<?php
/**
* @file classes/user/form/APIProfileForm.php
*
* Copyright (c) 2014-2021 Simon Fraser University
* Copyright (c) 2003-2021 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class APIProfileForm
*
* @ingroup user_form
*
* @brief Form to edit user's API key settings.
*/
namespace PKP\user\form;
use APP\core\Application;
use APP\notification\NotificationManager;
use APP\template\TemplateManager;
use Firebase\JWT\JWT;
use PKP\config\Config;
use PKP\notification\PKPNotification;
use PKP\user\User;
class APIProfileForm extends BaseProfileForm
{
public const API_KEY_NEW = 1;
public const API_KEY_DELETE = 0;
/**
* Constructor.
*
* @param User $user
*/
public function __construct($user)
{
parent::__construct('user/apiProfileForm.tpl', $user);
}
/**
* @copydoc Form::initData()
*/
public function initData()
{
$user = $this->getUser();
$this->setData('apiKeyEnabled', (bool) $user->getData('apiKeyEnabled'));
}
/**
* Assign form data to user-submitted data.
*/
public function readInputData()
{
parent::readInputData();
$this->readUserVars([
'apiKeyEnabled',
'generateApiKey',
'apiKeyAction',
]);
}
/**
* Fetch the form to edit user's API key settings.
*
* @see BaseProfileForm::fetch
*
* @param null|mixed $template
*
* @return string JSON-encoded form contents.
*/
public function fetch($request, $template = null, $display = false)
{
$user = $request->getUser();
$secret = Config::getVar('security', 'api_key_secret', '');
$templateMgr = TemplateManager::getManager($request);
if ($secret === '') {
$this->handleOnMissingAPISecret($templateMgr, $user);
return parent::fetch($request, $template, $display);
}
$templateMgr->assign(
$user->getData('apiKey') ? [
'apiKey' => JWT::encode($user->getData('apiKey'), $secret, 'HS256'),
'apiKeyAction' => self::API_KEY_DELETE,
'apiKeyActionTextKey' => 'user.apiKey.remove',
] : [
'apiKeyAction' => self::API_KEY_NEW,
'apiKeyActionTextKey' => 'user.apiKey.generate',
]
);
return parent::fetch($request, $template, $display);
}
/**
* @copydoc Form::execute()
*/
public function execute(...$functionArgs)
{
$request = Application::get()->getRequest();
$user = $request->getUser();
$templateMgr = TemplateManager::getManager($request);
if (Config::getVar('security', 'api_key_secret', '') === '') {
$this->handleOnMissingAPISecret($templateMgr, $user);
parent::execute(...$functionArgs);
}
$apiKeyAction = (int)$this->getData('apiKeyAction');
$user->setData('apiKeyEnabled', $apiKeyAction === self::API_KEY_NEW ? 1 : null);
$user->setData('apiKey', $apiKeyAction === self::API_KEY_NEW ? sha1(time()) : null);
$this->setData('apiKeyAction', (int)!$apiKeyAction);
parent::execute(...$functionArgs);
}
/**
* Handle on missing API secret
*
*
*/
protected function handleOnMissingAPISecret(TemplateManager $templateMgr, User $user): void
{
$notificationManager = new NotificationManager();
$notificationManager->createTrivialNotification(
$user->getId(),
PKPNotification::NOTIFICATION_TYPE_WARNING,
[
'contents' => __('user.apiKey.secretRequired'),
]
);
$templateMgr->assign([
'apiSecretMissing' => true,
]);
}
}
if (!PKP_STRICT_MODE) {
class_alias('\PKP\user\form\APIProfileForm', '\APIProfileForm');
}
|