Tokens can now be reset

admin/api_settings.php

@@ -188,12 +188,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                 </span>
                             </td>
                         </tr>
-                        <tr>
-                            <td colspan="4" id="token-<?php echo $row['id']; ?>-created" class="success hide">
+                        <tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
+                            <td colspan="4">
                                 Generated Token: <code class="token"></code>
                                 <p><b>NOTE:</b> Please record this token, as this is the only time you will be able to view it!</p>
                             </td>
                         </tr>
+                        <tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
+                            <td colspan="4">
+                                <p>All tokens for this user have been removed!</p>
+                            </td>
+                        </tr>
                         <?php
                         endforeach;
                         ?>

internal-api/admin/api-authentication/index.php

@@ -34,7 +34,8 @@ if ($request_method == 'POST') {
         output($token);
         return http_response_code(200);
     } elseif ($action == 'reset') {
-        //TODO
+        reset_tokens($user_id, $hesk_settings);
+        return http_response_code(204);
     } else {
         return http_response_code(400);
     }

internal-api/dao/api_authentication_dao.php

@@ -2,6 +2,11 @@
 
 function store_token($user_id, $token_hash, $hesk_settings) {
     $sql = "INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` (`user_id`, `token`)
-        VALUES ('" . hesk_dbEscape($user_id) . "', '" . hesk_dbEscape($token_hash) . "')";
+        VALUES (" . intval($user_id) . ", '" . hesk_dbEscape($token_hash) . "')";
+    hesk_dbQuery($sql);
+}
+
+function reset_tokens($user_id, $hesk_settings) {
+    $sql = "DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` WHERE `user_id` = ".intval($user_id);
     hesk_dbQuery($sql);
 }

internal-api/js/api-settings.js

@@ -69,6 +69,8 @@ function generateToken(userId) {
     var endpoint = getHelpdeskUrl();
     endpoint += '/internal-api/admin/api-authentication/';
     markSaving('token-' + userId);
+    $('#token-' + userId + '-reset').addClass('hide');
+    $('#token-' + userId + '-created').addClass('hide');
     var data = {
         userId: userId,
         action: 'generate'
@@ -78,7 +80,7 @@ function generateToken(userId) {
         data: data,
         method: 'POST',
         success: function (data) {
-            $('#token-' + userId + '-created > .token').text(data);
+            $('#token-' + userId + '-created > td > .token').text(data);
             $('#token-' + userId + '-created').removeClass('hide');
             markSuccess('token-' + userId);
             var oldNumberOfTokens = parseInt($('#token-' + userId + '-count').text());
@@ -92,5 +94,27 @@ function generateToken(userId) {
 }
 
 function clearTokens(userId) {
-    alert(userId);
+    var endpoint = getHelpdeskUrl();
+    endpoint += '/internal-api/admin/api-authentication/';
+    markSaving('token-' + userId);
+    $('#token-' + userId + '-reset').addClass('hide');
+    $('#token-' + userId + '-created').addClass('hide');
+    var data = {
+        userId: userId,
+        action: 'reset'
+    };
+    $.ajax({
+        url: endpoint,
+        data: data,
+        method: 'POST',
+        success: function() {
+            $('#token-' + userId + '-reset').removeClass('hide');
+            $('#token-' + userId + '-count').text('0');
+            markSuccess('token-' + userId);
+        },
+        error: function(data) {
+            console.error(data);
+            markFailure('token-' + userId);
+        }
+    });
 }