I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.
I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
--- /dev/null
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+use Symfony\Component\DependencyInjection\ContainerAwareInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+ * Add api_user_registration in craue_config_setting.
+ */
+class Version20170602075214 extends AbstractMigration implements ContainerAwareInterface
+{
+ /**
+ * @var ContainerInterface
+ */
+ private $container;
+
+ public function setContainer(ContainerInterface $container = null)
+ {
+ $this->container = $container;
+ }
+
+ private function getTable($tableName)
+ {
+ return $this->container->getParameter('database_table_prefix').$tableName;
+ }
+
+ /**
+ * @param Schema $schema
+ */
+ public function up(Schema $schema)
+ {
+ $apiUserRegistration = $this->container
+ ->get('doctrine.orm.default_entity_manager')
+ ->getConnection()
+ ->fetchArray('SELECT * FROM '.$this->getTable('craue_config_setting')." WHERE name = 'api_user_registration'");
+
+ $this->skipIf(false !== $apiUserRegistration, 'It seems that you already played this migration.');
+
+ $this->addSql('INSERT INTO '.$this->getTable('craue_config_setting')." (name, value, section) VALUES ('api_user_registration', '0', 'api')");
+ }
+
+ /**
+ * @param Schema $schema
+ */
+ public function down(Schema $schema)
+ {
+ $this->addSql('DELETE FROM '.$this->getTable('craue_config_setting')." WHERE name = 'api_user_registration';");
+ }
+}
fetching_error_message: |
wallabag can't retrieve contents for this article. Please <a href="http://doc.wallabag.org/en/user/errors_during_fetching.html#how-can-i-help-to-fix-that">troubleshoot this issue</a>.
api_limit_mass_actions: 10
+ default_internal_settings:
+ -
+ name: share_public
+ value: 1
+ section: entry
+ -
+ name: carrot
+ value: 1
+ section: entry
+ -
+ name: share_diaspora
+ value: 1
+ section: entry
+ -
+ name: diaspora_url
+ value: http://diasporapod.com
+ section: entry
+ -
+ name: share_unmark
+ value: 1
+ section: entry
+ -
+ name: unmark_url
+ value: https://unmark.it
+ section: entry
+ -
+ name: share_shaarli
+ value: 1
+ section: entry
+ -
+ name: share_scuttle
+ value: 1
+ section: entry
+ -
+ name: shaarli_url
+ value: http://myshaarli.com
+ section: entry
+ -
+ name: scuttle_url
+ value: http://scuttle.org
+ section: entry
+ -
+ name: share_mail
+ value: 1
+ section: entry
+ -
+ name: share_twitter
+ value: 1
+ section: entry
+ -
+ name: show_printlink
+ value: 1
+ section: entry
+ -
+ name: restricted_access
+ value: 0
+ section: entry
+ -
+ name: export_epub
+ value: 1
+ section: export
+ -
+ name: export_mobi
+ value: 1
+ section: export
+ -
+ name: export_pdf
+ value: 1
+ section: export
+ -
+ name: export_csv
+ value: 1
+ section: export
+ -
+ name: export_json
+ value: 1
+ section: export
+ -
+ name: export_txt
+ value: 1
+ section: export
+ -
+ name: export_xml
+ value: 1
+ section: export
+ -
+ name: import_with_redis
+ value: 0
+ section: import
+ -
+ name: import_with_rabbitmq
+ value: 0
+ section: import
+ -
+ name: piwik_enabled
+ value: 0
+ section: analytics
+ -
+ name: piwik_host
+ value: v2.wallabag.org
+ section: analytics
+ -
+ name: piwik_site_id
+ value: 1
+ section: analytics
+ -
+ name: demo_mode_enabled
+ value: 0
+ section: misc
+ -
+ name: demo_mode_username
+ value: wallabag
+ section: misc
+ -
+ name: download_images_enabled
+ value: 0
+ section: misc
+ -
+ name: wallabag_support_url
+ value: https://www.wallabag.org/pages/support.html
+ section: misc
+ -
+ name: wallabag_url
+ value: http://v2.wallabag.org
+ section: misc
+ -
+ name: api_user_registration
+ value: 0
+ section: api
wallabag_user:
registration_enabled: "%fosuser_registration%"
access_control:
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/version, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/api/user, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
*/
public function putUserAction(Request $request)
{
- if (!$this->container->getParameter('fosuser_registration')) {
+ if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) {
$json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json');
return (new JsonResponse())->setJson($json)->setStatusCode(403);
$userManager = $this->get('fos_user.user_manager');
$user = $userManager->createUser();
- // enable created user by default
- $user->setEnabled(true);
