Merge pull request #294 from laf/api

Added the ability to create tokens
librenms · Oct 7, 2014 · e6fe3be · e6fe3be
2 parents 3d0c11b + 48bc04b
commit e6fe3be
Show file tree

Hide file tree

Showing 3 changed files with 214 additions and 8 deletions.
diff --git a/html/forms/token-item-create.inc.php b/html/forms/token-item-create.inc.php
@@ -0,0 +1,44 @@
+<?php
+
+/*
+ * LibreNMS
+ *
+ * Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.  Please see LICENSE.txt at the top level of
+ * the source code distribution for details.
+ */
+
+if(!is_numeric($_POST['user_id']) || !isset($_POST['token']))
+{
+  echo('ERROR: error with data, please ensure a valid user and token have been specified.');
+  exit;
+}
+elseif(strlen($_POST['token']) > 32)
+{
+  echo('ERROR: The token is more than 32 characters');
+  exit;
+}
+elseif(strlen($_POST['token']) < 16)
+{
+  echo('ERROR: The token is less than 16 characters');
+  exit;
+}
+else
+{
+  $create = dbInsert(array('user_id' => $_POST['user_id'], 'token_hash' => $_POST['token'], 'description' => $_POST['description']), 'api_tokens');
+  if($create > '0')
+  {
+    echo('API token has been created');
+    $_SESSION['api_token'] = TRUE;
+    exit;
+  }
+  else
+  {
+    echo('ERROR: An error occurred creating the API token');
+    exit;
+  }
+}
diff --git a/html/forms/token-item-remove.inc.php b/html/forms/token-item-remove.inc.php
@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * LibreNMS
+ *
+ * Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.  Please see LICENSE.txt at the top level of
+ * the source code distribution for details.
+ */
+
+if(!is_numeric($_POST['token_id']))
+{
+  echo('error with data');
+  exit;
+}
+else
+{
+  if($_POST['confirm'] == 'yes')
+  {
+    $delete = dbDelete('api_tokens', '`id` = ?', array($_POST['token_id']));
+    if($delete > '0')
+    {
+      echo('API token has been removed');
+      exit;
+    }
+    else
+    {
+      echo('An error occurred removing the API token');
+      exit;
+    }
+  }
+}
diff --git a/html/pages/api-access.inc.php b/html/pages/api-access.inc.php
@@ -14,26 +14,109 @@
 
