started UI api-key management

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2018-03-04 12:40:47 +01:00
parent 702b52d13e
commit b07d6ceeaa
13 changed files with 299 additions and 12 deletions
--- a/admin_index.php
+++ b/admin_index.php
@@ -393,6 +393,9 @@ if ($page == 'overview') {
 		redirectTo($filename, array('s' => $s));
 	}
 }
 elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {
 	require_once __DIR__ . '/api_keys.php';
 }
 elseif ($page == 'apihelp' && Settings::Get('api.enabled') == 1) {
 	require_once __DIR__ . '/apihelp.php';
 }
--- a/api_keys.php
+++ b/api_keys.php
@@ -0,0 +1,128 @@
 <?php
 if (! defined('AREA')) {
 	header("Location: index.php");
 	exit();
 }
 /**
 * This file is part of the Froxlor project.
 * Copyright (c) 2018 the Froxlor Team (see authors).
 *
 * For the full copyright and license information, please view the COPYING
 * file that was distributed with this source code. You can also view the
 * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
 *
 * @copyright (c) the authors
 * @author Froxlor team <team@froxlor.org> (2018-)
 * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
 * @package Panel
 * @since 0.10.0
 *
 */
 // This file is being included in admin_index and customer_index
 // and therefore does not need to require lib/init.php
 $log->logAction(USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
 // select all my (accessable) certificates
 $keys_stmt_query = "SELECT ak.*, c.loginname, a.loginname as adminname
 	FROM `" . TABLE_API_KEYS . "` ak
 	LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` c ON `c`.`customerid` = `ak`.`customerid`
 	LEFT JOIN `" . TABLE_PANEL_ADMINS . "` a ON `a`.`adminid` = `ak`.`adminid`
 	WHERE ";
 $qry_params = array();
 if (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
 	// admin with only customer-specific permissions
 	$keys_stmt_query .= "ak.adminid = :adminid ";
 	$qry_params['adminid'] = $userinfo['adminid'];
 	$fields = array(
 		'a.loginname' => $lng['login']['username']
 	);
 } elseif (AREA == 'customer') {
 	// customer-area
 	$keys_stmt_query .= "ak.customerid = :cid ";
 	$qry_params['cid'] = $userinfo['customerid'];
 	$fields = array(
 		'c.loginname' => $lng['login']['username']
 	);
 } else {
 	// admin who can see all customers / reseller / admins
 	$keys_stmt_query .= "1 ";
 	$fields = array(
 		'a.loginname' => $lng['login']['username']
 	);
 }
 $paging = new paging($userinfo, TABLE_API_KEYS, $fields);
 $keys_stmt_query .= $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit();
 $keys_stmt = Database::prepare($keys_stmt_query);
 Database::pexecute($keys_stmt, $qry_params);
 $all_keys = $keys_stmt->fetchAll(PDO::FETCH_ASSOC);
 $apikeys = "";
 if (count($all_keys) == 0) {
 	$count = 0;
 	$message = $lng['apikeys']['no_api_keys'];
 	$sortcode = "";
 	$searchcode = "";
 	$pagingcode = "";
 	eval("\$apikeys.=\"" . getTemplate("api_keys/keys_error", true) . "\";");
 } else {
 	$count = count($all_keys);
 	$paging->setEntries($count);
 	$sortcode = $paging->getHtmlSortCode($lng);
 	$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 	$searchcode = $paging->getHtmlSearchCode($lng);
 	$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
 	foreach ($all_keys as $idx => $key) {
 		if ($paging->checkDisplay($idx)) {
 			// my own key
 			$isMyKey = false;
 			if ($key['adminid'] == $userinfo['adminid'] && (AREA == 'admin' || (AREA == 'customer' && $key['customerid'] == $userinfo['customerid']))) {
 				// this is mine
 				$isMyKey = true;
 			}
 			$adminCustomerLink = "";
 			if (AREA == 'admin') {
 				if ($isMyKey) {
 					$adminCustomerLink = $key['adminname'];
 				} else {
 					$adminCustomerLink = '&nbsp;(<a href="' . $linker->getLink(array(
