Skip to content

Issue #15 fix: User update (patch) is not working for resource app=users&resource=user #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
manojLondhe wants to merge 7 commits into from
Closed

Issue #15 fix: User update (patch) is not working for resource app=users&resource=user #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
350f6de
Task #139177 fix: Use backend model to get / generate key/hash
manojLondhe Jan 10, 2019
0a0a4b8
Task #139177 fix: Scrutinizer issues
manojLondhe Jan 10, 2019
37d3a19
Merge remote-tracking branch 'upstream/release-2.0.0' into release-2.0.0
manojLondhe Jan 10, 2019
de887b4
Issue #15 fix: User update (patch) is not working for resource `com_a…
manojLondhe Apr 19, 2019
2ff5283
Merge remote-tracking branch 'upstream/release-2.0.1' into fix-update
manojLondhe Apr 19, 2019
34404ef
Issue #15 fix: Minor changes
manojLondhe Apr 19, 2019
91d6603
Issue #5 fix: user.php returning user's password
manojLondhe Apr 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion src/language/en-GB/en-GB.plg_api_users.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ PLG_API_USERS="API - Users"
PLG_API_USERS_DESCRIPTION="This plugin exposes users to the Joomla! API. Supports creation, listing and login for users."
PLG_API_USERS_BAD_REQUEST_MESSAGE="Bad request"
PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE="Required data is empty"
PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Your account has been created successfully"
PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Account has been created successfully."
PLG_API_USERS_PROFILE_CREATED_SUCCESSFULLY_MESSAGE="profile created successfully"
PLG_API_USERS_UNABLE_CREATE_PROFILE_MESSAGE="Unable to create profile"
PLG_API_USERS_EASYSOCIAL_NOT_INSTALL_MESSAGE="Easysocial is not installed properly"
Expand All @@ -15,3 +15,7 @@ PLG_API_USERS_UNSUPPORTED_METHOD_POST="unsupported method,please use get method"
PLG_API_USERS_USERS="users/"
PLG_API_USERS_IN_DELETE="in delete"
PLG_API_USERS_IN_POST="in post"

; Since v2.0.1
PLG_API_USERS_ACCOUNT_UPDATED_SUCCESSFULLY_MESSAGE="Account details updated successfully"
PLG_API_USERS_USER_DELETE_MESSAGE="Account details deleted successfully"
133 changes: 83 additions & 50 deletions src/users/user.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,29 +28,22 @@ class UsersApiResourceUser extends ApiResource
*/
public function post()
{
$app = JFactory::getApplication();
$userIdentifier = $app->input->get('id', 0, 'String');
$formData = $app->input->getArray();
$params = JComponentHelper::getParams("com_users");
$response = new stdClass;

$xidentifier = $app->input->server->get('HTTP_X_IDENTIFIER');
$fidentifier = $app->input->server->get('HTTP_FORCECREATE');

if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '')
{
ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));

return;
}
$app = JFactory::getApplication();
$params = JComponentHelper::getParams("com_users");
$formData = $app->input->getArray();
$userIdentifier = $app->input->get('id', 0, 'string');
$xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER');
$fIdentifier = $app->input->server->get('HTTP_FORCECREATE');

// Get current logged in user.
$my = JFactory::getUser();
$me = JFactory::getUser();
Copy link
Member

@coolbung coolbung Apr 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The user object is already available in $this->plugin->get('user') can you confirm it is ok to use either ?


// Check if $userIdentifier is not set - POST / CREATE user case

// Check if $userIdentifier is not set
if (empty($userIdentifier))
{
if ($formData['password'] == '')
// Validate required fields
if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '' || $formData['password'] == '')
Copy link

@vaivk369 vaivk369 May 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can create user without passing the password in joomla.
@manojLondhe

{
ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));

Expand All @@ -72,33 +65,33 @@ public function post()

return;
}
// PATCH / EDIT user case
else
{
// Get a user object
$user = $this->retriveUser($xidentifier, $userIdentifier);
$passedUserGroups = array();
// Get a user object from xIdentifier
$user = $this->retriveUser($xIdentifier, $userIdentifier);

// If user is already present then update it according to access.
if (!empty($user->id))
{
$iAmSuperAdmin = $my->authorise('core.admin');
$iAmSuperAdmin = $me->authorise('core.admin');

// Check if regular user is tring to update himself.
if ($my->id == $user->id || $iAmSuperAdmin)
// Check if regular user is trying to update his/her own profile OR if user is superadmin
if ($me->id == $user->id || $iAmSuperAdmin)
{
// If present then update or else dont include.
// If password present then update password2 or else dont include.
if (!empty($formData['password']))
{
$formData['password2'] = $formData['password'];
}

// Add newly added groups and keep the old one as it is.
/*// Add newly added groups and keep the old one as it is.
if (!empty($formData['groups']))
{
$passedUserGroups['groups'] = array_unique(array_merge($user->groups, $formData['groups']));
}
$formData['groups'] = array_unique(array_merge($user->groups, $formData['groups']));
}*/

$response = $this->storeUser($user, $passedUserGroups);
$response = $this->storeUser($user, $formData);
$this->plugin->setResponse($response);

return;
Expand All @@ -112,11 +105,12 @@ public function post()
}
else
{
if ($fidentifier)
// Forced user creation
if ($fIdentifier)
Copy link
Member

@coolbung coolbung Apr 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Combine this with the else above into an elseif condition ?

