1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Elgg\Database; |
4
|
|
|
|
5
|
|
|
use Elgg\Database; |
6
|
|
|
use Elgg\Security\Crypto; |
7
|
|
|
|
8
|
|
|
/** |
9
|
|
|
* Manage the contents of the api_users table |
10
|
|
|
* |
11
|
|
|
* @since 4.0 |
12
|
|
|
* @internal |
13
|
|
|
*/ |
14
|
|
|
class ApiUsersTable { |
15
|
|
|
|
16
|
|
|
/** |
17
|
|
|
* @var string name of the api users database table |
18
|
|
|
*/ |
19
|
|
|
const TABLE_NAME = 'api_users'; |
20
|
|
|
|
21
|
|
|
protected Database $database; |
22
|
|
|
|
23
|
|
|
protected Crypto $crypto; |
24
|
|
|
|
25
|
|
|
/** |
26
|
|
|
* Create a new table handler |
27
|
|
|
* |
28
|
|
|
* @param Database $database the Elgg database handler |
29
|
|
|
* @param Crypto $crypto crypto handler |
30
|
|
|
*/ |
31
|
6 |
|
public function __construct(Database $database, Crypto $crypto) { |
32
|
6 |
|
$this->database = $database; |
33
|
6 |
|
$this->crypto = $crypto; |
34
|
|
|
} |
35
|
|
|
|
36
|
|
|
/** |
37
|
|
|
* Generate a new API user for a site, returning a new keypair on success |
38
|
|
|
* |
39
|
|
|
* @return false|\stdClass object or false |
40
|
|
|
*/ |
41
|
8 |
|
public function createApiUser() { |
42
|
8 |
|
$public = $this->crypto->getRandomString(40, Crypto::CHARS_HEX); |
43
|
8 |
|
$secret = $this->crypto->getRandomString(40, Crypto::CHARS_HEX); |
44
|
|
|
|
45
|
8 |
|
$insert = Insert::intoTable(self::TABLE_NAME); |
46
|
8 |
|
$insert->values([ |
47
|
8 |
|
'api_key' => $insert->param($public, ELGG_VALUE_STRING), |
48
|
8 |
|
'secret' => $insert->param($secret, ELGG_VALUE_STRING), |
49
|
8 |
|
]); |
50
|
|
|
|
51
|
8 |
|
if ($this->database->insertData($insert) === false) { |
52
|
|
|
return false; |
53
|
|
|
} |
54
|
|
|
|
55
|
8 |
|
return $this->getApiUser($public); |
56
|
|
|
} |
57
|
|
|
|
58
|
|
|
/** |
59
|
|
|
* Find an API User's details based on the provided public api key. |
60
|
|
|
* These users are not users in the traditional sense. |
61
|
|
|
* |
62
|
|
|
* @param string $public_api_key The API Key (public) |
63
|
|
|
* @param bool $only_active Only return if the API key is active (default: true) |
64
|
|
|
* |
65
|
|
|
* @return false|\stdClass stdClass representing the database row or false |
66
|
|
|
*/ |
67
|
9 |
|
public function getApiUser(string $public_api_key, bool $only_active = true) { |
68
|
9 |
|
$select = Select::fromTable(self::TABLE_NAME); |
69
|
9 |
|
$select->select('*') |
70
|
9 |
|
->where($select->compare('api_key', '=', $public_api_key, ELGG_VALUE_STRING)); |
71
|
|
|
|
72
|
9 |
|
if ($only_active) { |
73
|
9 |
|
$select->andWhere($select->compare('active', '=', 1, ELGG_VALUE_INTEGER)); |
74
|
|
|
} |
75
|
|
|
|
76
|
9 |
|
return $this->database->getDataRow($select) ?: false; |
77
|
|
|
} |
78
|
|
|
|
79
|
|
|
/** |
80
|
|
|
* Revoke an api user key. |
81
|
|
|
* |
82
|
|
|
* @param string $public_api_key The API Key (public) |
83
|
|
|
* |
84
|
|
|
* @return bool |
85
|
|
|
*/ |
86
|
3 |
|
public function removeApiUser(string $public_api_key): bool { |
87
|
3 |
|
$row = $this->getApiUser($public_api_key); |
88
|
3 |
|
if (empty($row)) { |
89
|
|
|
return false; |
90
|
|
|
} |
91
|
|
|
|
92
|
3 |
|
$delete = Delete::fromTable(self::TABLE_NAME); |
93
|
3 |
|
$delete->where($delete->compare('id', '=', $row->id, ELGG_VALUE_ID)); |
94
|
|
|
|
95
|
3 |
|
return (bool) $this->database->deleteData($delete); |
96
|
|
|
} |
97
|
|
|
|
98
|
|
|
/** |
99
|
|
|
* Enable an api user key |
100
|
|
|
* |
101
|
|
|
* @param string $public_api_key The API Key (public) |
102
|
|
|
* |
103
|
|
|
* @return bool |
104
|
|
|
*/ |
105
|
3 |
|
public function enableAPIUser(string $public_api_key): bool { |
106
|
3 |
|
$update = Update::table(self::TABLE_NAME); |
107
|
3 |
|
$update->set('active', $update->param(1, ELGG_VALUE_INTEGER)) |
108
|
3 |
|
->where($update->compare('api_key', '=', $public_api_key, ELGG_VALUE_STRING)); |
109
|
|
|
|
110
|
3 |
|
return (bool) $this->database->updateData($update); |
111
|
|
|
} |
112
|
|
|
|
113
|
|
|
/** |
114
|
|
|
* Disable an api user key |
115
|
|
|
* |
116
|
|
|
* @param string $public_api_key The API Key (public) |
117
|
|
|
* |
118
|
|
|
* @return bool |
119
|
|
|
*/ |
120
|
3 |
|
public function disableAPIUser(string $public_api_key): bool { |
121
|
3 |
|
$update = Update::table(self::TABLE_NAME); |
122
|
3 |
|
$update->set('active', $update->param(0, ELGG_VALUE_INTEGER)) |
123
|
3 |
|
->where($update->compare('api_key', '=', $public_api_key, ELGG_VALUE_STRING)); |
124
|
|
|
|
125
|
3 |
|
return (bool) $this->database->updateData($update); |
126
|
|
|
} |
127
|
|
|
} |
128
|
|
|
|