1 | <?php |
||
2 | /** |
||
3 | * sysPass |
||
4 | * |
||
5 | * @author nuxsmin |
||
6 | * @link https://syspass.org |
||
7 | * @copyright 2012-2019, Rubén Domínguez nuxsmin@$syspass.org |
||
8 | * |
||
9 | * This file is part of sysPass. |
||
10 | * |
||
11 | * sysPass is free software: you can redistribute it and/or modify |
||
12 | * it under the terms of the GNU General Public License as published by |
||
13 | * the Free Software Foundation, either version 3 of the License, or |
||
14 | * (at your option) any later version. |
||
15 | * |
||
16 | * sysPass is distributed in the hope that it will be useful, |
||
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
19 | * GNU General Public License for more details. |
||
20 | * |
||
21 | * You should have received a copy of the GNU General Public License |
||
22 | * along with sysPass. If not, see <http://www.gnu.org/licenses/>. |
||
23 | */ |
||
24 | |||
25 | namespace SP\Modules\Api\Controllers; |
||
26 | |||
27 | use DI\DependencyException; |
||
28 | use DI\NotFoundException; |
||
29 | use Exception; |
||
30 | use SP\Core\Acl\ActionsInterface; |
||
31 | use SP\Core\Crypt\Crypt; |
||
32 | use SP\Core\Events\Event; |
||
33 | use SP\Core\Events\EventMessage; |
||
34 | use SP\Core\Exceptions\InvalidClassException; |
||
35 | use SP\Modules\Api\Controllers\Help\AccountHelp; |
||
36 | use SP\Mvc\Model\QueryCondition; |
||
37 | use SP\Services\Account\AccountPresetService; |
||
38 | use SP\Services\Account\AccountRequest; |
||
39 | use SP\Services\Account\AccountSearchFilter; |
||
40 | use SP\Services\Account\AccountService; |
||
41 | use SP\Services\Api\ApiResponse; |
||
42 | |||
43 | /** |
||
44 | * Class AccountController |
||
45 | * |
||
46 | * @package SP\Modules\Api\Controllers |
||
47 | */ |
||
48 | final class AccountController extends ControllerBase |
||
49 | { |
||
50 | /** |
||
51 | * @var AccountPresetService |
||
52 | */ |
||
53 | private $accountPresetService; |
||
54 | /** |
||
55 | * @var AccountService |
||
56 | */ |
||
57 | private $accountService; |
||
58 | |||
59 | /** |
||
60 | * viewAction |
||
61 | */ |
||
62 | public function viewAction() |
||
63 | { |
||
64 | try { |
||
65 | $this->setupApi(ActionsInterface::ACCOUNT_VIEW); |
||
66 | |||
67 | $id = $this->apiService->getParamInt('id', true); |
||
68 | $accountDetails = $this->accountService->getById($id)->getAccountVData(); |
||
69 | |||
70 | $this->accountService->incrementViewCounter($id); |
||
71 | |||
72 | $this->eventDispatcher->notifyEvent('show.account', |
||
73 | new Event($this, EventMessage::factory() |
||
74 | ->addDescription(__u('Account displayed')) |
||
75 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
76 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
77 | ->addDetail('ID', $id)) |
||
78 | ); |
||
79 | |||
80 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $id)); |
||
81 | } catch (Exception $e) { |
||
82 | $this->returnResponseException($e); |
||
83 | |||
84 | processException($e); |
||
85 | } |
||
86 | } |
||
87 | |||
88 | /** |
||
89 | * viewPassAction |
||
90 | */ |
||
91 | public function viewPassAction() |
||
92 | { |
||
93 | try { |
||
94 | $this->setupApi(ActionsInterface::ACCOUNT_VIEW_PASS); |
||
95 | |||
96 | $id = $this->apiService->getParamInt('id', true); |
||
97 | $accountPassData = $this->accountService->getPasswordForId($id); |
||
98 | $password = Crypt::decrypt($accountPassData->getPass(), $accountPassData->getKey(), $this->apiService->getMasterPass()); |
||
99 | |||
100 | $this->accountService->incrementDecryptCounter($id); |
||
101 | |||
102 | $accountDetails = $this->accountService->getById($id)->getAccountVData(); |
||
103 | |||
104 | $this->eventDispatcher->notifyEvent('show.account.pass', |
||
105 | new Event($this, EventMessage::factory() |
||
106 | ->addDescription(__u('Password viewed')) |
||
107 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
108 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
109 | ->addDetail('ID', $id)) |
||
110 | ); |
||
111 | |||
112 | $this->returnResponse(ApiResponse::makeSuccess(["password" => $password], $id)); |
||
113 | } catch (Exception $e) { |
||
114 | processException($e); |
||
115 | |||
116 | $this->returnResponseException($e); |
||
117 | } |
||
118 | } |
||
119 | |||
120 | /** |
||
121 | * viewPassAction |
||
122 | */ |
||
123 | public function editPassAction() |
||
124 | { |
||
125 | try { |
||
126 | $this->setupApi(ActionsInterface::ACCOUNT_EDIT_PASS); |
||
127 | |||
128 | $accountRequest = new AccountRequest(); |
||
129 | $accountRequest->id = $this->apiService->getParamInt('id', true); |
||
130 | $accountRequest->pass = $this->apiService->getParamString('pass', true); |
||
