Skip to content

Commit

Permalink
Merge pull request #575 from leepeuker/add-auth-api
Browse files Browse the repository at this point in the history 
Add API endpoint for retreiving an auth token
  • Loading branch information
@JVT038
JVT038 authored Feb 24, 2024
2 parents d60534e + dbed0b4 commit a367d20
Show file tree
Hide file tree
Showing 23 changed files with 580 additions and 240 deletions.
27 changes: 27 additions & 0 deletions db/migrations/mysql/20240126110011_AddDeviceNameAndUserAgentToAuthTokenTable.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php declare(strict_types=1);

use Phinx\Migration\AbstractMigration;

final class AddDeviceNameAndUserAgentToAuthTokenTable extends AbstractMigration
{
public function down() : void
{
$this->execute(
<<<SQL
ALTER TABLE `user_auth_token` DROP COLUMN device_name;
ALTER TABLE `user_auth_token` DROP COLUMN user_agent;
SQL,
);
}

public function up() : void
{
$this->execute(
<<<SQL
DELETE FROM `user_auth_token`;
ALTER TABLE `user_auth_token` ADD COLUMN device_name VARCHAR(256) NOT NULL;
ALTER TABLE `user_auth_token` ADD COLUMN user_agent TEXT NOT NULL;
SQL,
);
}
}
47 changes: 47 additions & 0 deletions db/migrations/sqlite/20240126110433_AddDeviceNameAndUserAgentToAuthTokenTable.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
<?php declare(strict_types=1);

use Phinx\Migration\AbstractMigration;

final class AddDeviceNameAndUserAgentToAuthTokenTable extends AbstractMigration
{
public function down() : void
{
$this->execute(
<<<SQL
CREATE TABLE `user_auth_token_tmp` (
`id` INTEGER NOT NULL,
`user_id` INTEGER NOT NULL,
`token` TEXT NOT NULL,
`expiration_date` TEXT NOT NULL,
`created_at` TEXT NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (`user_id`) REFERENCES user (`id`) ON DELETE CASCADE
)
SQL,
);
$this->execute('INSERT INTO `user_auth_token_tmp` (`id`, `user_id`, `token`, `expiration_date`, `created_at`) SELECT `id`, `user_id`, `token`, `expiration_date`, `created_at` FROM `user_auth_token`');
$this->execute('DROP TABLE `user_auth_token`');
$this->execute('ALTER TABLE `user_auth_token_tmp` RENAME TO `user_auth_token`');
}

public function up() : void
{
$this->execute(
<<<SQL
CREATE TABLE `user_auth_token_tmp` (
`id` INTEGER NOT NULL,
`user_id` INT(10) NOT NULL,
`token` CHAR(36) NOT NULL,
`device_name` VARCHAR(256) NOT NULL,
`user_agent` TEXT NOT NULL,
`expiration_date` TEXT NOT NULL,
`created_at` TEXT NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (`user_id`) REFERENCES user (`id`) ON DELETE CASCADE
)
SQL,
);
$this->execute('DROP TABLE `user_auth_token`');
$this->execute('ALTER TABLE `user_auth_token_tmp` RENAME TO `user_auth_token`');
}
}
162 changes: 149 additions & 13 deletions docs/openapi.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -174,7 +174,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -237,7 +237,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -291,7 +291,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
}
Expand Down Expand Up @@ -427,7 +427,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -477,7 +477,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -527,7 +527,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
}
Expand Down Expand Up @@ -677,7 +677,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -745,7 +745,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -813,7 +813,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
},
Expand Down Expand Up @@ -871,7 +871,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
}
Expand Down Expand Up @@ -980,7 +980,7 @@
},
"security": [
{
"authToken": []
"token": []
}
]
}
Expand Down Expand Up @@ -1065,6 +1065,93 @@
}
}
}
},
"/authentication/token": {
"post": {
"tags": [
"Authentication"
],
"description": "Create an authentication token via email, password and optionally TOTP code. Add the token as X-Auth-Token header to further requests. Token lifetime 1d default, 30d with rememberMe.",
"parameters": [
{
"in": "header",
"name": "X-Movary-Client",
"schema": {
"type": "string"
},
"required": true,
"example": "Client Name"
}
],
"requestBody": {
"description": "The credentials and optionally a two-factor authentication code",
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"email",
"password"
],
"properties": {
"email": {
"type": "string",
"example": "[email protected]",
"description": "An email address"
},
"password": {
"type": "string",
"example": "mysecurepassword123",
"description": "A password"
},
"totpCode": {
"type": "integer",
"pattern": "/^[0-9]{6}$/gm",
"example": "123456",
"description": "A 6-digit two-factor TOTP code",
"nullable": true
},
"rememberMe": {
"type": "boolean",
"example": true,
"description": "Extend auth token lifetime",
"nullable": true
}
}
}
}
}
},
"responses": {
"200": {
"description": "Returned if authentication was successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"userId": {
"type": "integer",
"description": "The id of the authenticated user."
},
"token": {
"type": "string",
"description": "The authentication token to be used in future requests."
}
}
}
}
}
},
"400": {
"$ref": "#/components/responses/400"
},
"401": {
"$ref": "#/components/responses/401"
}
}
}
}
},
"components": {
Expand Down Expand Up @@ -1231,6 +1318,50 @@
"204": {
"description": "Successful operation, response has no content"
},
"400": {
"description": "The request payload or header are not correct",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"error": {
"type": "string",
"description": "The error type",
"example": "ErrorType"
},
"message": {
"type": "string",
"description": "The error message",
"example": "This is the error message"
}
}
}
}
}
},
"401": {
"description": "The provided credentials or TOTP code are not valid",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"error": {
"type": "string",
"description": "The error type",
"example": "ErrorType"
},
"message": {
"type": "string",
"description": "The error message",
"example": "This is the error message"
}
}
}
}
}
},
"403": {
"description": "Not authorized to access resource"
},
Expand All @@ -1239,10 +1370,15 @@
}
},
"securitySchemes": {
"authToken": {
"token": {
"type": "apiKey",
"name": "X-Auth-Token",
"in": "header"
},
"cookie": {
"type": "apiKey",
"name": "id",
"in": "cookie"
}
}
}
Expand Down
Loading

0 comments on commit a367d20

Please sign in to comment.