 						'section' => (empty($key['customerid']) ? 'admins' : 'customers'),
 						'page' => (empty($key['customerid']) ? 'admins' : 'customers'),
 						'action' => 'su',
 						'id' => (empty($key['customerid']) ? $key['adminid'] : $key['customerid'])
 					)) . '" rel="external">' . (empty($key['customerid']) ? $key['adminname'] : $key['loginname']) . '</a>)';
 				}
 			} else {
 				// customer do not need links
 				$adminCustomerLink = $key['loginname'];
 			}
 			// escape stuff
 			$row = htmlentities_array($key);
 			// check whether the api key is not valid anymore
 			$isValid = true;
 			if ($row['valid_until'] >= 0) {
 				if ($row['valid_until'] < time()) {
 					$isValid = false;
 				}
 				// format
 				$row['valid_until'] = date('d.m.Y H:i', $row['valid_until']);
 			} else {
 				$row['valid_until'] = "&infin;";
 			}
 			eval("\$apikeys.=\"" . getTemplate("api_keys/keys_key", true) . "\";");
 		} else {
 			continue;
 		}
 	}
 }
 eval("echo \"" . getTemplate("api_keys/keys_list", true) . "\";");
--- a/customer_index.php
+++ b/customer_index.php
@@ -314,6 +314,9 @@ if ($page == 'overview') {
 		redirectTo($filename, array('s' => $s));
 	}
 }
 elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {
 	require_once __DIR__ . '/api_keys.php';
 }
 elseif ($page == 'apihelp' && Settings::Get('api.enabled') == 1) {
 	require_once __DIR__ . '/apihelp.php';
 }
--- a/lib/classes/api/commands/class.Admins.php
+++ b/lib/classes/api/commands/class.Admins.php
@@ -595,6 +595,7 @@ class Admins extends ApiCommand implements ResourceEntity
 				standard_error('youcantdeleteyourself', '', true);
 			}
 			// delete admin
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
 			");
@@ -602,6 +603,7 @@ class Admins extends ApiCommand implements ResourceEntity
 				'adminid' => $id
 			), true, true);
 			// delete the traffic-usage
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid
 			");
@@ -609,6 +611,7 @@ class Admins extends ApiCommand implements ResourceEntity
 				'adminid' => $id
 			), true, true);
 			// delete the diskspace usage
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
 			");
@@ -616,6 +619,7 @@ class Admins extends ApiCommand implements ResourceEntity
 				'adminid' => $id
 			), true, true);
 			// set admin-id of the old admin's customer to current admins
 			$upd_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
 				`adminid` = :userid WHERE `adminid` = :adminid
@@ -625,6 +629,7 @@ class Admins extends ApiCommand implements ResourceEntity
 				'adminid' => $id
 			), true, true);
 			// set admin-id of the old admin's domains to current admins
 			$upd_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 				`adminid` = :userid WHERE `adminid` = :adminid
@@ -634,6 +639,25 @@ class Admins extends ApiCommand implements ResourceEntity
 				'adminid' => $id
 			), true, true);
 			// delete old admin's api keys if exists (no customer keys)
 			$upd_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_API_KEYS . "` WHERE
 				`adminid` = :userid AND `customerid` = '0'
 			");
 			Database::pexecute($upd_stmt, array(
 				'adminid' => $id
 			), true, true);
 			// set admin-id of the old admin's api-keys to current admins
 			$upd_stmt = Database::prepare("
 				UPDATE `" . TABLE_API_KEYS . "` SET
 				`adminid` = :userid WHERE `adminid` = :adminid
 			");
 			Database::pexecute($upd_stmt, array(
 				'userid' => $this->getUserDetail('adminid'),
 				'adminid' => $id
 			), true, true);
 			$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'");
 			updateCounters();
 			return $this->response(200, "successfull", $result);
--- a/lib/classes/api/commands/class.Customers.php
+++ b/lib/classes/api/commands/class.Customers.php
@@ -857,9 +857,9 @@ class Customers extends ApiCommand implements ResourceEntity
