1 | <?php |
||
2 | /** |
||
3 | * sysPass |
||
4 | * |
||
5 | * @author nuxsmin |
||
6 | * @link https://syspass.org |
||
7 | * @copyright 2012-2018, Rubén Domínguez nuxsmin@$syspass.org |
||
8 | * |
||
9 | * This file is part of sysPass. |
||
10 | * |
||
11 | * sysPass is free software: you can redistribute it and/or modify |
||
12 | * it under the terms of the GNU General Public License as published by |
||
13 | * the Free Software Foundation, either version 3 of the License, or |
||
14 | * (at your option) any later version. |
||
15 | * |
||
16 | * sysPass is distributed in the hope that it will be useful, |
||
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
19 | * GNU General Public License for more details. |
||
20 | * |
||
21 | * You should have received a copy of the GNU General Public License |
||
22 | * along with sysPass. If not, see <http://www.gnu.org/licenses/>. |
||
23 | */ |
||
24 | |||
25 | namespace SP\Modules\Api\Controllers; |
||
26 | |||
27 | use SP\Core\Acl\ActionsInterface; |
||
28 | use SP\Core\Crypt\Crypt; |
||
29 | use SP\Core\Events\Event; |
||
30 | use SP\Core\Events\EventMessage; |
||
31 | use SP\Modules\Api\Controllers\Help\AccountHelp; |
||
32 | use SP\Mvc\Model\QueryCondition; |
||
33 | use SP\Services\Account\AccountPresetService; |
||
34 | use SP\Services\Account\AccountRequest; |
||
35 | use SP\Services\Account\AccountSearchFilter; |
||
36 | use SP\Services\Account\AccountService; |
||
37 | use SP\Services\Api\ApiResponse; |
||
38 | |||
39 | /** |
||
40 | * Class AccountController |
||
41 | * |
||
42 | * @package SP\Modules\Api\Controllers |
||
43 | */ |
||
44 | final class AccountController extends ControllerBase |
||
45 | { |
||
46 | /** |
||
47 | * @var AccountPresetService |
||
48 | */ |
||
49 | private $accountPresetService; |
||
50 | /** |
||
51 | * @var AccountService |
||
52 | */ |
||
53 | private $accountService; |
||
54 | |||
55 | /** |
||
56 | * viewAction |
||
57 | */ |
||
58 | public function viewAction() |
||
59 | { |
||
60 | try { |
||
61 | $this->setupApi(ActionsInterface::ACCOUNT_VIEW); |
||
62 | |||
63 | $id = $this->apiService->getParamInt('id', true); |
||
64 | $accountDetails = $this->accountService->getById($id)->getAccountVData(); |
||
65 | |||
66 | $this->accountService->incrementViewCounter($id); |
||
67 | |||
68 | $this->eventDispatcher->notifyEvent('show.account', |
||
69 | new Event($this, EventMessage::factory() |
||
70 | ->addDescription(__u('Account displayed')) |
||
71 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
72 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
73 | ->addDetail('ID', $id)) |
||
74 | ); |
||
75 | |||
76 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $id)); |
||
77 | } catch (\Exception $e) { |
||
78 | $this->returnResponseException($e); |
||
79 | |||
80 | processException($e); |
||
81 | } |
||
82 | } |
||
83 | |||
84 | /** |
||
85 | * viewPassAction |
||
86 | */ |
||
87 | public function viewPassAction() |
||
88 | { |
||
89 | try { |
||
90 | $this->setupApi(ActionsInterface::ACCOUNT_VIEW_PASS); |
||
91 | |||
92 | $id = $this->apiService->getParamInt('id', true); |
||
93 | $accountPassData = $this->accountService->getPasswordForId($id); |
||
94 | $password = Crypt::decrypt($accountPassData->getPass(), $accountPassData->getKey(), $this->apiService->getMasterPass()); |
||
95 | |||
96 | $this->accountService->incrementDecryptCounter($id); |
||
97 | |||
98 | $accountDetails = $this->accountService->getById($id)->getAccountVData(); |