131 | $accountRequest->passDateChange = $this->apiService->getParamInt('expireDate'); |
||
132 | $accountRequest->userEditId = $this->context->getUserData()->getId(); |
||
133 | |||
134 | $this->accountPresetService->checkPasswordPreset($accountRequest); |
||
135 | |||
136 | $this->accountService->editPassword($accountRequest); |
||
137 | |||
138 | $accountDetails = $this->accountService->getById($accountRequest->id)->getAccountVData(); |
||
139 | |||
140 | $this->eventDispatcher->notifyEvent('edit.account.pass', |
||
141 | new Event($this, EventMessage::factory() |
||
142 | ->addDescription(__u('Password updated')) |
||
143 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
144 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
145 | ->addDetail('ID', $accountDetails->getId())) |
||
146 | ); |
||
147 | |||
148 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $accountRequest->id, __('Password updated'))); |
||
149 | } catch (Exception $e) { |
||
150 | processException($e); |
||
151 | |||
152 | $this->returnResponseException($e); |
||
153 | } |
||
154 | } |
||
155 | |||
156 | /** |
||
157 | * createAction |
||
158 | */ |
||
159 | public function createAction() |
||
160 | { |
||
161 | try { |
||
162 | $this->setupApi(ActionsInterface::ACCOUNT_CREATE); |
||
163 | |||
164 | $accountRequest = new AccountRequest(); |
||
165 | $accountRequest->name = $this->apiService->getParamString('name', true); |
||
166 | $accountRequest->clientId = $this->apiService->getParamInt('clientId', true); |
||
167 | $accountRequest->categoryId = $this->apiService->getParamInt('categoryId', true); |
||
168 | $accountRequest->login = $this->apiService->getParamString('login'); |
||
169 | $accountRequest->url = $this->apiService->getParamString('url'); |
||
170 | $accountRequest->notes = $this->apiService->getParamString('notes'); |
||
171 | $accountRequest->isPrivate = $this->apiService->getParamInt('private'); |
||
172 | $accountRequest->isPrivateGroup = $this->apiService->getParamInt('privateGroup'); |
||
173 | $accountRequest->passDateChange = $this->apiService->getParamInt('expireDate'); |
||
174 | $accountRequest->parentId = $this->apiService->getParamInt('parentId'); |
||
175 | |||
176 | $userData = $this->context->getUserData(); |
||
177 | |||
178 | $accountRequest->userId = $this->apiService->getParamInt('userId', false, $userData->getId()); |
||
179 | $accountRequest->userGroupId = $this->apiService->getParamInt('userGroupId', false, $userData->getUserGroupId()); |
||
180 | |||
181 | $accountRequest->tags = array_map('intval', $this->apiService->getParamArray('tagsId', false, [])); |
||
182 | $accountRequest->pass = $this->apiService->getParamRaw('pass', true); |
||
183 | |||
184 | $this->accountPresetService->checkPasswordPreset($accountRequest); |
||
185 | |||
186 | $accountId = $this->accountService->create($accountRequest); |
||
187 | |||
188 | $accountDetails = $this->accountService->getById($accountId)->getAccountVData(); |
||
189 | |||
190 | $this->eventDispatcher->notifyEvent('create.account', |
||
191 | new Event($this, EventMessage::factory() |
||
192 | ->addDescription(__u('Account created')) |
||
193 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
194 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
195 | ->addDetail('ID', $accountDetails->getId())) |
||
196 | ); |
||
197 | |||
198 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $accountId, __('Account created'))); |
||
199 | } catch (Exception $e) { |
||
200 | processException($e); |
||
201 | |||
202 | $this->returnResponseException($e); |
||
203 | } |
||
204 | } |
||
205 | |||
206 | /** |
||
207 | * editAction |
||
208 | */ |
||
209 | public function editAction() |
||
210 | { |
||
211 | try { |
||
212 | $this->setupApi(ActionsInterface::ACCOUNT_EDIT); |
||
213 | |||
214 | $accountRequest = new AccountRequest(); |
||
215 | $accountRequest->id = $this->apiService->getParamInt('id', true); |
||
216 | $accountRequest->name = $this->apiService->getParamString('name', true); |
||
217 | $accountRequest->clientId = $this->apiService->getParamInt('clientId', true); |
||
218 | $accountRequest->categoryId = $this->apiService->getParamInt('categoryId', true); |
||
219 | $accountRequest->login = $this->apiService->getParamString('login'); |
||
220 | $accountRequest->url = $this->apiService->getParamString('url'); |
||
221 | $accountRequest->notes = $this->apiService->getParamString('notes'); |
||
222 | $accountRequest->isPrivate = $this->apiService->getParamInt('private'); |
||
223 | $accountRequest->isPrivateGroup = $this->apiService->getParamInt('privateGroup'); |
||
224 | $accountRequest->passDateChange = $this->apiService->getParamInt('expireDate'); |
