Skip to content

Commit

Permalink
🔥 Remove API login endpoint (#1921)
Browse files Browse the repository at this point in the history
  • Loading branch information
MrKrisKrisu authored Sep 22, 2023
1 parent 6eacbd1 commit b6553d6
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 49 deletions.
28 changes: 3 additions & 25 deletions app/Http/Controllers/API/v1/AuthController.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

namespace App\Http\Controllers\API\v1;

use App\Http\Controllers\Backend\Auth\LoginController;
use App\Http\Resources\UserSettingsResource;
use App\Providers\AuthServiceProvider;
use Illuminate\Http\JsonResponse;
Expand All @@ -11,28 +10,6 @@
class AuthController extends Controller
{

/**
* @param Request $request
*
* @return JsonResponse
* @deprecated Remove before 2023-10! Maybe earlier - if possible. Deprecation is already announced since
* November'22.
*/
public function login(Request $request): JsonResponse {
$validated = $request->validate(['login' => ['required', 'max:255'], 'password' => ['required', 'min:8', 'max:255']]);

if (LoginController::login($validated['login'], $validated['password'])) {
$token = $request->user()->createToken('token', array_keys(AuthServiceProvider::$scopes));
return $this->sendResponse([
'WARNING' => 'This endpoint (login) is deprecated and will be removed in the following weeks. Please migrate to use OAuth2. More information: https://github.com/Traewelling/traewelling/issues/1772',
'token' => $token->accessToken,
'expires_at' => $token->token->expires_at->toIso8601String(),
])
->header('Authorization', $token->accessToken);
}
return $this->sendError('Non-matching credentials', 401);
}

/**
* @OA\Post(
* path="/auth/logout",
Expand Down Expand Up @@ -134,7 +111,8 @@ public function refresh(Request $request): JsonResponse {
$oldToken->revoke();
return $this->sendResponse([
'token' => $newToken->accessToken,
'expires_at' => $newToken->token->expires_at->toIso8601String()]
)->header('Authorization', $newToken->accessToken);
'expires_at' => $newToken->token->expires_at->toIso8601String()
])
->header('Authorization', $newToken->accessToken);
}
}
42 changes: 21 additions & 21 deletions config/l5-swagger.php
Original file line number Diff line number Diff line change
Expand Up @@ -174,28 +174,28 @@


/* Open API 3.0 support */
'passport' => [ // Unique name of security
'type' => 'oauth2',
'description' => 'OAuth2 authorizationCode Flow. ' .
'Get your token from https://traewelling.de/settings/applications. ' .
'Set the redirect URL to https://traewelling.de/api/oauth2-callback to use it ' .
'here. See also https://laravel.com/docs/9.x/passport',
'in' => 'header',
'scheme' => 'https',
'flows' => [
"authorizationCode" => [
"authorizationUrl" => config('app.url') . '/oauth/authorize',
"tokenUrl" => config('app.url') . '/oauth/token',
"refreshUrl" => config('app.url') . '/auth/refresh',
"scopes" => AuthServiceProvider::$scopes
],
],
'passport' => [ // Unique name of security
'type' => 'oauth2',
'description' => 'OAuth2 authorizationCode Flow. ' .
'Get your token from https://traewelling.de/settings/applications. ' .
'Set the redirect URL to https://traewelling.de/api/oauth2-callback to use it ' .
'here. See also https://laravel.com/docs/9.x/passport',
'in' => 'header',
'scheme' => 'https',
'flows' => [
"authorizationCode" => [
"authorizationUrl" => config('app.url') . '/oauth/authorize',
"tokenUrl" => config('app.url') . '/oauth/token',
"refreshUrl" => config('app.url') . '/auth/refresh',
"scopes" => AuthServiceProvider::$scopes
],
],
],
'token' => [ // Unique name of security
'type' => 'apiKey', // Valid values are "basic", "apiKey" or "oauth2".
'description' => 'Enter token in format "Bearer \<token\>"',
'name' => 'Authorization', // The name of the header or query parameter to be used.
'in' => 'header',
'token' => [ // Unique name of security
'type' => 'apiKey', // Valid values are "basic", "apiKey" or "oauth2".
'description' => 'Enter token in format "Bearer \<token\>". You can create your personal access token at https://traewelling.de/settings/applications. We recommend this method for prototyping purposes. For all other use cases please use the oAuth method above.',
'name' => 'Authorization', // The name of the header or query parameter to be used.
'in' => 'header',
],

],
Expand Down
1 change: 1 addition & 0 deletions resources/lang/de.json
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,7 @@
"access-token-remove-at": "Du kannst den AccessToken jederzeit in den Einstellungen unter 'API-Tokens' entfernen.",
"your-access-token": "Dein AccessToken",
"your-access-token-description": "Du kannst dir einen AccessToken generieren um auf deinen eigenen Account zuzugreifen.",
"your-access-token.ask": "Wir von Träwelling werden dich niemals nach deinem AccessToken fragen. Wenn du von jemandem danach gefragt wirst, ist das vermutlich ein Betrugsversuch.",
"access-token-is-private": "Behandle deinen AccessToken wie ein Passwort. Gib ihn niemals an Dritte weiter.",
"refresh": "Aktualisieren"
}
1 change: 1 addition & 0 deletions resources/lang/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,7 @@
"access-token-remove-at": "You can remove the AccessToken at any time in the settings under 'API Tokens'.",
"your-access-token": "Your AccessToken",
"your-access-token-description": "You can generate an AccessToken to access your own account.",
"your-access-token.ask": "We at Träwelling will never ask you for your AccessToken. If you are asked for it, it is probably a scam.",
"access-token-is-private": "Treat your AccessToken like a password. Never give it to third parties.",
"refresh": "Refresh"
}
2 changes: 2 additions & 0 deletions resources/views/dev/access-token.blade.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,7 @@ class="text-center">
</div>
<div class="card-footer">
<small>{{__('access-token-is-private')}}</small>
<br />
<small class="text-danger">{{__('your-access-token.ask')}}</small>
</div>
</div>
4 changes: 2 additions & 2 deletions resources/views/settings/api-token.blade.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

@section('content')
<div class="row">
<div class="col-md-8 col-lg-7">
<div class="col-lg-8">
<div class="card mb-3">
<div class="card-header">{{ __('settings.title-tokens') }}</div>
<div class="card-body table-responsive px-0">
Expand Down Expand Up @@ -42,7 +42,7 @@
</div>
</div>
</div>
<div class="col-md-4 col-lg-5">
<div class="col-lg-4">
@include('dev.access-token')
</div>
</div>
Expand Down
1 change: 0 additions & 1 deletion routes/api.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@

Route::group(['prefix' => 'v1', 'middleware' => ['return-json']], static function() {
Route::group(['prefix' => 'auth'], function() {
Route::post('login', [v1Auth::class, 'login']);
Route::group(['middleware' => 'auth:api'], static function() {
Route::post('refresh', [v1Auth::class, 'refresh']);
Route::post('logout', [v1Auth::class, 'logout']);
Expand Down

0 comments on commit b6553d6

Please sign in to comment.