal->getId(),
|
||||
'userId' => $user->getId(),
|
||||
|
@ -1602,8 +1590,8 @@ App::post('/v1/account/verification')
|
|||
'userAgent' => $request->getUserAgent('UNKNOWN'),
|
||||
'ip' => $request->getIP(),
|
||||
]);
|
||||
|
||||
Authorization::setRole('user:'.$user->getId());
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
|
||||
$user->setAttribute('tokens', $verification, Document::SET_TYPE_APPEND);
|
||||
|
||||
|
@ -1613,9 +1601,9 @@ App::post('/v1/account/verification')
|
|||
$url['query'] = Template::mergeQuery(((isset($url['query'])) ? $url['query'] : ''), ['userId' => $user->getId(), 'secret' => $verificationSecret, 'expire' => $expire]);
|
||||
$url = Template::unParseURL($url);
|
||||
|
||||
$body = new Template(__DIR__.'/../../config/locale/templates/email-base.tpl');
|
||||
$content = new Template(__DIR__.'/../../config/locale/translations/templates/'.$locale->getText('account.emails.verification.body'));
|
||||
$cta = new Template(__DIR__.'/../../config/locale/templates/email-cta.tpl');
|
||||
$body = new Template(__DIR__ . '/../../config/locale/templates/email-base.tpl');
|
||||
$content = new Template(__DIR__ . '/../../config/locale/translations/templates/' . $locale->getText('account.emails.verification.body'));
|
||||
$cta = new Template(__DIR__ . '/../../config/locale/templates/email-cta.tpl');
|
||||
|
||||
$body
|
||||
->setParam('{{content}}', $content->render(false))
|
||||
|
@ -1645,18 +1633,18 @@ App::post('/v1/account/verification')
|
|||
$events
|
||||
->setParam('eventData',
|
||||
$response->output($verification->setAttribute('secret', $verificationSecret),
|
||||
Response::MODEL_TOKEN
|
||||
))
|
||||
Response::MODEL_TOKEN
|
||||
))
|
||||
;
|
||||
|
||||
$verification // Hide secret for clients, sp
|
||||
$verification // Hide secret for clients, sp
|
||||
->setAttribute('secret',
|
||||
($isPrivilegedUser || $isAppUser) ? $verificationSecret : '');
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'account.verification.create')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
$response->setStatusCode(Response::STATUS_CODE_CREATED);
|
||||
|
@ -1702,16 +1690,16 @@ App::put('/v1/account/verification')
|
|||
throw new Exception('Invalid verification token', 401);
|
||||
}
|
||||
|
||||
Authorization::setRole('user:'.$profile->getId());
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
|
||||
$profile = $dbForInternal->updateDocument('users', $profile->getId(), $profile->setAttribute('emailVerification', true));
|
||||
|
||||
/**
|
||||
* We act like we're updating and validating
|
||||
* the verification token but actually we don't need it anymore.
|
||||
*/
|
||||
* We act like we're updating and validating
|
||||
* the verification token but actually we don't need it anymore.
|
||||
*/
|
||||
foreach ($tokens as $key => $token) {
|
||||
if($token->getId() === $verification) {
|
||||
if ($token->getId() === $verification) {
|
||||
$verification = $token;
|
||||
unset($tokens[$key]);
|
||||
}
|
||||
|
@ -1722,7 +1710,7 @@ App::put('/v1/account/verification')
|
|||
$audits
|
||||
->setParam('userId', $profile->getId())
|
||||
->setParam('event', 'account.verification.update')
|
||||
->setParam('resource', 'users/'.$user->getId())
|
||||
->setParam('resource', 'users/' . $user->getId())
|
||||
;
|
||||
|
||||
$response->dynamic($verification, Response::MODEL_TOKEN);
|
||||
|
|
Loading…
Reference in a new issue