From 12946414b05930efca3f3e97970a25b94d16bf0c Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Thu, 19 Oct 2023 11:31:45 +0100 Subject: [PATCH] API Tokens: Updated interfaces to return to correct location Since management of API tokens can be accessed via two routes, this adds tracking and handling to reutrn the user to the correct place. --- app/Api/ApiToken.php | 8 ++++ app/Api/UserApiTokenController.php | 42 ++++++++++++++++--- resources/views/users/account/auth.blade.php | 2 +- .../views/users/api-tokens/create.blade.php | 6 +-- .../views/users/api-tokens/delete.blade.php | 8 ++-- .../views/users/api-tokens/edit.blade.php | 10 ++--- .../users/api-tokens/parts/list.blade.php | 6 +-- resources/views/users/edit.blade.php | 2 +- routes/web.php | 12 +++--- 9 files changed, 67 insertions(+), 29 deletions(-) diff --git a/app/Api/ApiToken.php b/app/Api/ApiToken.php index 5c2d591e4..ca89c813e 100644 --- a/app/Api/ApiToken.php +++ b/app/Api/ApiToken.php @@ -52,4 +52,12 @@ class ApiToken extends Model implements Loggable { return "({$this->id}) {$this->name}; User: {$this->user->logDescriptor()}"; } + + /** + * Get the URL for managing this token. + */ + public function getUrl(string $path = ''): string + { + return url("/api-tokens/{$this->user_id}/{$this->id}/" . trim($path, '/')); + } } diff --git a/app/Api/UserApiTokenController.php b/app/Api/UserApiTokenController.php index 8357420ee..7455be4ff 100644 --- a/app/Api/UserApiTokenController.php +++ b/app/Api/UserApiTokenController.php @@ -14,16 +14,17 @@ class UserApiTokenController extends Controller /** * Show the form to create a new API token. */ - public function create(int $userId) + public function create(Request $request, int $userId) { - // Ensure user is has access-api permission and is the current user or has permission to manage the current user. $this->checkPermission('access-api'); $this->checkPermissionOrCurrentUser('users-manage', $userId); + $this->updateContext($request); $user = User::query()->findOrFail($userId); return view('users.api-tokens.create', [ 'user' => $user, + 'back' => $this->getRedirectPath($user), ]); } @@ -60,14 +61,16 @@ class UserApiTokenController extends Controller session()->flash('api-token-secret:' . $token->id, $secret); $this->logActivity(ActivityType::API_TOKEN_CREATE, $token); - return redirect($user->getEditUrl('/api-tokens/' . $token->id)); + return redirect($token->getUrl()); } /** * Show the details for a user API token, with access to edit. */ - public function edit(int $userId, int $tokenId) + public function edit(Request $request, int $userId, int $tokenId) { + $this->updateContext($request); + [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); $secret = session()->pull('api-token-secret:' . $token->id, null); @@ -76,6 +79,7 @@ class UserApiTokenController extends Controller 'token' => $token, 'model' => $token, 'secret' => $secret, + 'back' => $this->getRedirectPath($user), ]); } @@ -97,7 +101,7 @@ class UserApiTokenController extends Controller $this->logActivity(ActivityType::API_TOKEN_UPDATE, $token); - return redirect($user->getEditUrl('/api-tokens/' . $token->id)); + return redirect($token->getUrl()); } /** @@ -123,7 +127,7 @@ class UserApiTokenController extends Controller $this->logActivity(ActivityType::API_TOKEN_DELETE, $token); - return redirect($user->getEditUrl('#api_tokens')); + return redirect($this->getRedirectPath($user)); } /** @@ -142,4 +146,30 @@ class UserApiTokenController extends Controller return [$user, $token]; } + + /** + * Update the context for where the user is coming from to manage API tokens. + * (Track of location for correct return redirects) + */ + protected function updateContext(Request $request): void + { + $context = $request->query('context'); + if ($context) { + session()->put('api-token-context', $context); + } + } + + /** + * Get the redirect path for the current api token editing session. + * Attempts to recall the context of where the user is editing from. + */ + protected function getRedirectPath(User $relatedUser): string + { + $context = session()->get('api-token-context'); + if ($context === 'settings') { + return $relatedUser->getEditUrl('#api_tokens'); + } + + return url('/my-account/auth#api_tokens'); + } } diff --git a/resources/views/users/account/auth.blade.php b/resources/views/users/account/auth.blade.php index 3503978cf..d6f85093b 100644 --- a/resources/views/users/account/auth.blade.php +++ b/resources/views/users/account/auth.blade.php @@ -82,6 +82,6 @@ @endif @if(userCan('access-api')) - @include('users.api-tokens.parts.list', ['user' => user()]) + @include('users.api-tokens.parts.list', ['user' => user(), 'context' => 'my-account']) @endif @stop diff --git a/resources/views/users/api-tokens/create.blade.php b/resources/views/users/api-tokens/create.blade.php index 9cf772082..8250c5ae8 100644 --- a/resources/views/users/api-tokens/create.blade.php +++ b/resources/views/users/api-tokens/create.blade.php @@ -7,8 +7,8 @@

