diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 9f0a2b46b..461057201 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -236,6 +236,7 @@ App::patch('/v1/account/name') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.name') ->label('scope', 'account') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateName') @@ -247,20 +248,14 @@ App::patch('/v1/account/name') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('usage') ->inject('events') - ->action(function (string $name, Response $response, Document $user, Database $dbForProject, Audit $audits, Stats $usage, Event $events) { + ->action(function (string $name, Response $response, Document $user, Database $dbForProject, Stats $usage, Event $events) { $user = $dbForProject->updateDocument('users', $user->getId(), $user ->setAttribute('name', $name) ->setAttribute('search', implode(' ', [$user->getId(), $name, $user->getAttribute('email')]))); - $audits - ->setResource('user/' . $user->getId()) - ->setUser($user) - ; - $usage->setParam('users.update', 1); $events->setParam('userId', $user->getId()); @@ -272,6 +267,7 @@ App::patch('/v1/account/password') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.password') ->label('scope', 'account') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePassword') @@ -284,10 +280,9 @@ App::patch('/v1/account/password') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('usage') ->inject('events') - ->action(function (string $password, string $oldPassword, Response $response, Document $user, Database $dbForProject, Audit $audits, Stats $usage, Event $events) { + ->action(function (string $password, string $oldPassword, Response $response, Document $user, Database $dbForProject, Stats $usage, Event $events) { // Check old password only if its an existing user. if ($user->getAttribute('passwordUpdate') !== 0 && !Auth::passwordVerify($oldPassword, $user->getAttribute('password'))) { // Double check user password @@ -302,11 +297,6 @@ App::patch('/v1/account/password') ->setAttribute('passwordUpdate', \time()) ); - $audits - ->setResource('user/' . $user->getId()) - ->setUser($user) - ; - $usage->setParam('users.update', 1); $events->setParam('userId', $user->getId()); @@ -318,6 +308,7 @@ App::patch('/v1/account/email') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.email') ->label('scope', 'account') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateEmail') @@ -330,10 +321,9 @@ App::patch('/v1/account/email') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('usage') ->inject('events') - ->action(function (string $email, string $password, Response $response, Document $user, Database $dbForProject, Audit $audits, Stats $usage, Event $events) { + ->action(function (string $email, string $password, Response $response, Document $user, Database $dbForProject, Stats $usage, Event $events) { $isAnonymousUser = Auth::isAnonymousUser($user); // Check if request is from an anonymous account for converting @@ -358,11 +348,6 @@ App::patch('/v1/account/email') throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS); } - $audits - ->setResource('user/' . $user->getId()) - ->setUser($user) - ; - $usage->setParam('users.update', 1); $events->setParam('userId', $user->getId()); @@ -374,6 +359,7 @@ App::patch('/v1/account/prefs') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.prefs') ->label('scope', 'account') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePrefs') @@ -385,14 +371,12 @@ App::patch('/v1/account/prefs') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('usage') ->inject('events') - ->action(function (array $prefs, Response $response, Document $user, Database $dbForProject, Audit $audits, Stats $usage, Event $events) { + ->action(function (array $prefs, Response $response, Document $user, Database $dbForProject, Stats $usage, Event $events) { $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('prefs', $prefs)); - $audits->setResource('user/' . $user->getId()); $usage->setParam('users.update', 1); $events->setParam('userId', $user->getId()); @@ -404,6 +388,7 @@ App::patch('/v1/account/status') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.status') ->label('scope', 'account') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateStatus') @@ -415,17 +400,12 @@ App::patch('/v1/account/status') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('events') ->inject('usage') - ->action(function (Request $request, Response $response, Document $user, Database $dbForProject, Audit $audits, Event $events, Stats $usage) { + ->action(function (Request $request, Response $response, Document $user, Database $dbForProject, Event $events, Stats $usage) { $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('status', false)); - $audits - ->setResource('user/' . $user->getId()) - ->setPayload($response->output($user, Response::MODEL_USER)); - $events ->setParam('userId', $user->getId()) ->setPayload($response->output($user, Response::MODEL_USER)); @@ -444,6 +424,7 @@ App::patch('/v1/account/phone') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.phone') ->label('scope', 'account') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePhone') @@ -456,10 +437,9 @@ App::patch('/v1/account/phone') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('usage') ->inject('events') - ->action(function (string $phone, string $password, Response $response, Document $user, Database $dbForProject, Audit $audits, Stats $usage, Event $events) { + ->action(function (string $phone, string $password, Response $response, Document $user, Database $dbForProject, Stats $usage, Event $events) { $isAnonymousUser = Auth::isAnonymousUser($user); // Check if request is from an anonymous account for converting @@ -481,11 +461,6 @@ App::patch('/v1/account/phone') throw new Exception(Exception::USER_PHONE_ALREADY_EXISTS); } - $audits - ->setResource('user/' . $user->getId()) - ->setUser($user) - ; - $usage->setParam('users.update', 1); $events->setParam('userId', $user->getId()); @@ -712,6 +687,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') ->label('error', __DIR__ . '/../../views/general/error.phtml') ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('scope', 'public') + ->label('audits.resource', 'user/{user.$id}') ->label('abuse-limit', 50) ->label('abuse-key', 'ip:{ip}') ->label('docs', false) @@ -724,10 +700,9 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') ->inject('user') ->inject('dbForProject') ->inject('geodb') - ->inject('audits') ->inject('events') ->inject('usage') - ->action(function (string $provider, string $code, string $state, Request $request, Response $response, Document $project, Document $user, Database $dbForProject, Reader $geodb, Audit $audits, Event $events, Stats $usage) use ($oauthDefaultSuccess) { + ->action(function (string $provider, string $code, string $state, Request $request, Response $response, Document $project, Document $user, Database $dbForProject, Reader $geodb, Event $events, Stats $usage) use ($oauthDefaultSuccess) { $protocol = $request->getProtocol(); $callback = $protocol . '://' . $request->getHostname() . '/v1/account/sessions/oauth2/callback/' . $provider . '/' . $project->getId(); @@ -904,10 +879,6 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') $dbForProject->deleteCachedDocument('users', $user->getId()); - $audits->setResource('user/' . $user->getId()) - ->setUser($user) - ; - $usage ->setParam('users.sessions.create', 1) ->setParam('projectId', $project->getId()) @@ -1190,6 +1161,7 @@ App::post('/v1/account/sessions/anonymous') ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('scope', 'public') ->label('auth.type', 'anonymous') + ->label('audits.resource', 'user/{response.userId}') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createAnonymousSession') @@ -1206,10 +1178,9 @@ App::post('/v1/account/sessions/anonymous') ->inject('project') ->inject('dbForProject') ->inject('geodb') - ->inject('audits') ->inject('usage') ->inject('events') - ->action(function (Request $request, Response $response, Locale $locale, Document $user, Document $project, Database $dbForProject, Reader $geodb, Audit $audits, Stats $usage, Event $events) { + ->action(function (Request $request, Response $response, Locale $locale, Document $user, Document $project, Database $dbForProject, Reader $geodb, Stats $usage, Event $events) { $protocol = $request->getProtocol(); @@ -1282,8 +1253,6 @@ App::post('/v1/account/sessions/anonymous') $dbForProject->deleteCachedDocument('users', $user->getId()); - $audits->setResource('user/' . $user->getId()); - $usage ->setParam('users.sessions.create', 1) ->setParam('provider', 'anonymous') @@ -1568,11 +1537,11 @@ App::post('/v1/account/sessions/anonymous') $protocol = $request->getProtocol(); if ('console' === $project->getId()) { - throw new Exception('Failed to create anonymous user.', 401, Exception::USER_ANONYMOUS_CONSOLE_PROHIBITED); + throw new Exception(Exception::USER_ANONYMOUS_CONSOLE_PROHIBITED, 'Failed to create anonymous user.'); } if (!