Added possibility to list all available API keys at the user settings page

2025-06-26 03:38:47 +02:00 · 2023-08-19 23:19:21 +02:00 · 2023-08-19 23:19:21 +02:00 · 35a0e8464a
commit 35a0e8464a
parent 040e86ea6d
9 changed files with 245 additions and 42 deletions
--- a/src/Controller/UserSettingsController.php
+++ b/src/Controller/UserSettingsController.php
@ -413,17 +413,20 @@ class UserSettingsController extends AbstractController

        $form = $this->createFormBuilder($token)
            ->add('name', TextType::class, [
-                'label' => 'user.api_token.name',
-            ])
-            ->add('valid_until', DateTimeType::class, [
-                'label' => 'user.api_token.valid_until',
-                'widget' => 'single_text',
-                'required' => false,
-                'html5' => true
+                'label' => 'api_tokens.name',
            ])
            ->add('level', EnumType::class, [
                'class' => ApiTokenLevel::class,
-                'label' => 'user.api_token.level',
+                'label' => 'api_tokens.access_level',
+                'help' => 'api_tokens.access_level.help',
+                'choice_label' => fn (ApiTokenLevel $level) => $level->getTranslationKey(),
+            ])
+            ->add('valid_until', DateTimeType::class, [
+                'label' => 'api_tokens.expiration_date',
+                'widget' => 'single_text',
+                'help' => 'api_tokens.expiration_date.help',
+                'required' => false,
+                'html5' => true
            ])
            ->add('submit', SubmitType::class, [
                'label' => 'save',
--- a/src/Entity/UserSystem/ApiToken.php
+++ b/src/Entity/UserSystem/ApiToken.php
@ -72,7 +72,7 @@ class ApiToken

    #[ORM\Column(type: Types::DATETIME_MUTABLE, nullable: true)]
    #[Groups('token:read')]
-    private ?\DateTimeInterface $valid_until = null;
+    private ?\DateTimeInterface $valid_until;

    #[ORM\Column(length: 68, unique: true)]
    private string $token;
@ -89,6 +89,9 @@ class ApiToken
    {
        // Generate a rondom token on creation. The tokenType is 3 characters long (plus underscore), so the token is 68 characters long.
        $this->token = $tokenType->getTokenPrefix() . bin2hex(random_bytes(32));
+
+        //By default, tokens are valid for 1 year.
+        $this->valid_until = new \DateTime('+1 year');
    }

    public function getTokenType(): ApiTokenType
--- a/src/Entity/UserSystem/ApiTokenLevel.php
+++ b/src/Entity/UserSystem/ApiTokenLevel.php
@ -37,10 +37,14 @@ enum ApiTokenLevel: int
     * The token can read and edit (non-sensitive) data.
     */
    case EDIT = 2;
+    /**
+     * The token can do some administrative tasks (like viewing all log entries), but can not change passwords and create new tokens.
+     */
+    case ADMIN = 3;
    /**
     * The token can do everything the user can do.
     */
-    case FULL = 3;
+    case FULL = 4;

    /**
     * Returns the additional roles that the authenticated user should have when using this token.
@ -55,4 +59,13 @@ enum ApiTokenLevel: int
            self::FULL => [self::ROLE_READ_ONLY, self::ROLE_EDIT, self::ROLE_FULL],
        };
    }
+
+    /**
+     * Returns the translation key for the name of this token level.
+     * @return string
+     */
+    public function getTranslationKey(): string
+    {
+        return 'api_token.level.' . strtolower($this->name);
+    }
 }
--- a/src/Entity/UserSystem/User.php
+++ b/src/Entity/UserSystem/User.php
@ -315,11 +315,6 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
    #[ORM\Column(type: Types::BOOLEAN)]
    protected bool $saml_user = false;

-    /**
-     * @var ApiToken|null The api token which is used to authenticate the user, or null if the user is not authenticated via api token
-     */
-    private ?ApiToken $authenticating_api_token = null;
-
    public function __construct()
    {
        $this->attachments = new ArrayCollection();
@ -1013,7 +1008,7 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe

    /**
     * Return all API tokens of the user.
-     * @return Collection
+     * @return Collection<int, ApiToken>
     */
    public function getApiTokens(): Collection
    {
@ -1039,24 +1034,4 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
    {
        $this->api_tokens->removeElement($apiToken);
    }
-
-    /**
-     * Mark the user as authenticated with an API token, should only be used by the API token authenticator.
-     * @param  ApiToken  $apiToken
-     * @return void
-     */
-    public function markAsApiTokenAuthenticated(ApiToken $apiToken): void
-    {
-        $this->authenticating_api_token = $apiToken;
-    }
-
-    /**
-     * Return the API token that is currently authenticating the user or null if the user is not authenticated with an API token.
-     * @return ApiToken|null
-     */
-    public function getAuthenticatingApiToken(): ?ApiToken
-    {
-        return $this->authenticating_api_token;
-    }
-
 }