||
99 | |||
100 | $this->eventDispatcher->notifyEvent('show.account.pass', |
||
101 | new Event($this, EventMessage::factory() |
||
102 | ->addDescription(__u('Password viewed')) |
||
103 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
104 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
105 | ->addDetail('ID', $id)) |
||
106 | ); |
||
107 | |||
108 | $this->returnResponse(ApiResponse::makeSuccess(["password" => $password], $id)); |
||
109 | } catch (\Exception $e) { |
||
110 | processException($e); |
||
111 | |||
112 | $this->returnResponseException($e); |
||
113 | } |
||
114 | } |
||
115 | |||
116 | /** |
||
117 | * viewPassAction |
||
118 | */ |
||
119 | public function editPassAction() |
||
120 | { |
||
121 | try { |
||
122 | $this->setupApi(ActionsInterface::ACCOUNT_EDIT_PASS); |
||
123 | |||
124 | $accountRequest = new AccountRequest(); |
||
125 | $accountRequest->id = $this->apiService->getParamInt('id', true); |
||
126 | $accountRequest->pass = $this->apiService->getParamString('pass', true); |
||
127 | $accountRequest->passDateChange = $this->apiService->getParamInt('expireDate'); |
||
128 | $accountRequest->userEditId = $this->context->getUserData()->getId(); |
||
129 | |||
130 | $this->accountPresetService->checkPasswordPreset($accountRequest); |
||
131 | |||
132 | $this->accountService->editPassword($accountRequest); |
||
133 | |||
134 | $accountDetails = $this->accountService->getById($accountRequest->id)->getAccountVData(); |
||
135 | |||
136 | $this->eventDispatcher->notifyEvent('edit.account.pass', |
||
137 | new Event($this, EventMessage::factory() |
||
138 | ->addDescription(__u('Password updated')) |
||
139 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
140 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
141 | ->addDetail('ID', $accountDetails->getId())) |
||
142 | ); |
||
143 | |||
144 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $accountRequest->id, __('Password updated'))); |
||
145 | } catch (\Exception $e) { |
||
146 | processException($e); |
||
147 | |||
148 | $this->returnResponseException($e); |
||
149 | } |
||
150 | } |
||
151 | |||
152 | /** |
||
153 | * createAction |
||
154 | */ |
||
155 | public function createAction() |
||
156 | { |
||
157 | try { |
||
158 | $this->setupApi(ActionsInterface::ACCOUNT_CREATE); |
||
159 | |||
160 | $accountRequest = new AccountRequest(); |
||
161 | $accountRequest->name = $this->apiService->getParamString('name', true); |
||
162 | $accountRequest->clientId = $this->apiService->getParamInt('clientId', true); |
||
163 | $accountRequest->categoryId = $this->apiService->getParamInt('categoryId', true); |
||
164 | $accountRequest->login = $this->apiService->getParamString('login'); |
||
165 | $accountRequest->url = $this->apiService->getParamString('url'); |
||
166 | $accountRequest->notes = $this->apiService->getParamString('notes'); |
||
167 | $accountRequest->isPrivate = $this->apiService->getParamInt('private'); |
||
168 | $accountRequest->isPrivateGroup = $this->apiService->getParamInt('privateGroup'); |
||
169 | $accountRequest->passDateChange = $this->apiService->getParamInt('expireDate'); |
||
170 | $accountRequest->parentId = $this->apiService->getParamInt('parentId'); |
||
171 | |||
172 | $userData = $this->context->getUserData(); |
||
173 | |||
174 | $accountRequest->userId = $this->apiService->getParamInt('userId', false, $userData->getId()); |
||
175 | $accountRequest->userGroupId = $this->apiService->getParamInt('userGroupId', false, $userData->getUserGroupId()); |