+ // user will be disabled BY DEFAULT to avoid spamming account to be created
+ $user->setEnabled(false);
$form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [
'csrf_protection' => false,
// cleanup before insert new stuff
$em->createQuery('DELETE FROM CraueConfigBundle:Setting')->execute();
- $settings = [
- [
- 'name' => 'share_public',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'carrot',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_diaspora',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'diaspora_url',
- 'value' => 'http://diasporapod.com',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_unmark',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'unmark_url',
- 'value' => 'https://unmark.it',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_shaarli',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'shaarli_url',
- 'value' => 'http://myshaarli.com',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_scuttle',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'scuttle_url',
- 'value' => 'http://scuttle.org',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_mail',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_twitter',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'export_epub',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_mobi',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_pdf',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_csv',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_json',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_txt',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_xml',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'import_with_redis',
- 'value' => '0',
- 'section' => 'import',
- ],
- [
- 'name' => 'import_with_rabbitmq',
- 'value' => '0',
- 'section' => 'import',
- ],
- [
- 'name' => 'show_printlink',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'wallabag_support_url',
- 'value' => 'https://www.wallabag.org/pages/support.html',
- 'section' => 'misc',
- ],
- [
- 'name' => 'wallabag_url',
- 'value' => '',
- 'section' => 'misc',
- ],
- [
- 'name' => 'piwik_enabled',
- 'value' => '0',
- 'section' => 'analytics',
- ],
- [
- 'name' => 'piwik_host',
- 'value' => 'v2.wallabag.org',
- 'section' => 'analytics',
- ],
- [
- 'name' => 'piwik_site_id',
- 'value' => '1',
- 'section' => 'analytics',
- ],
- [
- 'name' => 'demo_mode_enabled',
- 'value' => '0',
- 'section' => 'misc',
- ],
- [
- 'name' => 'demo_mode_username',
- 'value' => 'wallabag',
- 'section' => 'misc',
- ],
- [
- 'name' => 'download_images_enabled',
- 'value' => '0',
- 'section' => 'misc',
- ],
- [
- 'name' => 'restricted_access',
- 'value' => '0',
- 'section' => 'entry',
- ],
- ];
-
- foreach ($settings as $setting) {
+ foreach ($this->getContainer()->getParameter('wallabag_core.default_internal_settings') as $setting) {
$newSetting = new Setting();
$newSetting->setName($setting['name']);
$newSetting->setValue($setting['value']);
use Doctrine\Common\DataFixtures\OrderedFixtureInterface;
use Doctrine\Common\Persistence\ObjectManager;
use Craue\ConfigBundle\Entity\Setting;
+use Symfony\Component\DependencyInjection\ContainerAwareInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
-class LoadSettingData extends AbstractFixture implements OrderedFixtureInterface
+class LoadSettingData extends AbstractFixture implements OrderedFixtureInterface, ContainerAwareInterface
{
+ /**
+ * @var ContainerInterface
+ */
+ private $container;
+
+ public function setContainer(ContainerInterface $container = null)
+ {
+ $this->container = $container;
+ }
+
/**
* {@inheritdoc}
*/
public function load(ObjectManager $manager)
{
- $settings = [
- [
- 'name' => 'share_public',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'carrot',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_diaspora',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'diaspora_url',
- 'value' => 'http://diasporapod.com',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_unmark',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'unmark_url',
- 'value' => 'https://unmark.it',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_shaarli',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_scuttle',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'shaarli_url',
- 'value' => 'http://myshaarli.com',
- 'section' => 'entry',
- ],
- [
- 'name' => 'scuttle_url',
