add credential downloads per #70

gocodebox · Aug 16, 2019 · b59c5af · b59c5af
1 parent e009647
commit b59c5af
Show file tree

Hide file tree

Showing 2 changed files with 141 additions and 13 deletions.
diff --git a/includes/admin/class-llms-rest-admin-form-controller.php b/includes/admin/class-llms-rest-admin-form-controller.php
@@ -5,7 +5,7 @@
  * @package  LifterLMS_REST/Admin/Classes
  *
  * @since 1.0.0-beta.1
- * @version 1.0.0-beta.1
+ * @version [version]
  */
 
 defined( 'ABSPATH' ) || exit;
@@ -14,6 +14,7 @@
  * LLMS_REST_Admin_Form_Controller class..
  *
  * @since 1.0.0-beta.1
+ * @since [version] Added API credential download methods.
  */
 class LLMS_REST_Admin_Form_Controller {
 
@@ -34,6 +35,7 @@ public function __construct() {
 	 * Handles submission of admin forms & nonce links.
 	 *
 	 * @since 1.0.0-beta.1
+	 * @since [version] Added logic for handling api key txt download via nonce link.
 	 *
 	 * @return false|void
 	 */
@@ -53,12 +55,40 @@ public function handle_events() {
 				LLMS_Admin_Notices::flash_notice( esc_html__( 'The webhook has been successfully deleted.', 'lifterlms' ), 'success' );
 				return llms_redirect_and_exit( admin_url( 'admin.php?page=llms-settings&tab=rest-api&section=webhooks' ) );
 			}
+		} elseif ( llms_verify_nonce( 'dl-key-nonce', 'dl-key', 'GET' ) ) {
+			return $this->handle_key_download();
 		}
 
 		return false;
 
 	}
 
+	/**
+	 * Generate and download a api key credentials file.
+	 *
+	 * @since [version]
+	 *
+	 * @return void
+	 */
+	protected function download_key_file() {
+
+		$info = $this->prepare_key_download();
+		if ( ! $info ) {
+			return false;
+		}
+
+		header( 'Content-type: text/plain' );
+		header( 'Content-Disposition: attachment; filename="' . $info['fn'] );
+		header( 'Pragma: no-cache' );
+		header( 'Expires: 0' );
+
+		printf( __( 'Consumer Key: %s', 'lifterlms' ), $info['ck'] );
+		echo "\r\n";
+		printf( __( 'Consumer Secret: %s', 'lifterlms' ), $info['cs'] );
+		die();
+
+	}
+
 	/**
 	 * Handle creating/updating a webhook via admin interfaces
 	 *
@@ -114,6 +144,43 @@ protected function handle_webhook_upsert() {
 
 	}
 
+	/**
+	 * Validates `GET` information from the credential download URL and prepares information for generating the file.
+	 *
+	 * @since [version]
+	 *
+	 * @return false|array
+	 */
+	protected function prepare_key_download() {
+
+		$key_id       = llms_filter_input( INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT );
+		$consumer_key = llms_filter_input( INPUT_GET, 'ck', FILTER_SANITIZE_STRING );
+
+		// return if missing required fields.
+		if ( ! $key_id || ! $consumer_key ) {
+			return false;
+		}
+
+		// return if key doesn't exist.
+		$key = LLMS_REST_API()->keys()->get( $key_id );
+		if ( ! $key ) {
+			return false;
+		}
+
+		// validate the decoded consumer key looks like the stored truncated key.
+		$consumer_key = base64_decode( $consumer_key );
+		if ( substr( $consumer_key, -7 ) !== $key->get( 'truncated_key' ) ) {
+			return false;
+		}
+
+		return array(
+			'fn' => sanitize_file_name( $key->get( 'description' ) ) . '.txt',
+			'ck' => $consumer_key,
+			'cs' => $key->get( 'consumer_secret' ),
+		);
+
+	}
+
 }
 
 return new LLMS_REST_Admin_Form_Controller();
diff --git a/tests/unit-tests/admin/class-llms-rest-test-admin-form-controller.php b/tests/unit-tests/admin/class-llms-rest-test-admin-form-controller.php
@@ -5,10 +5,10 @@
  * @package  LifterLMS_REST/Tests
  *
  * @group admin
- * @group admin_form_contoller
+ * @group admin_forms
  *
  * @since 1.0.0-beta.1
- * @version 1.0.0-beta.1
+ * @version [version]
  */
 class LLMS_REST_Test_Admin_Form_Controller extends LLMS_REST_Unit_Test_Case_Base {
 
