From 426bb453d295900fb3e35dce2f9081a42639cf27 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 2 Jun 2017 10:19:33 +0200 Subject: API user creation behing a toggle I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled. Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information. I've moved all the internal settings definition to config to avoid duplicated place to define them. I don't know why we didn't did that earlier. --- src/Wallabag/ApiBundle/Controller/UserRestController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/Wallabag/ApiBundle/Controller/UserRestController.php') diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index a1b78e3f..1fc67d00 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php @@ -43,7 +43,7 @@ class UserRestController extends WallabagRestController */ public function putUserAction(Request $request) { - if (!$this->container->getParameter('fosuser_registration')) { + if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) { $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json'); return (new JsonResponse())->setJson($json)->setStatusCode(403); @@ -51,8 +51,8 @@ class UserRestController extends WallabagRestController $userManager = $this->get('fos_user.user_manager'); $user = $userManager->createUser(); - // enable created user by default - $user->setEnabled(true); + // user will be disabled BY DEFAULT to avoid spamming account to be created + $user->setEnabled(false); $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [ 'csrf_protection' => false, -- cgit v1.2.3 From 1b9cd91782ed8341d2e608371201348c59986f23 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 2 Jun 2017 10:27:15 +0200 Subject: Add translation --- src/Wallabag/ApiBundle/Controller/UserRestController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Wallabag/ApiBundle/Controller/UserRestController.php') diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index 1fc67d00..a1d7c1ff 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php @@ -51,7 +51,7 @@ class UserRestController extends WallabagRestController $userManager = $this->get('fos_user.user_manager'); $user = $userManager->createUser(); - // user will be disabled BY DEFAULT to avoid spamming account to be created + // user will be disabled BY DEFAULT to avoid spamming account to be enabled $user->setEnabled(false); $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [ -- cgit v1.2.3 From a1e6187406289b6b54f8044ba1f209979454204b Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 2 Jun 2017 20:03:25 +0200 Subject: Return 201 on user creation --- .../ApiBundle/Controller/UserRestController.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'src/Wallabag/ApiBundle/Controller/UserRestController.php') diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index a1d7c1ff..8f675b8d 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php @@ -46,7 +46,9 @@ class UserRestController extends WallabagRestController if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) { $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json'); - return (new JsonResponse())->setJson($json)->setStatusCode(403); + return (new JsonResponse()) + ->setJson($json) + ->setStatusCode(JsonResponse::HTTP_FORBIDDEN); } $userManager = $this->get('fos_user.user_manager'); @@ -90,7 +92,9 @@ class UserRestController extends WallabagRestController $json = $this->get('serializer')->serialize(['error' => $errors], 'json'); - return (new JsonResponse())->setJson($json)->setStatusCode(400); + return (new JsonResponse()) + ->setJson($json) + ->setStatusCode(JsonResponse::HTTP_BAD_REQUEST); } $userManager->updateUser($user); @@ -99,17 +103,18 @@ class UserRestController extends WallabagRestController $event = new UserEvent($user, $request); $this->get('event_dispatcher')->dispatch(FOSUserEvents::USER_CREATED, $event); - return $this->sendUser($user); + return $this->sendUser($user, JsonResponse::HTTP_CREATED); } /** * Send user response. * * @param User $user + * @param int $status HTTP Status code to send * * @return JsonResponse */ - private function sendUser(User $user) + private function sendUser(User $user, $status = JsonResponse::HTTP_OK) { $json = $this->get('serializer')->serialize( $user, @@ -117,7 +122,9 @@ class UserRestController extends WallabagRestController SerializationContext::create()->setGroups(['user_api']) ); - return (new JsonResponse())->setJson($json); + return (new JsonResponse()) + ->setJson($json) + ->setStatusCode($status); } /** -- cgit v1.2.3