- 'value' => 'http://scuttle.org',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_mail',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'share_twitter',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'export_epub',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_mobi',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_pdf',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_csv',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_json',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_txt',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'export_xml',
- 'value' => '1',
- 'section' => 'export',
- ],
- [
- 'name' => 'import_with_redis',
- 'value' => '0',
- 'section' => 'import',
- ],
- [
- 'name' => 'import_with_rabbitmq',
- 'value' => '0',
- 'section' => 'import',
- ],
- [
- 'name' => 'show_printlink',
- 'value' => '1',
- 'section' => 'entry',
- ],
- [
- 'name' => 'wallabag_support_url',
- 'value' => 'https://www.wallabag.org/pages/support.html',
- 'section' => 'misc',
- ],
- [
- 'name' => 'wallabag_url',
- 'value' => 'http://v2.wallabag.org',
- 'section' => 'misc',
- ],
- [
- 'name' => 'piwik_enabled',
- 'value' => '0',
- 'section' => 'analytics',
- ],
- [
- 'name' => 'piwik_host',
- 'value' => 'v2.wallabag.org',
- 'section' => 'analytics',
- ],
- [
- 'name' => 'piwik_site_id',
- 'value' => '1',
- 'section' => 'analytics',
- ],
- [
- 'name' => 'demo_mode_enabled',
- 'value' => '0',
- 'section' => 'misc',
- ],
- [
- 'name' => 'demo_mode_username',
- 'value' => 'wallabag',
- 'section' => 'misc',
- ],
- [
- 'name' => 'download_images_enabled',
- 'value' => '0',
- 'section' => 'misc',
- ],
- [
- 'name' => 'restricted_access',
- 'value' => '0',
- 'section' => 'entry',
- ],
- ];
-
- foreach ($settings as $setting) {
+ foreach ($this->container->getParameter('wallabag_core.default_internal_settings') as $setting) {
$newSetting = new Setting();
$newSetting->setName($setting['name']);
$newSetting->setValue($setting['value']);
->scalarNode('api_limit_mass_actions')
->defaultValue(10)
->end()
+ ->arrayNode('default_internal_settings')
+ ->prototype('array')
+ ->children()
+ ->scalarNode('name')->end()
+ ->scalarNode('value')->end()
+ ->enumNode('section')
+ ->values(['entry', 'misc', 'api', 'analytics', 'export', 'import'])
+ ->end()
+ ->end()
+ ->end()
+ ->end()
->end()
;
$container->setParameter('wallabag_core.fetching_error_message', $config['fetching_error_message']);
$container->setParameter('wallabag_core.fetching_error_message_title', $config['fetching_error_message_title']);
$container->setParameter('wallabag_core.api_limit_mass_actions', $config['api_limit_mass_actions']);
+ $container->setParameter('wallabag_core.default_internal_settings', $config['default_internal_settings']);
$loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
$loader->load('services.yml');
$this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
}
+ public function testGetUserWithoutAuthentication()
+ {
+ $client = static::createClient();
+ $client->request('GET', '/api/user.json');
+ $this->assertEquals(401, $client->getResponse()->getStatusCode());
+
+ $content = json_decode($client->getResponse()->getContent(), true);
+
+ $this->assertArrayHasKey('error', $content);
+ $this->assertArrayHasKey('error_description', $content);
+
+ $this->assertEquals('access_denied', $content['error']);
+
+ $this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
+ }
+
public function testCreateNewUser()
{
+ $this->client->getContainer()->get('craue_config')->set('api_user_registration', 1);
$this->client->request('PUT', '/api/user.json', [
'username' => 'google',
'password' => 'googlegoogle',
$this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
- // remove the created user to avoid side effect on other tests
- // @todo remove these lines when test will be isolated
- $em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
+ $this->client->getContainer()->get('craue_config')->set('api_user_registration', 0);
+ }
+
+ public function testCreateNewUserWithoutAuthentication()
+ {
+ // create a new client instead of using $this->client to be sure client isn't authenticated
+ $client = static::createClient();
+ $client->getContainer()->get('craue_config')->set('api_user_registration', 1);
+ $client->request('PUT', '/api/user.json', [
+ 'username' => 'google',
+ 'password' => 'googlegoogle',
+ 'email' => 'wallabag@google.com',
+ ]);
+