 			// activate/deactivate customer services
 			if ($deactivated != $result['deactivated']) {
-				$yesno = (($deactivated) ? 'N' : 'Y');
+				$yesno = ($deactivated ? 'N' : 'Y');
-				$pop3 = (($deactivated) ? '0' : (int) $result['pop3']);
+				$pop3 = ($deactivated ? '0' : (int) $result['pop3']);
-				$imap = (($deactivated) ? '0' : (int) $result['imap']);
+				$imap = ($deactivated ? '0' : (int) $result['imap']);
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid
@@ -924,7 +924,15 @@ class Customers extends ApiCommand implements ResourceEntity
 				$dbm->getManager()->flushPrivileges();
 				Database::needRoot(false);
-				$this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] deactivated user '" . $result['loginname'] . "'");
+				// reactivate/deactivate api-keys
 				$valid_until = $deactivated ? 0 : - 1;
 				$stmt = Database::prepare("UPDATE `" . TABLE_API_KEYS . "` SET `valid_until` = :vu WHERE `customerid` = :id");
 				Database::pexecute($stmt, array(
 					'id' => $id,
 					'vu' => $valid_until
 				), true, true);
 				$this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] " . ($deactivated ? 'deactivated' : 'reactivated') . " user '" . $result['loginname'] . "'");
 				inserttask('1');
 			}
@@ -1323,6 +1331,12 @@ class Customers extends ApiCommand implements ResourceEntity
 				'id' => $id
 			), true, true);
 			// remove api-keys
 			$stmt = Database::prepare("DELETE FROM `" . TABLE_API_KEYS . "` WHERE `customerid` = :id");
 			Database::pexecute($stmt, array(
 				'id' => $id
 			), true, true);
 			// Delete all waiting "create user" -tasks for this user, #276
 			// Note: the WHERE selects part of a serialized array, but it should be safe this way
 			$del_stmt = Database::prepare("
--- a/lib/navigation/00.froxlor.main.php
+++ b/lib/navigation/00.froxlor.main.php
@@ -38,6 +38,11 @@ return array(
 					'label' => $lng['menue']['main']['changetheme'],
 					'show_element' => (Settings::Get('panel.allow_theme_change_customer') == true)
 				),
 				array(
 					'url' => 'customer_index.php?page=apikeys',
 					'label' => $lng['menue']['main']['apikeys'],
 					'show_element' => (Settings::Get('api.enabled') == true)
 				),
 				array(
 					'url' => 'customer_index.php?page=apihelp',
 					'label' => $lng['menue']['main']['apihelp'],
@@ -184,6 +189,11 @@ return array(
 					'label' => $lng['menue']['main']['changetheme'],
 					'show_element' => (Settings::Get('panel.allow_theme_change_admin') == true)
 				),
 				array(
 					'url' => 'admin_index.php?page=apikeys',
 					'label' => $lng['menue']['main']['apikeys'],
 					'show_element' => (Settings::Get('api.enabled') == true)
 				),
 				array(
 					'url' => 'admin_index.php?page=apihelp',
 					'label' => $lng['menue']['main']['apihelp'],
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -2123,3 +2123,6 @@ $lng['admin']['notryfiles']['description'] = 'Say yes here if you want to specif
 // added in froxlor 0.10.0
 $lng['panel']['none_value'] = 'None';
 $lng['menue']['main']['apihelp'] = 'API help';
 $lng['menue']['main']['apikeys'] = 'API keys';
 $lng['apikeys']['no_api_keys'] = 'No API keys found';
 $lng['apikeys']['key_add'] = 'Add new key';
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1773,3 +1773,6 @@ $lng['admin']['notryfiles']['description'] = 'Wähle "Ja", wenn eine eigene try_
 // added in froxlor 0.10.0
 $lng['panel']['none_value'] = 'Keine';
 $lng['menue']['main']['apihelp'] = 'API Hilfe';
 $lng['menue']['main']['apikeys'] = 'API Keys';
 $lng['apikeys']['no_api_keys'] = 'Keine API Keys gefunden';
 $lng['apikeys']['key_add'] = 'API Key hinzufügen';
--- a/templates/Sparkle/api_keys/keys_error.tpl
+++ b/templates/Sparkle/api_keys/keys_error.tpl
@@ -0,0 +1,3 @@
 <tr>