||
176 | |||
177 | $accountRequest->tags = array_map('intval', $this->apiService->getParamArray('tagsId', false, [])); |
||
178 | $accountRequest->pass = $this->apiService->getParamRaw('pass', true); |
||
179 | |||
180 | $this->accountPresetService->checkPasswordPreset($accountRequest); |
||
181 | |||
182 | $accountId = $this->accountService->create($accountRequest); |
||
183 | |||
184 | $accountDetails = $this->accountService->getById($accountId)->getAccountVData(); |
||
185 | |||
186 | $this->eventDispatcher->notifyEvent('create.account', |
||
187 | new Event($this, EventMessage::factory() |
||
188 | ->addDescription(__u('Account created')) |
||
189 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
190 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
191 | ->addDetail('ID', $accountDetails->getId())) |
||
192 | ); |
||
193 | |||
194 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $accountId, __('Account created'))); |
||
195 | } catch (\Exception $e) { |
||
196 | processException($e); |
||
197 | |||
198 | $this->returnResponseException($e); |
||
199 | } |
||
200 | } |
||
201 | |||
202 | /** |
||
203 | * editAction |
||
204 | */ |
||
205 | public function editAction() |
||
206 | { |
||
207 | try { |
||
208 | $this->setupApi(ActionsInterface::ACCOUNT_EDIT); |
||
209 | |||
210 | $accountRequest = new AccountRequest(); |
||
211 | $accountRequest->id = $this->apiService->getParamInt('id', true); |
||
212 | $accountRequest->name = $this->apiService->getParamString('name', true); |
||
213 | $accountRequest->clientId = $this->apiService->getParamInt('clientId', true); |
||
214 | $accountRequest->categoryId = $this->apiService->getParamInt('categoryId', true); |
||
215 | $accountRequest->login = $this->apiService->getParamString('login'); |
||
216 | $accountRequest->url = $this->apiService->getParamString('url'); |
||
217 | $accountRequest->notes = $this->apiService->getParamString('notes'); |
||
218 | $accountRequest->isPrivate = $this->apiService->getParamInt('private'); |
||
219 | $accountRequest->isPrivateGroup = $this->apiService->getParamInt('privateGroup'); |
||
220 | $accountRequest->passDateChange = $this->apiService->getParamInt('expireDate'); |
||
221 | $accountRequest->parentId = $this->apiService->getParamInt('parentId'); |
||
222 | $accountRequest->userId = $this->apiService->getParamInt('userId', false); |
||
223 | $accountRequest->userGroupId = $this->apiService->getParamInt('userGroupId', false); |
||
224 | $accountRequest->userEditId = $this->context->getUserData()->getId(); |
||
225 | |||
226 | $tagsId = array_map('intval', $this->apiService->getParamArray('tagsId', false, [])); |
||
227 | |||
228 | if (!empty($tagsId)) { |
||
229 | $accountRequest->updateTags = true; |
||
230 | $accountRequest->tags = $tagsId; |
||
231 | } |
||
232 | |||
233 | $this->accountService->update($accountRequest); |
||
234 | |||
235 | $accountDetails = $this->accountService->getById($accountRequest->id)->getAccountVData(); |
||
236 | |||
237 | $this->eventDispatcher->notifyEvent('edit.account', |
||
238 | new Event($this, EventMessage::factory() |
||
239 | ->addDescription(__u('Account updated')) |
||
240 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
241 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
242 | ->addDetail('ID', $accountDetails->getId())) |
||
243 | ); |
||
244 | |||
245 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $accountRequest->id, __('Account updated'))); |