+ $this->assertEquals(200, $client->getResponse()->getStatusCode());
+
+ $content = json_decode($client->getResponse()->getContent(), true);
+
+ $this->assertArrayHasKey('id', $content);
+ $this->assertArrayHasKey('email', $content);
+ $this->assertArrayHasKey('username', $content);
+ $this->assertArrayHasKey('created_at', $content);
+ $this->assertArrayHasKey('updated_at', $content);
+
+ $this->assertEquals('wallabag@google.com', $content['email']);
+ $this->assertEquals('google', $content['username']);
- $query = $em->createQuery('DELETE FROM Wallabag\CoreBundle\Entity\Config c WHERE c.user = :user_id');
- $query->setParameter('user_id', $content['id']);
- $query->execute();
+ $this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
- $query = $em->createQuery('DELETE FROM Wallabag\UserBundle\Entity\User u WHERE u.id = :id');
- $query->setParameter('id', $content['id']);
- $query->execute();
+ $client->getContainer()->get('craue_config')->set('api_user_registration', 0);
}
public function testCreateNewUserWithExistingEmail()
{
- $this->client->request('PUT', '/api/user.json', [
+ $client = static::createClient();
+ $client->getContainer()->get('craue_config')->set('api_user_registration', 1);
+ $client->request('PUT', '/api/user.json', [
'username' => 'admin',
'password' => 'googlegoogle',
'email' => 'bigboss@wallabag.org',
]);
- $this->assertEquals(400, $this->client->getResponse()->getStatusCode());
+ $this->assertEquals(400, $client->getResponse()->getStatusCode());
- $content = json_decode($this->client->getResponse()->getContent(), true);
+ $content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('error', $content);
$this->assertArrayHasKey('username', $content['error']);
$this->assertEquals('This value is already used.', $content['error']['username'][0]);
$this->assertEquals('This value is already used.', $content['error']['email'][0]);
- $this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
+ $this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
+
+ $client->getContainer()->get('craue_config')->set('api_user_registration', 0);
}
public function testCreateNewUserWithTooShortPassword()
{
- $this->client->request('PUT', '/api/user.json', [
+ $client = static::createClient();
+ $client->getContainer()->get('craue_config')->set('api_user_registration', 1);
+ $client->request('PUT', '/api/user.json', [
'username' => 'facebook',
'password' => 'face',
'email' => 'facebook@wallabag.org',
]);
- $this->assertEquals(400, $this->client->getResponse()->getStatusCode());
+ $this->assertEquals(400, $client->getResponse()->getStatusCode());
- $content = json_decode($this->client->getResponse()->getContent(), true);
+ $content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('error', $content);
$this->assertArrayHasKey('password', $content['error']);
$this->assertEquals('validator.password_too_short', $content['error']['password'][0]);
- $this->assertEquals('application/json', $this->client->getResponse()->headers->get('Content-Type'));
+ $this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
+
+ $client->getContainer()->get('craue_config')->set('api_user_registration', 0);
+ }
+
+ public function testCreateNewUserWhenRegistrationIsDisabled()
+ {
+ $client = static::createClient();
+ $client->request('PUT', '/api/user.json', [
+ 'username' => 'facebook',
+ 'password' => 'face',
+ 'email' => 'facebook@wallabag.org',
+ ]);
+
+ $this->assertEquals(403, $client->getResponse()->getStatusCode());
+
+ $content = json_decode($client->getResponse()->getContent(), true);
+
+ $this->assertArrayHasKey('error', $content);
+
+ $this->assertEquals('application/json', $client->getResponse()->headers->get('Content-Type'));
}
}
{
public function testGetVersion()
{
- $this->client->request('GET', '/api/version');
+ // create a new client instead of using $this->client to be sure client isn't authenticated
+ $client = static::createClient();
+ $client->request('GET', '/api/version');
- $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+ $this->assertEquals(200, $client->getResponse()->getStatusCode());
- $content = json_decode($this->client->getResponse()->getContent(), true);
+ $content = json_decode($client->getResponse()->getContent(), true);
- $this->assertEquals($this->client->getContainer()->getParameter('wallabag_core.version'), $content);
+ $this->assertEquals($client->getContainer()->getParameter('wallabag_core.version'), $content);
}
}