$user->isEmpty()) { - throw new Exception('Cannot create an anonymous user when logged in.', 401, Exception::USER_SESSION_ALREADY_EXISTS); + throw new Exception(Exception::USER_SESSION_ALREADY_EXISTS, 'Cannot create an anonymous user when logged in.'); } $limit = $project->getAttribute('auths', [])['limit'] ?? 0; @@ -1581,7 +1550,7 @@ App::post('/v1/account/sessions/anonymous') $total = $dbForProject->count('users', max: APP_LIMIT_USERS); if ($total >= $limit) { - throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501, Exception::USER_COUNT_EXCEEDED); + throw new Exception(Exception::USER_COUNT_EXCEEDED, 'Project registration is restricted. Contact your administrator for more information.'); } } @@ -1696,7 +1665,7 @@ App::post('/v1/account/jwt') } if ($current->isEmpty()) { - throw new Exception('No valid session found', 404, Exception::USER_SESSION_NOT_FOUND); + throw new Exception(Exception::USER_SESSION_NOT_FOUND, 'No valid session found'); } $jwt = new JWT(App::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 900, 10); // Instantiate with key, algo, maxAge and leeway. @@ -1833,7 +1802,6 @@ App::get('/v1/account/sessions/:sessionId') } throw new Exception(Exception::USER_SESSION_NOT_FOUND); - throw new Exception('Session not found', 404, Exception::USER_SESSION_NOT_FOUND); }); App::patch('/v1/account/name') @@ -1893,7 +1861,7 @@ App::patch('/v1/account/password') // Check old password only if its an existing user. if ($user->getAttribute('passwordUpdate') !== 0 && !Auth::passwordVerify($oldPassword, $user->getAttribute('password'))) { // Double check user password - throw new Exception('Invalid credentials', 401, Exception::USER_INVALID_CREDENTIALS); + throw new Exception(Exception::USER_INVALID_CREDENTIALS, 'Invalid credentials'); } $user = $dbForProject->updateDocument( @@ -1953,7 +1921,7 @@ App::patch('/v1/account/email') try { $user = $dbForProject->updateDocument('users', $user->getId(), $user); } catch (Duplicate $th) { - throw new Exception('Email already exists', 409, Exception::USER_EMAIL_ALREADY_EXISTS); + throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS, 'Email already exists'); } $usage->setParam('users.update', 1); diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 210104538..326e7dd72 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -374,7 +374,7 @@ App::patch('/v1/users/:userId/status') $user = $dbForProject->getDocument('users', $userId); if ($user->isEmpty()) { - throw new Exception('User not found', 404, Exception::USER_NOT_FOUND); + throw new Exception(Exception::USER_NOT_FOUND, 'User not found'); } $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('status', (bool) $status)); @@ -410,7 +410,7 @@ App::patch('/v1/users/:userId/verification') $user = $dbForProject->getDocument('users', $userId); if ($user->isEmpty()) { - throw new Exception('User not found', 404, Exception::USER_NOT_FOUND); + throw new Exception(Exception::USER_NOT_FOUND, 'User not found'); } $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('emailVerification', $emailVerification)); @@ -446,7 +446,7 @@ App::patch('/v1/users/:userId/verification/phone') $user = $dbForProject->getDocument('users', $userId); if ($user->isEmpty()) { - throw new Exception('User not found', 404, Exception::USER_NOT_FOUND); + throw new Exception(Exception::USER_NOT_FOUND, 'User not found'); } $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('phoneVerification', $phoneVerification)); @@ -811,7 +811,7 @@ App::delete('/v1/users/:userId') $user = $dbForProject->getDocument('users', $userId); if ($user->isEmpty()) { - throw new Exception('User not found', 404, Exception::USER_NOT_FOUND); + throw new Exception(Exception::USER_NOT_FOUND, 'User not found'); } // clone user object to send to workers