{
$user = new JUser;
Copy link

@vaivk369 vaivk369 May 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If id is provided, and is exist then user should get updated
@manojLondhe @coolbung


if ($formData['password'] == '')
if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '' || $formData['password'] == '')
{
ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));

Expand All @@ -135,16 +129,40 @@ public function post()

return;
}
// User trying to be updated not found
else
{
ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_ABSENT_MESSAGE'));
ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE'));

return;
}
}
}
}

/**
* Funtion to remove sensitive user info fields like password
*
* @param Object $user The user object.
* @param Array $fields Array of fields to be unset
*
* @return object|void $user
*
* @since 2.0.1
*/
protected function sanitizeUserFields($user, $fields = array('password', 'password_clear', 'otpKey', 'otep'))
{
foreach ($fields as $f)
{
if (isset($user->{$f}))
{
unset($user->{$f});
}
}

return $user;
}

/**
* Function get for user record.
*
Expand All @@ -154,27 +172,25 @@ public function post()
*/
public function get()
{
$input = JFactory::getApplication()->input;
$id = $input->get('id', 0, 'int');
$xidentifier = $input->server->get('HTTP_X_IDENTIFIER', '', 'String');
$input = JFactory::getApplication()->input;
$id = $input->get('id', 0, 'string');
$xIdentifier = $input->server->get('HTTP_X_IDENTIFIER', '', 'string');

/*
* If we have an id try to fetch the user
* @TODO write user field mapping logic here
*/
if ($id)
{
// Get a user object
$user = $this->retriveUser($xidentifier, $id);
// Get user object
$user = $this->retriveUser($xIdentifier, $id);

if (! $user->id)
if (!$user->id)
{
ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE'));

return;
}

$this->plugin->setResponse($user);
}
else
{
Expand All @@ -184,9 +200,11 @@ public function get()
{
ApiError::raiseError(400, JText::_('JERROR_ALERTNOAUTHOR'));
}

$this->plugin->setResponse($user);
}

$user = $this->sanitizeUserFields($user);

$this->plugin->setResponse($user);
}

/**
Expand Down Expand Up @@ -224,8 +242,22 @@ private function getUserId($email)
private function storeUser($user, $formData, $isNew = 0)
{
$response = new stdClass;
$ignore = array();

// Ignore pasword field if not set to avoid warning on bind()
if (!isset($formData['password']))
{
$ignore[] = 'password';
}

// In case of edit user, set formData->id as $user->id no matter what is passed in x-identifier
// Otherwise - it will try to create new user
if (!$isNew)
{
$formData['id'] = $user->id;
}

if (!$user->bind($formData))
if (!$user->bind($formData, $ignore))
{
ApiError::raiseError(400, $user->getError());

Expand All @@ -239,6 +271,7 @@ private function storeUser($user, $formData, $isNew = 0)
return;
}

// Set user id to be returned
$response->id = $user->id;

if ($isNew)
Expand All @@ -262,16 +295,16 @@ private function storeUser($user, $formData, $isNew = 0)
*/
public function delete()
{
$app = JFactory::getApplication();
$userIdentifier = $app->input->get('id', 0, 'STRING');
$xidentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'String');
$app = JFactory::getApplication();
$userIdentifier = $app->input->get('id', 0, 'string');
$xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'string');

$loggedUser = JFactory::getUser();

// Check if I am a Super Admin
$iAmSuperAdmin = $loggedUser->authorise('core.admin');

$userToDelete = $this->retriveUser($xidentifier, $userIdentifier);
$userToDelete = $this->retriveUser($xIdentifier, $userIdentifier);

if (!$userToDelete->id)
{
Expand Down Expand Up @@ -319,19 +352,19 @@ public function delete()
/**
* Function retriveUser for get user details depending upon the identifier.
*
* @param string $xidentifier Flag to differentiate the column value.
* @param string $xIdentifier Flag to differentiate the column value.
*
* @param string $userIdentifier username
*
* @return object $user Juser object if user exist otherwise std class.
*
* @since 2.0
*/
private function retriveUser($xidentifier, $userIdentifier)
private function retriveUser($xIdentifier, $userIdentifier)
{
$user = new stdClass;

switch ($xidentifier)
switch ($xIdentifier)
{
case 'username':
$userId = JUserHelper::getUserId($userIdentifier);
Expand Down