From 426bb453d295900fb3e35dce2f9081a42639cf27 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 2 Jun 2017 10:19:33 +0200 Subject: API user creation behing a toggle I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled. Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information. I've moved all the internal settings definition to config to avoid duplicated place to define them. I don't know why we didn't did that earlier. --- .../ApiBundle/Controller/UserRestController.php | 6 +- src/Wallabag/CoreBundle/Command/InstallCommand.php | 160 +------------------ .../DataFixtures/ORM/LoadSettingData.php | 174 ++------------------- .../DependencyInjection/Configuration.php | 11 ++ .../DependencyInjection/WallabagCoreExtension.php | 1 + 5 files changed, 30 insertions(+), 322 deletions(-) (limited to 'src/Wallabag') diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index a1b78e3f..1fc67d00 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php @@ -43,7 +43,7 @@ class UserRestController extends WallabagRestController */ public function putUserAction(Request $request) { - if (!$this->container->getParameter('fosuser_registration')) { + if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) { $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json'); return (new JsonResponse())->setJson($json)->setStatusCode(403); @@ -51,8 +51,8 @@ class UserRestController extends WallabagRestController $userManager = $this->get('fos_user.user_manager'); $user = $userManager->createUser(); - // enable created user by default - $user->setEnabled(true); + // user will be disabled BY DEFAULT to avoid spamming account to be created + $user->setEnabled(false); $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [ 'csrf_protection' => false, diff --git a/src/Wallabag/CoreBundle/Command/InstallCommand.php b/src/Wallabag/CoreBundle/Command/InstallCommand.php index d9608246..0f119377 100644 --- a/src/Wallabag/CoreBundle/Command/InstallCommand.php +++ b/src/Wallabag/CoreBundle/Command/InstallCommand.php @@ -292,165 +292,7 @@ class InstallCommand extends ContainerAwareCommand // cleanup before insert new stuff $em->createQuery('DELETE FROM CraueConfigBundle:Setting')->execute(); - $settings = [ - [ - 'name' => 'share_public', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'carrot', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'share_diaspora', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'diaspora_url', - 'value' => 'http://diasporapod.com', - 'section' => 'entry', - ], - [ - 'name' => 'share_unmark', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'unmark_url', - 'value' => 'https://unmark.it', - 'section' => 'entry', - ], - [ - 'name' => 'share_shaarli', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'shaarli_url', - 'value' => 'http://myshaarli.com', - 'section' => 'entry', - ], - [ - 'name' => 'share_scuttle', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'scuttle_url', - 'value' => 'http://scuttle.org', - 'section' => 'entry', - ], - [ - 'name' => 'share_mail', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'share_twitter', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'export_epub', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_mobi', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_pdf', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_csv', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_json', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_txt', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_xml', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'import_with_redis', - 'value' => '0', - 'section' => 'import', - ], - [ - 'name' => 'import_with_rabbitmq', - 'value' => '0', - 'section' => 'import', - ], - [ - 'name' => 'show_printlink', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'wallabag_support_url', - 'value' => 'https://www.wallabag.org/pages/support.html', - 'section' => 'misc', - ], - [ - 'name' => 'wallabag_url', - 'value' => '', - 'section' => 'misc', - ], - [ - 'name' => 'piwik_enabled', - 'value' => '0', - 'section' => 'analytics', - ], - [ - 'name' => 'piwik_host', - 'value' => 'v2.wallabag.org', - 'section' => 'analytics', - ], - [ - 'name' => 'piwik_site_id', - 'value' => '1', - 'section' => 'analytics', - ], - [ - 'name' => 'demo_mode_enabled', - 'value' => '0', - 'section' => 'misc', - ], - [ - 'name' => 'demo_mode_username', - 'value' => 'wallabag', - 'section' => 