update jquery/jquery-ui; fininshed api_key editing (needs a bit more validating); added PhpSettings-Unit-test

Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>

api_keys.php

@@ -80,6 +80,37 @@ if ($action == 'delete') {
 		'cid' => $cid
 	));
 	$success_message = $lng['apikeys']['apikey_added'];
+} elseif ($action == 'jqEditApiKey') {
+	$keyid = isset($_POST['id']) ? (int)$_POST['id'] : 0;
+	$allowed_from = isset($_POST['allowed_from']) ? $_POST['allowed_from'] : "";
+	$valid_until = isset($_POST['valid_until']) ? (int)$_POST['valid_until'] : -1;
+
+	// @todo validate allowed_from
+
+	if ($valid_until <= 0 || !is_numeric($valid_until)) {
+		$valid_until = -1;
+	}
+
+	$upd_stmt = Database::prepare("
+		UPDATE `" . TABLE_API_KEYS . "` SET
+		`valid_until` = :vu, `allowed_from` = :af
+		WHERE `id` = :keyid AND `adminid` = :aid AND `customerid` = :cid
+	");
+	if (AREA == 'admin') {
+		$cid = 0;
+	}
+	elseif (AREA == 'customer') {
+		$cid = $userinfo['customerid'];
+	}
+	Database::pexecute($upd_stmt, array(
+		'keyid' => $keyid,
+		'af' => $allowed_from,
+		'vu' => $valid_until,
+		'aid' => $userinfo['adminid'],
+		'cid' => $cid
+	));
+	echo json_encode(true);
+	exit;
 }
 
 $log->logAction(USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
@@ -178,9 +209,10 @@ if (count($all_keys) == 0) {
 					$isValid = false;
 				}
 				// format
-				$row['valid_until'] = date('d.m.Y H:i', $row['valid_until']);
+				$row['valid_until'] = date('Y-m-d', $row['valid_until']);
 			} else {
-				$row['valid_until'] = "&infin;";
+				// infinity
+				$row['valid_until'] = "";
 			}
 			eval("\$apikeys.=\"" . getTemplate("api_keys/keys_key", true) . "\";");
 		} else {

lib/init.php

@@ -29,7 +29,7 @@ header('Expires: ' . gmdate( 'D, d M Y H:i:s \G\M\T', time()));
 // Inline-JS is no longer allowed and used
 // See: http://people.mozilla.org/~bsterne/content-security-policy/index.html
 // New stuff see: https://www.owasp.org/index.php/List_of_useful_HTTP_headers and https://www.owasp.org/index.php/Content_Security_Policy
-$csp_content = "default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block;";
+$csp_content = "default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';";
 header("Content-Security-Policy: ".$csp_content);
 header("X-Content-Security-Policy: ".$csp_content);
 header("X-WebKit-CSP: ".$csp_content);

templates/Sparkle/api_keys/keys_key.tpl

@@ -1,12 +1,12 @@
-<tr <if $isMyKey>class="primary-entry"</if>>
+<tr <if $isMyKey>class="primary-entry"</if> id="apikey-{$row['id']}" data-id="{$row['id']}" title="{$lng['apikeys']['clicktoview']}">
 	<td>
 		{$adminCustomerLink}
 	</td>
 	<td>
-		<span id="apikey-{$row['id']}" data-id="{$row['id']}" title="{$lng['apikeys']['clicktoview']}">{$row['_apikey']}</span>
+		<span>{$row['_apikey']}</span>
 	</td>
 	<td>
-		<span id="secret-{$row['id']}" data-id="{$row['id']}" title="{$lng['apikeys']['clicktoview']}">{$row['_secret']}</span>
+		<span>{$row['_secret']}</span>
 	</td>
 	<td>
 		{$row['allowed_from']}
@@ -17,9 +17,6 @@
 		<if !$isValid></span></strong></if>
 	</td>
 	<td>
-		<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'edit', 'id' => $row['id']))}">
-			<img src="templates/{$theme}/assets/img/icons/edit.png" alt="{$lng['panel']['edit']}" title="{$lng['panel']['edit']}" />
-		</a>&nbsp;
 		<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'delete', 'id' => $row['id']))}">
 			<img src="templates/{$theme}/assets/img/icons/delete.png" alt="{$lng['panel']['delete']}" title="{$lng['panel']['delete']}" />
 		</a>

templates/Sparkle/assets/js/apikey.js

@@ -2,6 +2,21 @@
  * 
  */
 $(document).ready(function() {
+	
+	var getUrlParameter = function getUrlParameter(sParam) {
+	    var sPageURL = decodeURIComponent(window.location.search.substring(1)),
+	        sURLVariables = sPageURL.split('&'),
+	        sParameterName,
+	        i;
+
+	    for (i = 0; i < sURLVariables.length; i++) {
+	        sParameterName = sURLVariables[i].split('=');
+
+	        if (sParameterName[0] === sParam) {
+	            return sParameterName[1] === undefined ? true : sParameterName[1];
+	        }
+	    }
+	};
 
 	function editApikey(id) {
 		var sid = getUrlParameter('s');
@@ -11,11 +26,17 @@ $(document).ready(function() {
 		var allowed_from = $('#dialog-' + id + ' input[name="allowed_from"]').val();
 		var valid_until = $('#dialog-' + id + ' input[name="valid_until"]').val();
 
