Fixed some empty-expiry conditions of token ui flows

2025-01-19 16:52:45 +08:00 · 2019-12-29 20:18:37 +00:00 · 2019-12-29 20:18:37 +00:00 · 2cfa37399c
commit 2cfa37399c
parent 692fc46c7d
2 changed files with 33 additions and 5 deletions
--- a/app/Http/Controllers/UserApiTokenController.php
+++ b/app/Http/Controllers/UserApiTokenController.php
@ -40,7 +40,11 @@ class UserApiTokenController extends Controller

        $user = User::query()->findOrFail($userId);
        $secret = Str::random(32);
-        $expiry = $request->get('expires_at', (Carbon::now()->addYears(100))->format('Y-m-d'));
+
+        $expiry = $request->get('expires_at', null);
+        if (empty($expiry)) {
+            $expiry = Carbon::now()->addYears(100)->format('Y-m-d');
+        }

        $token = (new ApiToken())->forceFill([
            'name' => $request->get('name'),
@ -83,14 +87,18 @@ class UserApiTokenController extends Controller
     */
    public function update(Request $request, int $userId, int $tokenId)
    {
-        $this->validate($request, [
+        $requestData = $this->validate($request, [
            'name' => 'required|max:250',
            'expires_at' => 'date_format:Y-m-d',
        ]);

        [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);

-        $token->fill($request->all())->save();
+        if (empty($requestData['expires_at'])) {
+            $requestData['expires_at'] = Carbon::now()->addYears(100)->format('Y-m-d');
+        }
+
+        $token->fill($requestData)->save();
        $this->showSuccessNotification(trans('settings.user_api_token_update_success'));
        return redirect($user->getEditUrl('/api-tokens/' . $token->id));
    }
--- a/tests/User/UserApiTokenTest.php
+++ b/tests/User/UserApiTokenTest.php
@ -9,7 +9,7 @@ class UserApiTokenTest extends TestCase

    protected $testTokenData = [
        'name' => 'My test API token',
-        'expires_at' => '2099-04-01',
+        'expires_at' => '2050-04-01',
    ];

    public function test_tokens_section_not_visible_without_access_api_permission()
@ -72,7 +72,7 @@ class UserApiTokenTest extends TestCase
    public function test_create_with_no_expiry_sets_expiry_hundred_years_away()
    {
        $editor = $this->getEditor();
-        $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token']);
+        $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']);
        $token = ApiToken::query()->latest()->first();

        $over = Carbon::now()->addYears(101);
@ -126,6 +126,26 @@ class UserApiTokenTest extends TestCase
        $this->assertSessionHas('success');
    }

+    public function test_token_update_with_blank_expiry_sets_to_hundred_years_away()
+    {
+        $editor = $this->getEditor();
+        $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
+        $token = ApiToken::query()->latest()->first();
+
+        $resp = $this->put($editor->getEditUrl('/api-tokens/' . $token->id), [
+            'name' => 'My updated token',
+            'expires_at' => '',
+        ]);
+        $token->refresh();
+
+        $over = Carbon::now()->addYears(101);
+        $under = Carbon::now()->addYears(99);
+        $this->assertTrue(
+            ($token->expires_at < $over && $token->expires_at > $under),
+            "Token expiry set at 100 years in future"
+        );
+    }
+
    public function test_token_delete()
    {
        $editor = $this->getEditor();