||
225 | $accountRequest->parentId = $this->apiService->getParamInt('parentId'); |
||
226 | $accountRequest->userId = $this->apiService->getParamInt('userId', false); |
||
227 | $accountRequest->userGroupId = $this->apiService->getParamInt('userGroupId', false); |
||
228 | $accountRequest->userEditId = $this->context->getUserData()->getId(); |
||
229 | |||
230 | $tagsId = array_map('intval', $this->apiService->getParamArray('tagsId', false, [])); |
||
231 | |||
232 | if (!empty($tagsId)) { |
||
233 | $accountRequest->updateTags = true; |
||
234 | $accountRequest->tags = $tagsId; |
||
235 | } |
||
236 | |||
237 | $this->accountService->update($accountRequest); |
||
238 | |||
239 | $accountDetails = $this->accountService->getById($accountRequest->id)->getAccountVData(); |
||
240 | |||
241 | $this->eventDispatcher->notifyEvent('edit.account', |
||
242 | new Event($this, EventMessage::factory() |
||
243 | ->addDescription(__u('Account updated')) |
||
244 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
245 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
246 | ->addDetail('ID', $accountDetails->getId())) |
||
247 | ); |
||
248 | |||
249 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $accountRequest->id, __('Account updated'))); |
||
250 | } catch (Exception $e) { |
||
251 | processException($e); |
||
252 | |||
253 | $this->returnResponseException($e); |
||
254 | } |
||
255 | } |
||
256 | |||
257 | /** |
||
258 | * searchAction |
||
259 | */ |
||
260 | public function searchAction() |
||
261 | { |
||
262 | try { |
||
263 | $this->setupApi(ActionsInterface::ACCOUNT_SEARCH); |
||
264 | |||
265 | $accountSearchFilter = new AccountSearchFilter(); |
||
266 | $accountSearchFilter->setCleanTxtSearch($this->apiService->getParamString('text')); |
||
267 | $accountSearchFilter->setCategoryId($this->apiService->getParamInt('categoryId')); |
||
268 | $accountSearchFilter->setClientId($this->apiService->getParamInt('clientId')); |
||
269 | |||
270 | $tagsId = array_map('intval', $this->apiService->getParamArray('tagsId', false, [])); |
||
271 | |||
272 | if (!empty($tagsId)) { |
||
273 | $accountSearchFilter->setTagsId($tagsId); |
||
274 | } |
||
275 | |||
276 | $op = $this->apiService->getParamString('op'); |
||
277 | |||
278 | if ($op !== null) { |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
279 | switch ($op) { |
||
280 | case 'and': |
||
281 | $accountSearchFilter->setFilterOperator(QueryCondition::CONDITION_AND); |
||
282 | break; |
||
283 | case 'or': |
||
284 | $accountSearchFilter->setFilterOperator(QueryCondition::CONDITION_OR); |
||
285 | break; |
||
286 | } |
||
287 | } |
||
288 | |||
289 | $accountSearchFilter->setLimitCount($this->apiService->getParamInt('count', false, 50)); |
||
290 | $accountSearchFilter->setSortOrder($this->apiService->getParamInt('order', false, AccountSearchFilter::SORT_DEFAULT)); |
||
291 | |||
292 | $this->returnResponse( |
||
293 | ApiResponse::makeSuccess( |
||
294 | $this->accountService->getByFilter($accountSearchFilter)->getDataAsArray())); |
||
295 | } catch (Exception $e) { |
||
296 | processException($e); |
||
297 | |||
298 | $this->returnResponseException($e); |
||
299 | } |
||
300 | } |
||
301 | |||
302 | /** |
||
303 | * deleteAction |
||
304 | */ |
||
305 | public function deleteAction() |
||
306 | { |
||
307 | try { |
||
308 | $this->setupApi(ActionsInterface::ACCOUNT_DELETE); |
||
309 | |||
310 | $id = $this->apiService->getParamInt('id', true); |
||
311 | |||
312 | $accountDetails = $this->accountService->getById($id)->getAccountVData(); |
||
313 | |||
314 | $this->accountService->delete($id); |
||
315 | |||
316 | $this->eventDispatcher->notifyEvent('delete.account', |
||
317 | new Event($this, EventMessage::factory() |
||
318 | ->addDescription(__u('Account removed')) |
||
319 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
320 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
321 | ->addDetail('ID', $id)) |
||
322 | ); |
||
323 | |||
324 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $id, __('Account removed'))); |
||
325 | } catch (Exception $e) { |
||
326 | processException($e); |
||
327 | |||
328 | $this->returnResponseException($e); |
||
329 | } |
||
330 | } |
||
331 | |||
332 | /** |
||
333 | * @throws DependencyException |
||
334 | * @throws NotFoundException |
||
335 | * @throws InvalidClassException |
||
336 | */ |
||
337 | protected function initialize() |
||
338 | { |
||
339 | $this->accountService = $this->dic->get(AccountService::class); |
||
340 | $this->accountPresetService = $this->dic->get(AccountPresetService::class); |
||
341 | $this->apiService->setHelpClass(AccountHelp::class); |
||
342 | } |
||
343 | } |