diff --git a/src/api/controllers/Users.php b/src/api/controllers/Users.php index 6ede4a6..4ab6a40 100644 --- a/src/api/controllers/Users.php +++ b/src/api/controllers/Users.php @@ -11,21 +11,7 @@ class Users extends BaseController { } $this->apiJson->setSuccess(); - $userBeans = R::findAll('user'); - - $userIds = $this->getUserIdsByBoardAccess(Auth::GetUserId($request)); - $actor = new User($this->container, Auth::GetUserId($request)); - $isAdmin = ($actor->security_level->getValue() === SecurityLevel::Admin); - - $data = []; - foreach($userBeans as $bean) { - $user = new User($this->container); - $user->loadFromBean($bean); - - if (in_array($user->id, $userIds) || $isAdmin) { - $data[] = $this->cleanUser($user); - } - } + $data = $this->getAllUsersCleaned($request); $this->apiJson->addData($data); return $this->jsonResponse($response); @@ -71,8 +57,16 @@ class Users extends BaseController { return $this->jsonResponse($response, $status); } + $data = json_decode($request->getBody()); $user = new User($this->container); - $user->loadFromJson($request->getBody()); + + if (isset($data->password)) { + $data->password_hash = + password_hash($data->password, PASSWORD_BCRYPT); + unset($data->password); + unset($data->password_verify); + } + $user->loadFromJson(json_encode($data)); if (!$user->save()) { $this->logger->addError('Add User: ', [$user]); @@ -90,6 +84,7 @@ class Users extends BaseController { $this->apiJson->setSuccess(); $this->apiJson->addAlert('success', 'User ' . $user->username . ' added.'); + $this->apiJson->addData($this->getAllUsersCleaned($request)); return $this->jsonResponse($response); } @@ -133,6 +128,12 @@ class Users extends BaseController { } $data->active_token = $user->active_token; + if (isset($data->password)) { + $data->password_hash = + password_hash($data->password, PASSWORD_BCRYPT); + unset($data->password); + } + $update->loadFromJson(json_encode($data)); if ($user->id !== $update->id) { @@ -164,7 +165,7 @@ class Users extends BaseController { $this->apiJson->setSuccess(); $this->apiJson->addAlert('success', 'User ' . $update->username . ' updated.'); - $this->apiJson->addData(json_encode($update)); + $this->apiJson->addData(json_encode($this->cleanUser($update))); return $this->jsonResponse($response); } @@ -210,6 +211,7 @@ class Users extends BaseController { $this->apiJson->setSuccess(); $this->apiJson->addAlert('success', 'User options updated.'); $this->apiJson->addData(json_encode($update)); + $this->apiJson->addData(json_encode($this->cleanUser($user))); return $this->jsonResponse($response); } @@ -243,10 +245,31 @@ class Users extends BaseController { $this->apiJson->setSuccess(); $this->apiJson->addAlert('success', 'User ' . $before->username . ' removed.'); + $this->apiJson->addData($this->getAllUsersCleaned($request)); return $this->jsonResponse($response); } + private function getAllUsersCleaned($request) { + $userBeans = R::findAll('user'); + + $userIds = $this->getUserIdsByBoardAccess(Auth::GetUserId($request)); + $actor = new User($this->container, Auth::GetUserId($request)); + $isAdmin = ($actor->security_level->getValue() === SecurityLevel::Admin); + + $data = []; + foreach($userBeans as $bean) { + $user = new User($this->container); + $user->loadFromBean($bean); + + if (in_array($user->id, $userIds) || $isAdmin) { + $data[] = $this->cleanUser($user); + } + } + + return $data; + } + private function getUserIdsByBoardAccess($userId) { $userIds = []; diff --git a/src/api/models/User.php b/src/api/models/User.php index 27bf6de..207a9cb 100644 --- a/src/api/models/User.php +++ b/src/api/models/User.php @@ -43,6 +43,16 @@ class User extends BaseModel { return $retVal; } + public function delete() { + $userOpts = new UserOptions($this->container, $this->user_option_id); + + if ($userOpts->id === $this->user_option_id) { + $userOpts->delete(); + } + + parent::delete(); + } + public function updateBean() { $bean = $this->bean; diff --git a/test/api/controllers/UsersTest.php b/test/api/controllers/UsersTest.php index 741329b..9685ad5 100644 --- a/test/api/controllers/UsersTest.php +++ b/test/api/controllers/UsersTest.php @@ -1,6 +1,9 @@ alerts[0]['text']); } + public function testAddUserFrontend() { + $user = DataMock::getUser(); + $user->id = 0; + $user->user_option_id = 0; + $user->default_board_id = 0; + + $user->password = 'test'; + $user->password_verify = 'test'; + + $request = new RequestMock(); + $request->header = [DataMock::getJwt()]; + $request->payload = $user; + + $actual = $this->users->addUser($request, + new ResponseMock(), null); + $this->assertEquals('success', $actual->status); + } + public function testAddRemoveUser() { $expected = new ApiJson(); @@ -310,6 +331,30 @@ class UsersTest extends PHPUnit_Framework_TestCase { $this->assertEquals('failure', $response->status); } + public function testChangePasswordOverride() { + $this->createUser(); + + $tmp = RedBeanPHP\R::load('user', 2); + $this->assertEquals(2, $tmp->id); + + $tmp->password_hash = password_hash('testpass', PASSWORD_BCRYPT); + RedBeanPHP\R::store($tmp); + + $user = DataMock::getUser(); + $user->password = 'newpassword'; + + $args = []; + $args['id'] = $user->id; + + $request = new RequestMock(); + $request->payload = $user; + $request->header = [DataMock::getJwt()]; + + $response = $this->users->updateUser($request, + new ResponseMock(), $args); + $this->assertEquals('success', $response->status); + } + public function testChangePassword() { $this->createUser();