CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-01 18:39:57 +12:00
Code Issues Projects Releases Wiki Activity

Added new webhook events

Browse source
This commit is contained in:
Eldad Fux 2020-11-18 21:38:31 +02:00
parent f30ab2184c
commit ea0f51a4da
4 changed files with 46 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/config/events.php
View file

@ -19,6 +19,12 @@ return [
'account.update.prefs' => [
'description' => 'This event triggers when the account preferences are updated.',
],
'account.recovery.create' => [
'description' => 'This event triggers when the account recovery token is created.',
],
'account.recovery.update' => [
'description' => 'This event triggers when the account recovery token is validated.',
],
'account.delete' => [
'description' => 'This event triggers when the account is deleted.',
],

36
app/controllers/api/account.php
View file

@ -1153,6 +1153,7 @@ App::post('/v1/account/recovery')
->desc('Create Password Recovery')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'account.recovery.create')
->label('sdk.platform', [APP_PLATFORM_CLIENT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'createRecovery')
@ -1164,7 +1165,7 @@ App::post('/v1/account/recovery')
->label('abuse-key', 'url:{url},email:{param-email}')
->param('email', '', new Email(), 'User email.')
->param('url', '', function ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
->action(function ($email, $url, $request, $response, $projectDB, $project, $locale, $mails, $audits) {
->action(function ($email, $url, $request, $response, $projectDB, $project, $locale, $mails, $audits, $webhooks, $mode) {
/** @var Utopia\Swoole\Request $request */
/** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Database $projectDB */
@ -1172,6 +1173,8 @@ App::post('/v1/account/recovery')
/** @var Utopia\Locale\Locale $locale */
/** @var Appwrite\Event\Event $mails */
/** @var Appwrite\Event\Event $audits */
/** @var Appwrite\Event\Event $webhooks */
/** @var bool $mode */
$profile = $projectDB->getCollectionFirst([ // Get user by email address
'limit' => 1,
@ -1246,6 +1249,17 @@ App::post('/v1/account/recovery')
->trigger();
;
$webhooks
->setParam('payload',
$response->output($recovery->setAttribute('secret', $secret),
Response::MODEL_TOKEN
))
;
$recovery // Hide secret for clients, sp
->setAttribute('secret',
((APP_MODE_ADMIN === $mode)) ? $secret : '');
$audits
->setParam('userId', $profile->getId())
->setParam('event', 'account.recovery.create')
@ -1256,12 +1270,13 @@ App::post('/v1/account/recovery')
->setStatusCode(Response::STATUS_CODE_CREATED)
->dynamic($recovery, Response::MODEL_TOKEN)
;
}, ['request', 'response', 'projectDB', 'project', 'locale', 'mails', 'audits']);
}, ['request', 'response', 'projectDB', 'project', 'locale', 'mails', 'audits', 'webhooks', 'mode']);
App::put('/v1/account/recovery')
->desc('Complete Password Recovery')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'account.recovery.update')
->label('sdk.platform', [APP_PLATFORM_CLIENT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updateRecovery')
@ -1347,7 +1362,7 @@ App::post('/v1/account/verification')
->label('abuse-limit', 10)
->label('abuse-key', 'url:{url},email:{param-email}')
->param('url', '', function ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients']) // TODO add built-in confirm page
->action(function ($url, $request, $response, $project, $user, $projectDB, $locale, $audits, $mails) {
->action(function ($url, $request, $response, $project, $user, $projectDB, $locale, $audits, $webhooks, $mails, $mode) {
/** @var Utopia\Swoole\Request $request */
/** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Document $project */
@ -1355,7 +1370,9 @@ App::post('/v1/account/verification')
/** @var Appwrite\Database\Database $projectDB */
/** @var Utopia\Locale\Locale $locale */
/** @var Appwrite\Event\Event $audits */
/** @var Appwrite\Event\Event $webhooks */
/** @var Appwrite\Event\Event $mails */
/** @var bool $mode */
$verificationSecret = Auth::tokenGenerator();
@ -1419,6 +1436,17 @@ App::post('/v1/account/verification')
->trigger()
;
$webhooks
->setParam('payload',
$response->output($verification->setAttribute('secret', $verificationSecret),
Response::MODEL_TOKEN
))
;
$verification // Hide secret for clients, sp
->setAttribute('secret',
((APP_MODE_ADMIN === $mode)) ? $verificationSecret : '');
$audits
->setParam('userId', $user->getId())
->setParam('event', 'account.verification.create')
@ -1429,7 +1457,7 @@ App::post('/v1/account/verification')
->setStatusCode(Response::STATUS_CODE_CREATED)
->dynamic($verification, Response::MODEL_TOKEN)
;
}, ['request', 'response', 'project', 'user', 'projectDB', 'locale', 'audits', 'mails']);
}, ['request', 'response', 'project', 'user', 'projectDB', 'locale', 'audits', 'webhooks', 'mails', 'mode']);
App::put('/v1/account/verification')
->desc('Complete Email Verification')

12
src/Appwrite/Utopia/Response/Model/Token.php
View file

@ -15,12 +15,12 @@ class Token extends Model
'description' => 'Token ID.',
'example' => '5e5ea5c16897e',
])
// ->addRule('type', [ TODO: use this when token types will be strings
// 'type' => self::TYPE_STRING,
// 'description' => 'Token type. Possible values: play, pause',
// 'default' => '',
// 'example' => '127.0.0.1',
// ])
->addRule('secret', [
'type' => self::TYPE_STRING,
'description' => 'Token secret key. This will return an empty string unless the response is returned using an API key or as part of a webhook payload.',
'default' => 0,
'example' => '',
])
->addRule('expire', [
'type' => self::TYPE_INTEGER,
'description' => 'Token expiration date in Unix timestamp.',

2
tests/e2e/Services/Account/AccountBase.php
View file

@ -648,6 +648,7 @@ trait AccountBase
$this->assertEquals(201, $response['headers']['status-code']);
$this->assertNotEmpty($response['body']['$id']);
$this->assertEmpty($response['body']['secret']);
$this->assertIsNumeric($response['body']['expire']);
$lastEmail = $this->getLastEmail();
@ -939,6 +940,7 @@ trait AccountBase
$this->assertEquals(201, $response['headers']['status-code']);
$this->assertNotEmpty($response['body']['$id']);
$this->assertEmpty($response['body']['secret']);
$this->assertIsNumeric($response['body']['expire']);
$lastEmail = $this->getLastEmail();