From 5913bdccbbfd4822733b674b856a69976602fd63 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Mon, 10 Apr 2023 22:22:38 -0700 Subject: [PATCH] authx - Define permission "validate any authx credential" --- ext/authx/Civi/Api4/AuthxCredential.php | 2 +- ext/authx/authx.php | 1 + ext/authx/tests/phpunit/api/v4/AuthxCredentialTest.php | 10 ++++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ext/authx/Civi/Api4/AuthxCredential.php b/ext/authx/Civi/Api4/AuthxCredential.php index 74b5d46902..14d5397cd4 100644 --- a/ext/authx/Civi/Api4/AuthxCredential.php +++ b/ext/authx/Civi/Api4/AuthxCredential.php @@ -53,7 +53,7 @@ class AuthxCredential extends Generic\AbstractEntity { 'meta' => ['access CiviCRM'], 'default' => ['administer CiviCRM'], 'create' => ['generate any authx credential'], - 'validate' => [], + 'validate' => ['validate any authx credential'], ]; } diff --git a/ext/authx/authx.php b/ext/authx/authx.php index c6f349ac27..d8a1f13b32 100644 --- a/ext/authx/authx.php +++ b/ext/authx/authx.php @@ -125,6 +125,7 @@ function authx_civicrm_permission(&$permissions) { $permissions['authenticate with password'] = E::ts('AuthX: Authenticate to services with password'); $permissions['authenticate with api key'] = E::ts('AuthX: Authenticate to services with API key'); $permissions['generate any authx credential'] = E::ts('Authx: Generate new JWT credentials for other users via the API'); + $permissions['validate any authx credential'] = E::ts('Authx: Validate credentials for other users via the API'); } // --- Functions below this ship commented out. Uncomment as required. --- diff --git a/ext/authx/tests/phpunit/api/v4/AuthxCredentialTest.php b/ext/authx/tests/phpunit/api/v4/AuthxCredentialTest.php index c4631d1d85..12e10a88e8 100644 --- a/ext/authx/tests/phpunit/api/v4/AuthxCredentialTest.php +++ b/ext/authx/tests/phpunit/api/v4/AuthxCredentialTest.php @@ -53,6 +53,11 @@ class AuthxCredentialTest extends TestCase implements HeadlessInterface, Transac 'generate any authx credential', ]); $jwt = AuthxCredential::create()->setContactId($contactRecord['id'])->execute(); + + $this->setPermissions([ + 'access CiviCRM', + 'validate any authx credential', + ]); $validate = AuthxCredential::validate()->setCred($jwt[0]['cred'])->execute(); $this->assertEquals('jwt', $validate[0]['credType']); $this->assertEquals($contactRecord['id'], $validate[0]['contactId']); @@ -74,6 +79,11 @@ class AuthxCredentialTest extends TestCase implements HeadlessInterface, Transac ]); $jwt = AuthxCredential::create()->setContactId($contactRecord['id'])->setTtl(5)->execute(); sleep(10); + + $this->setPermissions([ + 'access CiviCRM', + 'validate any authx credential', + ]); $validate = AuthxCredential::validate()->setCred($jwt[0]['cred'])->execute(); } -- 2.25.1