 if ($_SESSION['userlevel'] == '10')
 {
+if(empty($_POST['token'])) {
+    $_POST['token'] = bin2hex(openssl_random_pseudo_bytes(16));
+}
 ?>
   <div class="modal fade" id="confirm-delete" tabindex="-1" role="dialog" aria-labelledby="Delete" aria-hidden="true">
-    <div class="modal-dialog">
+    <div class="modal-dialog modal-sm">
       <div class="modal-content">          
         <div class="modal-header">
           <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
           <h5 class="modal-title" id="Delete">Confirm Delete</h5>
         </div>
         <div class="modal-body">
-          <p>If you would like to remove the API token for then please click Delete.</p>
+          <p>If you would like to remove the API token then please click Delete.</p>
         </div>        
         <div class="modal-footer">
-          <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-          <a href="#" class="btn btn-danger danger">Delete</a>
+          <form role="form" class="remove_token_form">
+            <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+            <button type="submit" class="btn btn-danger danger" id="token-removal" data-target="token-removal">Delete</button>
+            <input type="hidden" name="token_id" id="token_id" value="">
+            <input type="hidden" name="type" id="type" value="token-item-remove">
+            <input type="hidden" name="confirm" id="confirm" value="yes">
+          </form>
+        </div>
+      </div>
+    </div>
+  </div>
+  <div class="modal fade bs-example-modal-sm" id="create-token" tabindex="-1" role="dialog" aria-labelledby="Create" aria-hidden="true">
+    <div class="modal-dialog">
+      <div class="modal-content">
+        <div class="modal-header">
+          <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+          <h5 class="modal-title" id="Create">Create new API Access token</h5>
+        </div>
+        <div class="modal-body">
+          <form role="form" class="form-horizontal create_token_form">
+            <div class="form-group">
+              <label for="user_id" class="col-sm-2 control-label">User: </label>
+              <div class="col-sm-4">
+                <select class="form-control" id="user_id" name="user_id">
+<?php
+
+foreach (dbFetchRows("SELECT user_id,username FROM `users` WHERE `level` >= '10'", array()) as $users)
+{
+  echo('<option value="'.$users['user_id'].'">'.$users['username'].'</option>');
+}
+
+?>
+                </select>
+              </div>
+            </div>
+            <div class="form-group">
+              <label for="token" class="col-sm-2 control-label">Token: </label>
+              <div class="col-sm-8">
+                <input type="text" class="form-control" id="token" name="token" value="<?php echo $_POST['token'];?>" disabled>
+              </div>
+              <div class="col-sm-2">
+              </div>
+            </div>
+            <div class="form-group">
+              <label for="description" class="col-sm-2 control-label">Descr: </label>
+              <div class="col-sm-10">
+                <input type="text" class="form-control" id="description" name="description" value="<?php echo $_POST['description'];?>">
+              </div>
+            </div>
+        </div>
+        <div class="modal-footer">
+          <div class="form-group">
+            <div class="col-sm-4">
+              <input type="hidden" name="type" id="type" value="token-item-create">
+              <button type="submit" class="btn btn-success" name="token-create" id="token-create">Create API Token</button>
+            </div>
+          </div>
+          </form>
         </div>
       </div>
     </div>
   </div>
 <?php
   echo('
+  <div class="row">
+    <div class="col-md-12">
+      <span id="thanks"></span>
+    </div>
+  </div>
+');
+  if($_SESSION['api_token'] === TRUE)
+  {
+    echo("<script>
+      $('#thanks').html('<div class=\"alert alert-info\">The API token has been added.</div>');</script>
+    ");
+    unset($_SESSION['api_token']);
+  }
+echo('
+  <div class="row">
+    <div class="col-sm-2">
+      <button type="button" class="btn btn-primary btn-sm" data-toggle="modal" data-target="#create-token">Create API access token</button>
+    </div>
+  </div>
+  <div class="row">
+    <div class="col-sm-12">
+      &nbsp;
+    </div>
+  </div>
   <div class="row">
     <div class="col-sm-6">
       <table class="table table-bordered table-condensed">
@@ -57,12 +140,12 @@
       $api_disabled = '';
     }
     echo('
-        <tr>
+        <tr id="'.$api['id'].'">
           <td>'.$api['username'].'</td>
           <td>'.$api['token_hash'].'</td>
           <td>'.$api['description'].'</td>
           <td><input type="checkbox" name="token-status" data-token_id="'.$api['id'].'" data-off-text="No" data-on-text="Yes" data-on-color="danger" '.$api_disabled.' data-size="mini"></td>
-          <td><a href="" class="btn btn-primary btn-xs" role="button" data-toggle="modal" data-target="#confirm-delete">Delete</a></td>
+          <td><button type="button" class="btn btn-primary btn-xs" id="'.$api['id'].'" data-token_id="'.$api['id'].'" data-toggle="modal" data-target="#confirm-delete">Delete</button></td>
         </tr>
 ');
   }
@@ -93,8 +176,51 @@
     });
   });
   $('#confirm-delete').on('show.bs.modal', function(e) {
-    $(this).find('.danger').attr('href', $(e.relatedTarget).data('href'));        
-    $('.debug-url').html('Delete URL: <strong>' + $(this).find('.danger').attr('href') + '</strong>');
+    token_id = $(e.relatedTarget).data('token_id');
+    $("#token_id").val(token_id);
+    event.preventDefault();
+  });
+  $('#token-removal').click('', function(e) {
+    event.preventDefault();
+    token_id = $("#token_id").val();
+    $.ajax({
+      type: "POST",
+      url: "/ajax_form.php",
+      data: $('form.remove_token_form').serialize() ,
+      success: function(msg){
+        $("#thanks").html('<div class="alert alert-info">'+msg+'</div>');
+        $("#confirm-delete").modal('hide');
+        $("#"+token_id).remove();
+      },
+      error: function(){
+        $("#thanks").html('<div class="alert alert-info">An error occurred removing the token.</div>');
+        $("#confirm-delete").modal('hide');
+      }
+    });
+  });
+  $('#token-create').click('', function(e) {
+    event.preventDefault();
+    $.ajax({
+      type: "POST",
+      url: "/ajax_form.php",
+      data: $('form.create_token_form').serialize(),
+      success: function(msg){
+        $("#thanks").html('<div class="alert alert-info">'+msg+'</div>');
+        $("#create-token").modal('hide');
+        if(msg.indexOf("ERROR:") <= -1) {
+          location.reload();
+        }
+      },
+      error: function(){
+        $("#thanks").html('<div class="alert alert-info">An error occurred removing the token.</div>');
+        $("#create-token").modal('hide');
+      }
+    });
+  });
+  $('#pass-gen').click('', function(e) {
+    event.preventDefault();
+    token = $.password(32,false);
+    $('#token').val(token);
   });
 </script>