TokensController.php 6.96 KB
Newer Older
1
2
3
4
5
6
7
<?php

namespace App\Http\Controllers;

use Illuminate\Http\JsonResponse;
use Source\Authorization\Permissions;
use Source\UseCases\Tokens\GetToken\GetTokenUseCase;
8
use Source\UseCases\Tokens\GetTokens\GetTokensUseCase;
9
10
11
12
use Source\UseCases\Tokens\CreateToken\CreateTokenUseCase;
use Source\UseCases\Tokens\ExpireToken\ExpireTokenUseCase;
use Source\UseCases\Tokens\UpdateToken\UpdateTokenUseCase;
use Source\UseCases\Tokens\GetToken\APIPresenter as GetTokenAPIPresenter;
13
use Source\UseCases\Tokens\GetTokens\APIPresenter as AllTokensAPIPresenter;
14
15
16
17
use Source\UseCases\Tokens\CreateToken\APIPresenter as CreateTokenAPIPresenter;
use Source\UseCases\Tokens\ExpireToken\APIPresenter as ExpireTokenAPIPresenter;
use Source\UseCases\Tokens\UpdateToken\APIPresenter as UpdateTokenAPIPresenter;

18
19
20
21
22
23
/**
 * @group Token Management
 *
 * This set of routes is responsible for management of tokens for users. You cannot delete tokens for records sake, but
 * you can expire them, which makes them unusable.
 */
24
25
26
class TokensController extends ApiController
{
    /**
27
28
29
30
31
32
33
34
35
36
     * Filter Tokens
     *
     * This route filters all tokens by user_id or valid date. If valid_at is set, only tokens valid on that date will
     * be returned.
     *
     * @authenticated
     * @paginated
     * @queryParam user_id The user id ot filter on. Example: 1
     * @queryParam valid_at The date to filter when tokens are valid: Example: 2020-06-04 19:41:55
     *
37
     * @param \Source\UseCases\Tokens\GetTokens\GetTokensUseCase $allTokens
38
39
40
     * @return \Illuminate\Http\JsonResponse
     * @throws \Source\Exceptions\AuthorizationException
     * @throws \Source\Exceptions\EntityNotFoundException
Jacob Priddy's avatar
Jacob Priddy committed
41
42
     * @throws \Illuminate\Validation\ValidationException
     * @throws \Exception
43
     */
44
    public function index(GetTokensUseCase $allTokens): JsonResponse
45
46
47
    {
        $this->authorizer->protect(Permissions::MANAGE_USERS);

48
49
50
51
52
        $this->validate($this->request, [
            'user_id' => 'integer',
            'valid_at' => 'date',
        ]);

53
54
        $presenter = new AllTokensAPIPresenter();

55
56
57
58
59
        $allTokens->filter(
            $this->request->input('user_id'),
            $this->request->input('valid_at'),
            $presenter
        );
60

61
62
63
64
        return $this->respondWithData($presenter->getViewModel([
            'user_id' => $this->request->input('user_id'),
            'valid_at' => $this->request->input('valid_at'),
        ]));
65
66
67
    }

    /**
68
69
70
71
72
73
74
75
76
     * Get Token
     *
     * This endpoint retrieves all metadata about the token.
     *
     * @authenticated
     * @urlParam tokenId required The ID of the token to get information for. Example: 1
     *
     * @response 404 {"status":"error","code":404,"message":"Entity not found"}
     *
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
     * @param \Source\UseCases\Tokens\GetToken\GetTokenUseCase $token
     * @param string                                           $tokenId
     * @return \Illuminate\Http\JsonResponse
     * @throws \Source\Exceptions\AuthorizationException
     * @throws \Source\Exceptions\EntityNotFoundException
     */
    public function get(GetTokenUseCase $token, string $tokenId): JsonResponse
    {
        $this->authorizer->protect(Permissions::MANAGE_USERS);

        $presenter = new GetTokenAPIPresenter();