'misc', - ], - [ - 'name' => 'download_images_enabled', - 'value' => '0', - 'section' => 'misc', - ], - [ - 'name' => 'restricted_access', - 'value' => '0', - 'section' => 'entry', - ], - ]; - - foreach ($settings as $setting) { + foreach ($this->getContainer()->getParameter('wallabag_core.default_internal_settings') as $setting) { $newSetting = new Setting(); $newSetting->setName($setting['name']); $newSetting->setValue($setting['value']); diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadSettingData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadSettingData.php index aaeb9ee9..a52288e6 100644 --- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadSettingData.php +++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadSettingData.php @@ -6,173 +6,27 @@ use Doctrine\Common\DataFixtures\AbstractFixture; use Doctrine\Common\DataFixtures\OrderedFixtureInterface; use Doctrine\Common\Persistence\ObjectManager; use Craue\ConfigBundle\Entity\Setting; +use Symfony\Component\DependencyInjection\ContainerAwareInterface; +use Symfony\Component\DependencyInjection\ContainerInterface; -class LoadSettingData extends AbstractFixture implements OrderedFixtureInterface +class LoadSettingData extends AbstractFixture implements OrderedFixtureInterface, ContainerAwareInterface { + /** + * @var ContainerInterface + */ + private $container; + + public function setContainer(ContainerInterface $container = null) + { + $this->container = $container; + } + /** * {@inheritdoc} */ public function load(ObjectManager $manager) { - $settings = [ - [ - 'name' => 'share_public', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'carrot', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'share_diaspora', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'diaspora_url', - 'value' => 'http://diasporapod.com', - 'section' => 'entry', - ], - [ - 'name' => 'share_unmark', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'unmark_url', - 'value' => 'https://unmark.it', - 'section' => 'entry', - ], - [ - 'name' => 'share_shaarli', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'share_scuttle', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'shaarli_url', - 'value' => 'http://myshaarli.com', - 'section' => 'entry', - ], - [ - 'name' => 'scuttle_url', - 'value' => 'http://scuttle.org', - 'section' => 'entry', - ], - [ - 'name' => 'share_mail', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'share_twitter', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'export_epub', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_mobi', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_pdf', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_csv', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_json', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_txt', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'export_xml', - 'value' => '1', - 'section' => 'export', - ], - [ - 'name' => 'import_with_redis', - 'value' => '0', - 'section' => 'import', - ], - [ - 'name' => 'import_with_rabbitmq', - 'value' => '0', - 'section' => 'import', - ], - [ - 'name' => 'show_printlink', - 'value' => '1', - 'section' => 'entry', - ], - [ - 'name' => 'wallabag_support_url', - 'value' => 'https://www.wallabag.org/pages/support.html', - 'section' => 'misc', - ], - [ - 'name' => 'wallabag_url', - 'value' => 'http://v2.wallabag.org', - 'section' => 'misc', - ], - [ - 'name' => 'piwik_enabled', - 'value' => '0', - 'section' => 'analytics', - ], - [ - 'name' => 'piwik_host', - 'value' => 'v2.wallabag.org', - 'section' => 'analytics', - ], - [ - 'name' => 'piwik_site_id', - 'value' => '1', - 'section' => 'analytics', - ], - [ - 'name' => 'demo_mode_enabled', - 'value' => '0', - 'section' => 'misc', - ], - [ - 'name' => 'demo_mode_username', - 'value' => 'wallabag', - 'section' => 'misc', - ], - [ - 'name' => 'download_images_enabled', - 'value' => '0', - 'section' => 'misc', - ], - [ - 'name' => 'restricted_access', - 'value' => '0', - 'section' => 'entry', - ], - ]; - - foreach ($settings as $setting) { + foreach ($this->container->getParameter('wallabag_core.default_internal_settings') as $setting) { $newSetting = new Setting(); $newSetting->setName($setting['name']); $newSetting->setValue($setting['value']); diff --git a/src/Wallabag/CoreBundle/DependencyInjection/Configuration.php b/src/Wallabag/CoreBundle/DependencyInjection/Configuration.php index 8b5b5744..33df92d3 100644 --- a/src/Wallabag/CoreBundle/DependencyInjection/Configuration.php +++ b/src/Wallabag/CoreBundle/DependencyInjection/Configuration.php @@ -52,6 +52,17 @@ class Configuration implements ConfigurationInterface ->scalarNode('api_limit_mass_actions') ->defaultValue(10) ->end() + ->arrayNode('default_internal_settings') + ->prototype('array') + ->children() + ->scalarNode('name')->end() + ->scalarNode('value')->end() + ->enumNode('section') + ->values(['entry', 'misc', 'api', 'analytics', 'export', 'import']) + ->end() + ->end() + ->end() + ->end() ->end() ; diff --git a/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php b/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php index a2a703cb..b4d8a386 100644 --- a/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php +++ b/src/Wallabag/CoreBundle/DependencyInjection/WallabagCoreExtension.php @@ -28,6 +28,7 @@ class WallabagCoreExtension extends Extension $container->setParameter('wallabag_core.fetching_error_message', $config['fetching_error_message']); $container->setParameter('wallabag_core.fetching_error_message_title', $config['fetching_error_message_title']); $container->setParameter('wallabag_core.api_limit_mass_actions', $config['api_limit_mass_actions']); + $container->setParameter('wallabag_core.default_internal_settings', $config['default_internal_settings']); $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); $loader->load('services.yml'); -- cgit v1.2.3 From 1b9cd91782ed8341d2e608371201348c59986f23 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 2 Jun 2017 10:27:15 +0200 Subject: Add translation --- src/Wallabag/ApiBundle/Controller/UserRestController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Wallabag') diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index 1fc67d00..a1d7c1ff 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php @@ -51,7 +51,7 @@ class UserRestController extends WallabagRestController $userManager = $this->get('fos_user.user_manager'); $user = $userManager->createUser(); - // user will be disabled BY DEFAULT to avoid spamming account to be created + // user will be disabled BY DEFAULT to avoid spamming account to be enabled $user->setEnabled(false); $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [ -- cgit v1.2.3 From a1e6187406289b6b54f8044ba1f209979454204b Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 2 Jun 2017 20:03:25 +0200 Subject: Return 201 on user creation --- .../ApiBundle/Controller/UserRestController.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'src/Wallabag') diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php index a1d7c1ff..8f675b8d 100644 --- a/src/Wallabag/ApiBundle/Controller/UserRestController.php +++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php @@ -46,7 +46,9 @@ class UserRestController extends WallabagRestController if (!$this->getParameter('fosuser_registration') || !$this->get('craue_config')->get('api_user_registration')) { $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json'); - return (new JsonResponse())->setJson($json)->setStatusCode(403); + return (new JsonResponse()) + ->setJson($json) + ->setStatusCode(JsonResponse::HTTP_FORBIDDEN); } $userManager = $this->get('fos_user.user_manager'); @@ -90,7 +92,9 @@ class UserRestController extends WallabagRestController $json = $this->get('serializer')->serialize(['error' => $errors], 'json'); - return (new JsonResponse())->setJson($json)->setStatusCode(400); + return (new JsonResponse()) + ->setJson($json) + ->setStatusCode(JsonResponse::HTTP_BAD_REQUEST); } $userManager->updateUser($user); @@ -99,17 +103,18 @@ class UserRestController extends WallabagRestController $event = new UserEvent($user, $request); $this->get('event_dispatcher')->dispatch(FOSUserEvents::USER_CREATED, $event); - return $this->sendUser($user); + return $this->sendUser($user, JsonResponse::HTTP_CREATED); } /** * Send user response. * * @param User $user + * @param int $status HTTP Status code to send * * @return JsonResponse */ - private function sendUser(User $user) + private function sendUser(User $user, $status = JsonResponse::HTTP_OK) { $json = $this->get('serializer')->serialize( $user, @@ -117,7 +122,9 @@ class UserRestController extends WallabagRestController SerializationContext::create()->setGroups(['user_api']) ); - return (new JsonResponse())->setJson($json); + return (new JsonResponse()) + ->setJson($json) + ->setStatusCode($status); } /** -- cgit v1.2.3