{{ trans('settings.user_api_token_create') }}

-
- {!! csrf_field() !!} + + {{ csrf_field() }}
@include('users.api-tokens.parts.form') @@ -21,7 +21,7 @@
- {{ trans('common.cancel') }} + {{ trans('common.cancel') }}
diff --git a/resources/views/users/api-tokens/delete.blade.php b/resources/views/users/api-tokens/delete.blade.php index 45f0e2fa0..2b9a29e6a 100644 --- a/resources/views/users/api-tokens/delete.blade.php +++ b/resources/views/users/api-tokens/delete.blade.php @@ -11,11 +11,11 @@

{{ trans('settings.user_api_token_delete_confirm') }}

- - {!! csrf_field() !!} - {!! method_field('delete') !!} + + {{ csrf_field() }} + {{ method_field('delete') }} - {{ trans('common.cancel') }} + {{ trans('common.cancel') }}
diff --git a/resources/views/users/api-tokens/edit.blade.php b/resources/views/users/api-tokens/edit.blade.php index 61c1ac2a6..aa3e49ded 100644 --- a/resources/views/users/api-tokens/edit.blade.php +++ b/resources/views/users/api-tokens/edit.blade.php @@ -7,9 +7,9 @@

{{ trans('settings.user_api_token') }}

-
- {!! method_field('put') !!} - {!! csrf_field() !!} + + {{ method_field('put') }} + {{ csrf_field() }}
@@ -52,8 +52,8 @@
- {{ trans('common.back') }} - {{ trans('settings.user_api_token_delete') }} + {{ trans('common.back') }} + {{ trans('settings.user_api_token_delete') }}
diff --git a/resources/views/users/api-tokens/parts/list.blade.php b/resources/views/users/api-tokens/parts/list.blade.php index 3081682a4..70aaa58f3 100644 --- a/resources/views/users/api-tokens/parts/list.blade.php +++ b/resources/views/users/api-tokens/parts/list.blade.php @@ -4,7 +4,7 @@
@if(userCan('access-api')) {{ trans('settings.users_api_tokens_docs') }} - {{ trans('settings.users_api_tokens_create') }} + {{ trans('settings.users_api_tokens_create') }} @endif
@@ -14,7 +14,7 @@ @foreach($user->apiTokens as $token)
- {{ $token->name }}
+ {{ $token->name }}
{{ $token->token_id }}
@@ -23,7 +23,7 @@ {{ $token->expires_at->format('Y-m-d') ?? '' }}
- {{ trans('common.edit') }} + {{ trans('common.edit') }}
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index 1254a1330..076b28c74 100644 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -100,7 +100,7 @@ @endif - @include('users.api-tokens.parts.list', ['user' => $user]) + @include('users.api-tokens.parts.list', ['user' => $user, 'context' => 'settings']) @stop diff --git a/routes/web.php b/routes/web.php index 69ce5167c..c2f4891b8 100644 --- a/routes/web.php +++ b/routes/web.php @@ -251,12 +251,12 @@ Route::middleware('auth')->group(function () { Route::patch('/preferences/update-code-language-favourite', [UserControllers\UserPreferencesController::class, 'updateCodeLanguageFavourite']); // User API Tokens - Route::get('/settings/users/{userId}/create-api-token', [UserApiTokenController::class, 'create']); - Route::post('/settings/users/{userId}/create-api-token', [UserApiTokenController::class, 'store']); - Route::get('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'edit']); - Route::put('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'update']); - Route::get('/settings/users/{userId}/api-tokens/{tokenId}/delete', [UserApiTokenController::class, 'delete']); - Route::delete('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'destroy']); + Route::get('/api-tokens/{userId}/create', [UserApiTokenController::class, 'create']); + Route::post('/api-tokens/{userId}/create', [UserApiTokenController::class, 'store']); + Route::get('/api-tokens/{userId}/{tokenId}', [UserApiTokenController::class, 'edit']); + Route::put('/api-tokens/{userId}/{tokenId}', [UserApiTokenController::class, 'update']); + Route::get('/api-tokens/{userId}/{tokenId}/delete', [UserApiTokenController::class, 'delete']); + Route::delete('/api-tokens/{userId}/{tokenId}', [UserApiTokenController::class, 'destroy']); // Roles Route::get('/settings/roles', [UserControllers\RoleController::class, 'index']);