 	<td colspan="6"><span class="red">{$message}</span></td>
 </tr>
--- a/templates/Sparkle/api_keys/keys_key.tpl
+++ b/templates/Sparkle/api_keys/keys_key.tpl
@@ -0,0 +1,27 @@
 <tr <if $isMyKey>class="primary-entry"</if>>
 	<td>
 		{$adminCustomerLink}
 	</td>
 	<td>
 		{$row['apikey']}
 	</td>
 	<td>
 		{$row['secret']}
 	</td>
 	<td>
 		{$row['allowed_from']}
 	</td>
 	<td>
 		<if !$isValid><strong><span class="red"></if>
 		{$row['valid_until']}
 		<if !$isValid></span></strong></if>
 	</td>
 	<td>
 		<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'edit', 'id' => $row['id']))}">
 			<img src="templates/{$theme}/assets/img/icons/edit.png" alt="{$lng['panel']['edit']}" title="{$lng['panel']['edit']}" />
 		</a>&nbsp;
 		<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'delete', 'id' => $row['id']))}">
 			<img src="templates/{$theme}/assets/img/icons/delete.png" alt="{$lng['panel']['delete']}" title="{$lng['panel']['delete']}" />
 		</a>
 	</td>
 </tr>
--- a/templates/Sparkle/api_keys/keys_list.tpl
+++ b/templates/Sparkle/api_keys/keys_list.tpl
@@ -0,0 +1,68 @@
 $header
 	<article>
 		<header>
 			<h2>
 				<img src="templates/{$theme}/assets/img/icons/lock_big.png" alt="" />&nbsp;
 				{$lng['menue']['main']['apikeys']}
 			</h2>
 		</header>
 		<if !empty($success_message)>
 			<div class="successcontainer bradius">
 				<div class="successtitle">{$lng['success']['success']}</div>
 				<div class="success">
 					$success_message
 				</div>
 			</div>
 		</if>
 		<section>
 			<form action="{$linker->getLink(array('section' => 'index', 'page' => $page))}" method="post" enctype="application/x-www-form-urlencoded">
 				<input type="hidden" name="s" value="$s" />
 				<input type="hidden" name="page" value="$page" />
 				<div class="overviewsearch">
 					{$searchcode}
 				</div>
 				<div class="overviewadd">
 					<img src="templates/{$theme}/assets/img/icons/add.png" alt="" />
 					<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'add'))}">{$lng['apikeys']['key_add']}</a>
 				</div>
 				<table class="full hl">
 					<thead>
 						<tr>
 							<th>User</th>
 							<th>API-keys</th>
 							<th>Secret</th>
 							<th>Allowed from</th>
 							<th>Valid until</th>
 							<th>{$lng['panel']['options']}</th>
 						</tr>
 					</thead>
 					<if $pagingcode != ''>
 					<tfoot>
 						<tr>
 							<td colspan="6">{$pagingcode}</td>
 						</tr>
 					</tfoot>
 					</if>
 					<tbody>
 						{$apikeys}
 					</tbody>
 				</table>
 			</form>
 			<if 15 < $count >
 			<div class="overviewadd">
 				<img src="templates/{$theme}/assets/img/icons/add.png" alt="" />
 				<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'add'))}">{$lng['apikeys']['key_add']}</a>
 			</div>
 			</if>
 		</section>
 	</article>
 $footer
--- a/templates/Sparkle/assets/css/main.css
+++ b/templates/Sparkle/assets/css/main.css
@@ -1682,13 +1682,13 @@ fieldset.file {
 	background-color: rgb(242, 222, 222);
 }
-.domain-hostname {
+.primary-entry {
 	background-color: rgb(53, 106, 160);
 	color: #ddd;
 	font-weight: bold;
 }
-table.hl tbody tr.domain-hostname:hover {
+table.hl tbody tr.primary-entry:hover {
 	background-color: rgb(64, 150, 238);
 }
--- a/templates/Sparkle/header.tpl
+++ b/templates/Sparkle/header.tpl
@@ -68,6 +68,7 @@
 						<li><a href="{$linker->getLink(array('section' => 'index', 'page' => 'change_theme'))}">{$lng['panel']['theme']}</a></li>
 					</if>
 					<if Settings::Get('api.enabled') == 1>
 						<li><a href="{$linker->getLink(array('section' => 'index', 'page' => 'apikeys'))}">{$lng['menue']['main']['apikeys']}</a></li>
 						<li><a href="{$linker->getLink(array('section' => 'index', 'page' => 'apihelp'))}">{$lng['menue']['main']['apihelp']}</a></li>
 					</if>
 				</ul>