pkp#7366 user api key generation process modified

touhidurabir · Aug 24, 2022 · 25cee65 · 25cee65
1 parent b98f04f
commit 25cee65
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 48 deletions.
diff --git a/classes/migration/upgrade/v3_4_0/I7366_UpdateUserAPIKeySettings.php b/classes/migration/upgrade/v3_4_0/I7366_UpdateUserAPIKeySettings.php
@@ -1,9 +1,19 @@
 <?php
 
+/**
+ * @file classes/migration/upgrade/v3_4_0/I7366_UpdateUserAPIKeySettings.php
+ *
+ * Copyright (c) 2014-2022 Simon Fraser University
+ * Copyright (c) 2000-2022 John Willinsky
+ * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
+ *
+ * @class I7366_UpdateUserAPIKeySettings
+ * @brief Describe upgrade/downgrade for updating user API related settings
+ */
+
 namespace PKP\migration\upgrade\v3_4_0;
 
 use Illuminate\Support\Facades\DB;
-use PKP\install\DowngradeNotSupportedException;
 
 class I7366_UpdateUserAPIKeySettings extends \PKP\migration\Migration
 {
@@ -12,36 +22,31 @@ class I7366_UpdateUserAPIKeySettings extends \PKP\migration\Migration
      */
     public function up(): void
     {
-        $userSettings = DB::table('user_settings')
-            ->select(['user_id', 'setting_name'])
-            ->where('setting_name', 'apiKeyEnabled')
-            ->distinct()
-            ->get();
-
-        $userSettingsWithApiKey = DB::table('user_settings')
-                ->select(['user_id', 'setting_name'])
-                ->where('user_id', $userSettings->pluck('user_id')->toArray())
-                ->where('setting_name', 'apiKey')
-                ->distinct()
-                ->get();
-
-        DB::table('user_settings')
-            ->whereIn(
-                'user_id', 
-                $userSettings
-                    ->pluck('user_id')
-                    ->diff($userSettingsWithApiKey->pluck('user_id'))
-                    ->toArray()
+        $users = DB::select(
+            DB::raw(
+                "SELECT u.user_id FROM users u 
+                JOIN user_settings enabled_setting ON (enabled_setting.user_id = u.user_id AND enabled_setting.setting_name = 'apiKeyEnabled')
+                LEFT JOIN user_settings key_setting ON (key_setting.user_id = u.user_id AND key_setting.setting_name = 'apiKey') 
+                WHERE key_setting.user_id IS NULL"
             )
-            ->where('setting_name', 'apiKeyEnabled')
-            ->delete();
+        );
+
+        collect($users)
+            ->pluck('user_id')
+            ->chunk(1000)
+            ->each(
+                fn ($ids) => DB::table('user_settings')
+                    ->where('setting_name', 'apiKeyEnabled')
+                    ->whereIn('user_id', $ids->toArray())
+                    ->delete()
+            );
     }
 
     /**
      * Reverse the migration.
      */
     public function down(): void
     {
-        throw new DowngradeNotSupportedException('Downgrade unsupported due to data update');
+
     }
 }
diff --git a/classes/user/form/APIProfileForm.php b/classes/user/form/APIProfileForm.php
@@ -79,7 +79,7 @@ public function fetch($request, $template = null, $display = false)
         if ($secret === '') {
             $this->handleOnMissingAPISecret($templateMgr, $user);
             return parent::fetch($request, $template, $display);
-        };
+        }
 
         $templateMgr->assign($user->getData('apiKey') ? [
                 'apiKey' => JWT::encode($user->getData('apiKey'), $secret, 'HS256'),
@@ -115,22 +115,6 @@ public function execute(...$functionArgs)
 
         $this->setData('apiKeyAction', (int)!$apiKeyAction);
 
-        // $apiKeyEnabled = (bool) $this->getData('apiKeyEnabled');
-        // $user->setData('apiKeyEnabled', $apiKeyEnabled);
-
-        // // remove api key if exists
-        // if (!$apiKeyEnabled) {
-        //     $user->setData('apiKeyEnabled', null);
-        // }
-
-        // // generate api key
-        // if ($apiKeyEnabled && !is_null($this->getData('generateApiKey'))) {
-        //     $secret = Config::getVar('security', 'api_key_secret', '');
-        //     if ($secret) {
-        //         $user->setData('apiKey', sha1(time()));
-        //     }
-        // }
-
         parent::execute(...$functionArgs);
     }
 

diff --git a/locale/en_US/user.po b/locale/en_US/user.po
@@ -438,7 +438,7 @@ msgid "user.apiKey.removeWarning"
 msgstr "Deleting a key will revoke access to any application that uses it."
 
 msgid "user.apiKey.remove.confirmation.message"
-msgstr "You sure you want to delete this api key."
+msgstr "Are you sure you want to delete this API key?"
 
 msgid "user.apiKey.secretRequired"
 msgstr "Before generating an API key, your site administrator must set a secret in the config file (\"api_key_secret\")."

diff --git a/templates/user/apiProfileForm.tpl b/templates/user/apiProfileForm.tpl
@@ -23,11 +23,6 @@
 
 	{include file="controllers/notification/inPlaceNotification.tpl" notificationId="apiProfileNotification"}
 
-	{* {fbvFormSection list=true}
-		{fbvElement id=apiKeyEnabled type="checkbox" label="user.apiKeyEnabled" checked=$apiKeyEnabled value=1}
-		{fbvElement id=generateApiKey type="checkbox" label="user.apiKey.generate" value=1}
-	{/fbvFormSection} *}
-
 	{fbvFormSection title="user.apiKey"}
 		{if !$apiKey}{assign var=apiKey value="common.none"|translate}{/if}
 		{fbvElement id=apiKey type="text" readonly="true" inline=true value=$apiKey size=$fbvStyles.size.MEDIUM}
@@ -46,7 +41,7 @@
 			</button>
 		{/if}
 		<p>
-			{translate key=($apiKeyAction) ? "user.apiKey.generateWarning" : "user.apiKey.removeWarning"}
+			{translate key=($apiKeyAction === \PKP\user\form\APIProfileForm::API_KEY_NEW) ? "user.apiKey.generateWarning" : "user.apiKey.removeWarning"}
 		</p>
 	{/fbvFormSection}