        $token->getToken($tokenId, $presenter);

        return $this->respondWithData($presenter->getViewModel());
    }

    /**
95
96
97
98
99
100
101
102
103
104
105
106
     * Create Token
     *
     * This route generates a new token for a given user.
     *
     * @authenticated
     * @bodyParam name string required The name of the token for identifying it. Example: CSLab Self-Serve Token
     * @bodyParam user_id string required The id of the user the token will authenticate. Example: 1
     * @bodyParam expires_at string The datetime that the token will no longer be usable. Example: 2020-06-04 19:35:05
     *
     * @response 422
     *           {"message":"The given data was invalid.","errors":{"name":["The name field is required."],"user_id":["The user id field is required."]}}
     *
107
108
109
110
111
112
113
114
115
116
117
118
119
     * @param \Source\UseCases\Tokens\CreateToken\CreateTokenUseCase $createToken
     * @return \Illuminate\Http\JsonResponse
     * @throws \Illuminate\Validation\ValidationException
     * @throws \Source\Exceptions\AuthorizationException
     * @throws \Source\Exceptions\EntityNotFoundException
     */
    public function store(CreateTokenUseCase $createToken): JsonResponse
    {
        $this->authorizer->protect(Permissions::ADMIN);

        $this->validate($this->request, [
            'name' => 'required|string|max:255',
            'user_id' => 'required|numeric',
120
            'expires_at' => 'nullable|date',
121
122
123
124
        ]);

        $presenter = new CreateTokenAPIPresenter();

125
        // Not worried about throwing invalid argument exception as name is required in validation
126
        $createToken->create($this->request->all(), $presenter);
127
128
129
130
131

        return $this->respondWithData($presenter->getViewModel());
    }

    /**
132
133
134
135
136
137
138
139
     * Update Token
     *
     * This route updates a stored token. One can only update the name and expiry date.
     * @authenticated
     * @urlParam tokenId required The token id to update. Example: 2
     * @bodyParam name string The new name for the token. Example: New token name
     * @bodyParam expires_at datetime The new expiry date. Can be null to never expire. Example: 2023-06-04 19:46:40
     *
140
141
142
143
144
145
146
147
148
149
150
151
152
     * @param \Source\UseCases\Tokens\UpdateToken\UpdateTokenUseCase $updateToken
     * @param string                                                 $tokenId
     * @return \Illuminate\Http\JsonResponse
     * @throws \Illuminate\Validation\ValidationException
     * @throws \Source\Exceptions\AuthorizationException
     * @throws \Source\Exceptions\EntityNotFoundException
     */
    public function update(UpdateTokenUseCase $updateToken, string $tokenId): JsonResponse
    {
        $this->authorizer->protect(Permissions::ADMIN);

        $this->validate($this->request, [
            'name' => 'string|max:255',
153
            'expires_at' => 'nullable|date',
154
155
156
157
        ]);

        $presenter = new UpdateTokenAPIPresenter();

158
        $updateToken->update($tokenId, $this->request->all(), $presenter);
159
160
161
162
163

        return $this->respondWithData($presenter->getViewModel());
    }

    /**
164
165
166
167
168
169
170
     * Expire Token
     *
     * This endpoint will instantly expire the specified token.
     *
     * @authenticated
     * @urlParam tokenId required The id of the token to expire. Example: 2
     *
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
     * @param \Source\UseCases\Tokens\ExpireToken\ExpireTokenUseCase $expireToken
     * @param string                                                 $tokenId
     * @return \Illuminate\Http\JsonResponse
     * @throws \Source\Exceptions\AuthorizationException
     * @throws \Source\Exceptions\EntityNotFoundException
     */
    public function expire(ExpireTokenUseCase $expireToken, string $tokenId): JsonResponse
    {
        $this->authorizer->protect(Permissions::ADMIN);

        $presenter = new ExpireTokenAPIPresenter();

        $expireToken->expire($tokenId, $presenter);

        return $this->respondWithData($presenter->getViewModel());
    }
}