Expose team membership secret to api/console user

This commit is contained in:
Matej Bačo
2022-10-13 11:06:42 +00:00
parent b6eef3a886
commit 7a76db2bc4
2 changed files with 40 additions and 1 deletions
+34 -1
View File
@@ -449,8 +449,19 @@ App::post('/v1/teams/:teamId/memberships')
$events
->setParam('teamId', $team->getId())
->setParam('membershipId', $membership->getId())
->setPayload($response->output(
$membership
->setAttribute('teamName', $team->getAttribute('name'))
->setAttribute('userName', $invitee->getAttribute('name'))
->setAttribute('userEmail', $invitee->getAttribute('email'))
->setAttribute('secret', $secret),
Response::MODEL_MEMBERSHIP
))
;
// Hide secret for clients
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
$response
->setStatusCode(Response::STATUS_CODE_CREATED)
->dynamic(
@@ -486,6 +497,9 @@ App::get('/v1/teams/:teamId/memberships')
throw new Exception(Exception::TEAM_NOT_FOUND);
}
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
$isAppUser = Auth::isAppUser(Authorization::getRoles());
$queries = Query::parseQueries($queries);
if (!empty($search)) {
@@ -525,7 +539,11 @@ App::get('/v1/teams/:teamId/memberships')
$memberships = array_filter($memberships, fn(Document $membership) => !empty($membership->getAttribute('userId')));
$memberships = array_map(function ($membership) use ($dbForProject, $team) {
$memberships = array_map(function ($membership) use ($dbForProject, $team, $isPrivilegedUser, $isAppUser) {
// Hide secret for clients
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
$user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
$membership
@@ -572,8 +590,14 @@ App::get('/v1/teams/:teamId/memberships/:membershipId')
throw new Exception(Exception::MEMBERSHIP_NOT_FOUND);
}
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
$isAppUser = Auth::isAppUser(Authorization::getRoles());
$user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
// Hide secret for clients
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
$membership
->setAttribute('teamName', $team->getAttribute('name'))
->setAttribute('userName', $user->getAttribute('name'))
@@ -645,6 +669,9 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId')
->setParam('teamId', $team->getId())
->setParam('membershipId', $membership->getId());
// Hide secret for clients
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
$response->dynamic(
$membership
->setAttribute('teamName', $team->getAttribute('name'))
@@ -718,6 +745,9 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
throw new Exception(Exception::MEMBERSHIP_ALREADY_CONFIRMED);
}
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
$isAppUser = Auth::isAppUser(Authorization::getRoles());
$membership // Attach user to team
->setAttribute('joined', DateTime::now())
->setAttribute('confirm', true)
@@ -779,6 +809,9 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
;
// Hide secret for clients
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
$response->dynamic(
$membership
->setAttribute('teamName', $team->getAttribute('name'))
@@ -83,6 +83,12 @@ class Membership extends Model
'example' => 'admin',
'array' => true,
])
->addRule('secret', [
'type' => self::TYPE_STRING,
'description' => 'Token secret key. This will return an empty string unless the response is returned using an API key or as part of a webhook payload.',
'default' => '',
'example' => '',
])
;
}