+		// convert datepicker yy-mm-dd to Timestamp
+        var s = 0;
+        if (valid_until.length > 0) {
+        	s = $('#dialog-' + id + ' input[name="valid_until"]').datepicker("getDate").getTime() / 1000 + 3600;
+        }
+
 		$.ajax({
 	        url: "admin_index.php?s="+sid+"&page="+page+"&action=jqEditApiKey",
 	        type: "POST",
 	        data: {
-	        	id: apikey_id, allowed_from: allowed_from, valid_until: valid_until
+	        	id: apikey_id, allowed_from: allowed_from, valid_until: s
 	        },
 	        dataType: "json",
 	        success: function(json) {
@@ -28,17 +49,24 @@ $(document).ready(function() {
 	    });
 	}
 
-	$("span[id|='apikey'], span[id|='secret']").click(function() {
+	$("tr[id|='apikey']").each(function() {
-		var id = $(this).attr('data-id');
+		$(this).css('cursor', 'pointer').hover(function() {
-		$('#dialog-' + id).dialog({
+			$(this).addClass('active');
-			modal : true,
+		}, function() {
-			buttons : {
+			$(this).removeClass('active');
-				Ok : function() {
+		}).click(function() {
-					editApikey(id);
+			var id = $(this).attr('data-id');
-					$(this).dialog("close");
+			$('input[name="valid_until"]').datepicker({'dateFormat': 'yy-mm-dd'});
-				}
+			$('#dialog-' + id).dialog({
-			},
+				modal : true,
-			width : 800
+				buttons : {
+					Ok : function() {
+						editApikey(id);
+						$(this).dialog("close");
+					}
+				},
+				width : 800
+			});
 		});
 	});
 

templates/Sparkle/assets/js/domains.js

@@ -1,5 +1,20 @@
 $(document).ready(function() {
 
+	var getUrlParameter = function getUrlParameter(sParam) {
+	    var sPageURL = decodeURIComponent(window.location.search.substring(1)),
+	        sURLVariables = sPageURL.split('&'),
+	        sParameterName,
+	        i;
+
+	    for (i = 0; i < sURLVariables.length; i++) {
+	        sParameterName = sURLVariables[i].split('=');
+
+	        if (sParameterName[0] === sParam) {
+	            return sParameterName[1] === undefined ? true : sParameterName[1];
+	        }
+	    }
+	};
+
 	/**
 	 * disable unusable php-configuration by customer settings
 	 */

templates/Sparkle/assets/js/main.js

@@ -6,21 +6,6 @@ function twoDigits(value) {
 }
 $(document).ready(function() {
 
-	var getUrlParameter = function getUrlParameter(sParam) {
-	    var sPageURL = decodeURIComponent(window.location.search.substring(1)),
-	        sURLVariables = sPageURL.split('&'),
-	        sParameterName,
-	        i;
-
-	    for (i = 0; i < sURLVariables.length; i++) {
-	        sParameterName = sURLVariables[i].split('=');
-
-	        if (sParameterName[0] === sParam) {
-	            return sParameterName[1] === undefined ? true : sParameterName[1];
-	        }
-	    }
-	};
-
 	// Scroll to top
 	$(window).scroll(function() {
 		if ($(this).scrollTop() > 100) {

tests/PhpAndFpm/PhpSettingsTest.php

@@ -0,0 +1,29 @@
+<?php
+use PHPUnit\Framework\TestCase;
+
+/**
+ *
+ * @covers ApiCommand
+ * @covers ApiParameter
+ * @covers PhpSettings
+ */
+class PhpSettingsText extends TestCase
+{
+	private static $id = 0;
+
+	public function testAdminPhpSettingsAdd()
+	{
+		global $admin_userdata;
+		$data = [
+			'description' => 'test php',
+			'phpsettings' => 'error_reporting=E_ALL',
+			'fpmconfig' => Settings::Get('phpfpm.defaultini')
+		];
+		$json_result = PhpSettings::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals('error_reporting=E_ALL', $result['phpsettings']);
+		$this->assertEquals('60s', $result['fpm_reqterm']);
+		self::$id = $result['id'];
+	}
+
+}