From 9e0ec8fca8dd9924300f07c29c2635357a5b5b14 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 7 Aug 2021 14:52:58 -0700 Subject: [PATCH] Update access token generation to return more useful class --- .../Laravel/Sanctum/NewAccessToken.php | 23 +++++++++++++++++++ .../Api/Client/ApiKeyController.php | 6 ++--- app/Http/Requests/Api/ApiRequest.php | 3 +++ app/Models/Traits/HasAccessTokens.php | 9 +++----- 4 files changed, 32 insertions(+), 9 deletions(-) create mode 100644 app/Extensions/Laravel/Sanctum/NewAccessToken.php diff --git a/app/Extensions/Laravel/Sanctum/NewAccessToken.php b/app/Extensions/Laravel/Sanctum/NewAccessToken.php new file mode 100644 index 000000000..df9e017f5 --- /dev/null +++ b/app/Extensions/Laravel/Sanctum/NewAccessToken.php @@ -0,0 +1,23 @@ +accessToken = $accessToken; + $this->plainTextToken = $plainTextToken; + } +} diff --git a/app/Http/Controllers/Api/Client/ApiKeyController.php b/app/Http/Controllers/Api/Client/ApiKeyController.php index a7331e67b..631752f1e 100644 --- a/app/Http/Controllers/Api/Client/ApiKeyController.php +++ b/app/Http/Controllers/Api/Client/ApiKeyController.php @@ -37,12 +37,12 @@ class ApiKeyController extends ClientApiController // TODO: this should accept an array of different scopes to apply as permissions // for the token. Right now it allows any account level permission. - [$token, $plaintext] = $request->user()->createToken($request->input('description')); + $token = $request->user()->createToken($request->input('description')); - return $this->fractal->item($token) + return $this->fractal->item($token->accessToken) ->transformWith(PersonalAccessTokenTransformer::class) ->addMeta([ - 'secret_token' => $plaintext, + 'secret_token' => $token->plainTextToken, ]) ->toArray(); } diff --git a/app/Http/Requests/Api/ApiRequest.php b/app/Http/Requests/Api/ApiRequest.php index 79296bdba..253a61691 100644 --- a/app/Http/Requests/Api/ApiRequest.php +++ b/app/Http/Requests/Api/ApiRequest.php @@ -5,6 +5,9 @@ namespace Pterodactyl\Http\Requests\Api; use Illuminate\Foundation\Http\FormRequest; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; +/** + * @method \Pterodactyl\Models\User user($guard = null) + */ abstract class ApiRequest extends FormRequest { /** diff --git a/app/Models/Traits/HasAccessTokens.php b/app/Models/Traits/HasAccessTokens.php index 5cb944f2f..70929228b 100644 --- a/app/Models/Traits/HasAccessTokens.php +++ b/app/Models/Traits/HasAccessTokens.php @@ -5,6 +5,7 @@ namespace Pterodactyl\Models\Traits; use Illuminate\Support\Str; use Laravel\Sanctum\HasApiTokens; use Pterodactyl\Models\PersonalAccessToken; +use Pterodactyl\Extensions\Laravel\Sanctum\NewAccessToken; /** * @mixin \Pterodactyl\Models\Model @@ -24,12 +25,8 @@ trait HasAccessTokens /** * Creates a new personal access token for the user. The token will be returned * as the first element of the array, and the plain-text token will be the second. - * - * @param string $description - * @param string[] $abilities - * @return array */ - public function createToken(string $description, array $abilities = ['*']): array + public function createToken(string $description, array $abilities = ['*']): NewAccessToken { /** @var \Pterodactyl\Models\PersonalAccessToken $token */ $token = $this->tokens()->create([ @@ -40,6 +37,6 @@ trait HasAccessTokens 'abilities' => $abilities, ]); - return [$token, $token->token_id . $plain]; + return new NewAccessToken($token, $token->token_id . $plain); } }