Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🔥 Remove API login endpoint #1921

Merged
merged 5 commits into from
Sep 22, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 3 additions & 25 deletions app/Http/Controllers/API/v1/AuthController.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

namespace App\Http\Controllers\API\v1;

use App\Http\Controllers\Backend\Auth\LoginController;
use App\Http\Resources\UserSettingsResource;
use App\Providers\AuthServiceProvider;
use Illuminate\Http\JsonResponse;
Expand All @@ -11,28 +10,6 @@
class AuthController extends Controller
{

/**
* @param Request $request
*
* @return JsonResponse
* @deprecated Remove before 2023-10! Maybe earlier - if possible. Deprecation is already announced since
* November'22.
*/
public function login(Request $request): JsonResponse {
$validated = $request->validate(['login' => ['required', 'max:255'], 'password' => ['required', 'min:8', 'max:255']]);

if (LoginController::login($validated['login'], $validated['password'])) {
$token = $request->user()->createToken('token', array_keys(AuthServiceProvider::$scopes));
return $this->sendResponse([
'WARNING' => 'This endpoint (login) is deprecated and will be removed in the following weeks. Please migrate to use OAuth2. More information: https://github.com/Traewelling/traewelling/issues/1772',
'token' => $token->accessToken,
'expires_at' => $token->token->expires_at->toIso8601String(),
])
->header('Authorization', $token->accessToken);
}
return $this->sendError('Non-matching credentials', 401);
}

/**
* @OA\Post(
* path="/auth/logout",
Expand Down Expand Up @@ -134,7 +111,8 @@ public function refresh(Request $request): JsonResponse {
$oldToken->revoke();
return $this->sendResponse([
'token' => $newToken->accessToken,
'expires_at' => $newToken->token->expires_at->toIso8601String()]
)->header('Authorization', $newToken->accessToken);
'expires_at' => $newToken->token->expires_at->toIso8601String()
])
->header('Authorization', $newToken->accessToken);
}
}
42 changes: 21 additions & 21 deletions config/l5-swagger.php
Original file line number Diff line number Diff line change
Expand Up @@ -174,28 +174,28 @@


/* Open API 3.0 support */
'passport' => [ // Unique name of security
'type' => 'oauth2',
'description' => 'OAuth2 authorizationCode Flow. ' .
'Get your token from https://traewelling.de/settings/applications. ' .
'Set the redirect URL to https://traewelling.de/api/oauth2-callback to use it ' .
'here. See also https://laravel.com/docs/9.x/passport',
'in' => 'header',
'scheme' => 'https',
'flows' => [
"authorizationCode" => [
"authorizationUrl" => config('app.url') . '/oauth/authorize',
"tokenUrl" => config('app.url') . '/oauth/token',
"refreshUrl" => config('app.url') . '/auth/refresh',
"scopes" => AuthServiceProvider::$scopes
],
],
'passport' => [ // Unique name of security
'type' => 'oauth2',
'description' => 'OAuth2 authorizationCode Flow. ' .
'Get your token from https://traewelling.de/settings/applications. ' .
'Set the redirect URL to https://traewelling.de/api/oauth2-callback to use it ' .
'here. See also https://laravel.com/docs/9.x/passport',
'in' => 'header',
'scheme' => 'https',
'flows' => [
"authorizationCode" => [
"authorizationUrl" => config('app.url') . '/oauth/authorize',
"tokenUrl" => config('app.url') . '/oauth/token',
"refreshUrl" => config('app.url') . '/auth/refresh',
"scopes" => AuthServiceProvider::$scopes
],
],
],
'token' => [ // Unique name of security
'type' => 'apiKey', // Valid values are "basic", "apiKey" or "oauth2".
'description' => 'Enter token in format "Bearer \<token\>"',
'name' => 'Authorization', // The name of the header or query parameter to be used.
'in' => 'header',
'token' => [ // Unique name of security
'type' => 'apiKey', // Valid values are "basic", "apiKey" or "oauth2".
'description' => 'Enter token in format "Bearer \<token\>". You can create your personal access token at https://traewelling.de/settings/applications. We recommend this method for prototyping purposes. For all other use cases please use the oAuth method above.',
'name' => 'Authorization', // The name of the header or query parameter to be used.
'in' => 'header',
],

],
Expand Down
1 change: 1 addition & 0 deletions resources/lang/de.json
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,7 @@
"access-token-remove-at": "Du kannst den AccessToken jederzeit in den Einstellungen unter 'API-Tokens' entfernen.",
"your-access-token": "Dein AccessToken",
"your-access-token-description": "Du kannst dir einen AccessToken generieren um auf deinen eigenen Account zuzugreifen.",
"your-access-token.ask": "Wir von Träwelling werden dich niemals nach deinem AccessToken fragen. Wenn du von jemandem danach gefragt wirst, ist das vermutlich ein Betrugsversuch.",
"access-token-is-private": "Behandle deinen AccessToken wie ein Passwort. Gib ihn niemals an Dritte weiter.",
"refresh": "Aktualisieren"
}
1 change: 1 addition & 0 deletions resources/lang/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,7 @@
"access-token-remove-at": "You can remove the AccessToken at any time in the settings under 'API Tokens'.",
"your-access-token": "Your AccessToken",
"your-access-token-description": "You can generate an AccessToken to access your own account.",
"your-access-token.ask": "We at Träwelling will never ask you for your AccessToken. If you are asked for it, it is probably a scam.",
"access-token-is-private": "Treat your AccessToken like a password. Never give it to third parties.",
"refresh": "Refresh"
}
2 changes: 2 additions & 0 deletions resources/views/dev/access-token.blade.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,7 @@ class="text-center">
</div>
<div class="card-footer">
<small>{{__('access-token-is-private')}}</small>
<br />
<small class="text-danger">{{__('your-access-token.ask')}}</small>
</div>
</div>
4 changes: 2 additions & 2 deletions resources/views/settings/api-token.blade.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

@section('content')
<div class="row">
<div class="col-md-8 col-lg-7">
<div class="col-lg-8">
<div class="card mb-3">
<div class="card-header">{{ __('settings.title-tokens') }}</div>
<div class="card-body table-responsive px-0">
Expand Down Expand Up @@ -42,7 +42,7 @@
</div>
</div>
</div>
<div class="col-md-4 col-lg-5">
<div class="col-lg-4">
@include('dev.access-token')
</div>
</div>
Expand Down
1 change: 0 additions & 1 deletion routes/api.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@

Route::group(['prefix' => 'v1', 'middleware' => ['return-json']], static function() {
Route::group(['prefix' => 'auth'], function() {
Route::post('login', [v1Auth::class, 'login']);
Route::group(['middleware' => 'auth:api'], static function() {
Route::post('refresh', [v1Auth::class, 'refresh']);
Route::post('logout', [v1Auth::class, 'logout']);
Expand Down
Loading