||
246 | } catch (\Exception $e) { |
||
247 | processException($e); |
||
248 | |||
249 | $this->returnResponseException($e); |
||
250 | } |
||
251 | } |
||
252 | |||
253 | /** |
||
254 | * searchAction |
||
255 | */ |
||
256 | public function searchAction() |
||
257 | { |
||
258 | try { |
||
259 | $this->setupApi(ActionsInterface::ACCOUNT_SEARCH); |
||
260 | |||
261 | $accountSearchFilter = new AccountSearchFilter(); |
||
262 | $accountSearchFilter->setCleanTxtSearch($this->apiService->getParamString('text')); |
||
263 | $accountSearchFilter->setCategoryId($this->apiService->getParamInt('categoryId')); |
||
264 | $accountSearchFilter->setClientId($this->apiService->getParamInt('clientId')); |
||
265 | |||
266 | $tagsId = array_map('intval', $this->apiService->getParamArray('tagsId', false, [])); |
||
267 | |||
268 | if (!empty($tagsId)) { |
||
269 | $accountSearchFilter->setTagsId($tagsId); |
||
270 | } |
||
271 | |||
272 | $op = $this->apiService->getParamString('op'); |
||
273 | |||
274 | if ($op !== null) { |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
275 | switch ($op) { |
||
276 | case 'and': |
||
277 | $accountSearchFilter->setFilterOperator(QueryCondition::CONDITION_AND); |
||
278 | break; |
||
279 | case 'or': |
||
280 | $accountSearchFilter->setFilterOperator(QueryCondition::CONDITION_OR); |
||
281 | break; |
||
282 | } |
||
283 | } |
||
284 | |||
285 | $accountSearchFilter->setLimitCount($this->apiService->getParamInt('count', false, 50)); |
||
286 | $accountSearchFilter->setSortOrder($this->apiService->getParamInt('order', false, AccountSearchFilter::SORT_DEFAULT)); |
||
287 | |||
288 | $this->returnResponse( |
||
289 | ApiResponse::makeSuccess( |
||
290 | $this->accountService->getByFilter($accountSearchFilter)->getDataAsArray())); |
||
291 | } catch (\Exception $e) { |
||
292 | processException($e); |
||
293 | |||
294 | $this->returnResponseException($e); |
||
295 | } |
||
296 | } |
||
297 | |||
298 | /** |
||
299 | * deleteAction |
||
300 | */ |
||
301 | public function deleteAction() |
||
302 | { |
||
303 | try { |
||
304 | $this->setupApi(ActionsInterface::ACCOUNT_DELETE); |
||
305 | |||
306 | $id = $this->apiService->getParamInt('id', true); |
||
307 | |||
308 | $accountDetails = $this->accountService->getById($id)->getAccountVData(); |
||
309 | |||
310 | $this->accountService->delete($id); |
||
311 | |||
312 | $this->eventDispatcher->notifyEvent('delete.account', |
||
313 | new Event($this, EventMessage::factory() |
||
314 | ->addDescription(__u('Account removed')) |
||
315 | ->addDetail(__u('Name'), $accountDetails->getName()) |
||
316 | ->addDetail(__u('Client'), $accountDetails->getClientName()) |
||
317 | ->addDetail('ID', $id)) |
||
318 | ); |
||
319 | |||
320 | $this->returnResponse(ApiResponse::makeSuccess($accountDetails, $id, __('Account removed'))); |
||
321 | } catch (\Exception $e) { |
||
322 | processException($e); |
||
323 | |||
324 | $this->returnResponseException($e); |
||
325 | } |
||
326 | } |
||
327 | |||
328 | /** |
||
329 | * @throws \DI\DependencyException |
||
330 | * @throws \DI\NotFoundException |
||
331 | * @throws \SP\Core\Exceptions\InvalidClassException |
||
332 | */ |
||
333 | protected function initialize() |
||
334 | { |
||
335 | $this->accountService = $this->dic->get(AccountService::class); |
||
336 | $this->accountPresetService = $this->dic->get(AccountPresetService::class); |
||
337 | $this->apiService->setHelpClass(AccountHelp::class); |
||
338 | } |
||
339 | } |