@@ -56,10 +56,7 @@ public function tearDown() {
 	 *
 	 * @since 1.0.0-beta.1
 	 *
-	 * @see {Reference}
-	 * @link {URL}
-	 *
-	 * @return [type]
+	 * @return void
 	 */
 	public function test_handle_events_no_submit() {
 
@@ -72,7 +69,7 @@ public function test_handle_events_no_submit() {
 	 *
 	 * @since 1.0.0-beta.1
 	 *
-	 * @return [type]
+	 * @return void
 	 */
 	public function test_create_webhook_required_fields() {
 
@@ -123,7 +120,7 @@ public function test_create_webhook_required_fields() {
 	 *
 	 * @since 1.0.0-beta.1
 	 *
-	 * @return [type]
+	 * @return void
 	 */
 	public function test_create_webhook_all_fields() {
 
@@ -206,10 +203,7 @@ public function test_create_webhook_custom_action() {
 	 *
 	 * @since 1.0.0-beta.1
 	 *
-	 * @see {Reference}
-	 * @link {URL}
-	 *
-	 * @return [type]
+	 * @return void
 	 */
 	public function test_upsert_webhook_weird_ids() {
 
@@ -238,6 +232,13 @@ public function test_upsert_webhook_weird_ids() {
 
 	}
 
+	/**
+	 * Test required fields for upserting a webhook.
+	 *
+	 * @since 1.0.0-beta.1
+	 *
+	 * @return void
+	 */
 	public function test_update_webhook_required_fields() {
 
 		$hook = LLMS_REST_API()->webhooks()->create( array(
@@ -257,6 +258,14 @@ public function test_update_webhook_required_fields() {
 
 	}
 
+
+	/**
+	 * Test updating an existing webhook.
+	 *
+	 * @since 1.0.0-beta.1
+	 *
+	 * @return void
+	 */
 	public function test_update_webhook() {
 
 		$hook = LLMS_REST_API()->webhooks()->create( array(
@@ -462,4 +471,56 @@ public function test_delete_webhook() {
 
 	}
 
+	/**
+	 * Test prepare_key_download() method
+	 *
+	 * @since [version]
+	 *
+	 * @return void
+	 */
+	public function test_prepare_key_download() {
+
+		// Missing key & id.
+		$this->assertFalse( LLMS_Unit_Test_Util::call_method( $this->obj, 'prepare_key_download' ) );
+
+		// Missing CK.
+		$this->mockGetRequest( array(
+			'id' => 1,
+		) );
+		$this->assertFalse( LLMS_Unit_Test_Util::call_method( $this->obj, 'prepare_key_download' ) );
+
+		// Missing ID.
+		$this->mockGetRequest( array(
+			'ck' => 'arst',
+		) );
+		$this->assertFalse( LLMS_Unit_Test_Util::call_method( $this->obj, 'prepare_key_download' ) );
+
+		$key = $this->get_mock_api_key();
+
+		// Fake ID.
+		$this->mockGetRequest( array(
+			'id' => $key->get( 'id' ) + 1,
+			'ck' => 'arst',
+		) );
+		$this->assertFalse( LLMS_Unit_Test_Util::call_method( $this->obj, 'prepare_key_download' ) );
+
+		// Fake CK.
+		$this->mockGetRequest( array(
+			'id' => $key->get( 'id' ),
+			'ck' => 'arst',
+		) );
+		$this->assertFalse( LLMS_Unit_Test_Util::call_method( $this->obj, 'prepare_key_download' ) );
+
+		$this->mockGetRequest( array(
+			'id' => $key->get( 'id' ),
+			'ck' => base64_encode( $key->get( 'consumer_key_one_time' ) ),
+		) );
+		$this->assertEquals( array(
+			'fn' => 'Test-Key.txt',
+			'ck' => $key->get( 'consumer_key_one_time' ),
+			'cs' => $key->get( 'consumer_secret' ),
+		), LLMS_Unit_Test_Util::call_method( $this->obj, 'prepare_key_download' ) );
+
+	}
+
 }