From d23b80a37c1b6ae772cb1b5635dd916b20ebf039 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Wed, 18 Nov 2015 22:04:34 -0500
Subject: [PATCH] more user security stuff

---
 admin/api_settings.php          | 27 ++++++++++++++++---
 internal-api/js/api-settings.js | 47 +++++++++++++++++++++++++++------
 2 files changed, 62 insertions(+), 12 deletions(-)

diff --git a/admin/api_settings.php b/admin/api_settings.php
index 98e3bf57..288305be 100644
--- a/admin/api_settings.php
+++ b/admin/api_settings.php
@@ -141,36 +141,55 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                         User Security
                     </div>
                     <?php
+                    $users = [];
                     $userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
+                    while ($row = hesk_dbFetchAssoc($userRs)) {
+                        $row['number_of_tokens'] = 0;
+                        $users[$row['user']] = $row;
+                    }
+                    $tokensRs = hesk_dbQuery("SELECT `user_id`, 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`");
+                    while ($row = hesk_dbFetchAssoc($tokensRs)) {
+                        $users[$row['user_id']]['number_of_tokens']++;
+                    }
                     ?>
                     <table class="table table-striped">
                         <thead>
                         <tr>
                             <th>Username</th>
                             <th>Name</th>
+                            <th>Number of Tokens</th>
                             <th>Actions</th>
                         </tr>
                         </thead>
                         <tbody>
                         <?php
-                        while ($row = hesk_dbFetchAssoc($userRs)):
+                        foreach ($users as $row):
                         ?>
                         <tr>
                             <td><?php echo $row['user']; ?></td>
                             <td><?php echo $row['name']; ?></td>
+                            <td><?php echo $row['number_of_tokens']; ?></td>
                             <td>
-                                <div class="btn-group">
+                                <span class="btn-group">
                                     <button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
                                         <i class="fa fa-plus-circle"></i> Generate New Token
                                     </button>
                                     <button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)">
                                         <i class="fa fa-undo"></i> Reset Tokens
                                     </button>
-                                </div>
+                                </span>
+                                <span>
+                                    <i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle"
+                                       data-toggle="tooltip" title="Changes saved!"></i>
+                                    <i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle"
+                                       data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
+                                    <i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
+                                       data-toggle="tooltip" title="Saving..."></i>
+                                </span>
                             </td>
                         </tr>
                         <?php
-                        endwhile;
+                        endforeach;
                         ?>
                         </tbody>
                     </table>
diff --git a/internal-api/js/api-settings.js b/internal-api/js/api-settings.js
index 5cf7d298..a8be7ada 100644
--- a/internal-api/js/api-settings.js
+++ b/internal-api/js/api-settings.js
@@ -16,9 +16,7 @@ function updatePublicApi(enable) {
     };
     $('#enable-api-button').addClass('disabled');
     $('#disable-api-button').addClass('disabled');
-    $('#public-api-saving').removeClass('hide');
-    $('#public-api-success').addClass('hide');
-    $('#public-api-failure').addClass('hide');
+    markSaving('public-api');
     $.ajax({
         url: endpoint,
         data: data,
@@ -26,8 +24,7 @@ function updatePublicApi(enable) {
         success: function() {
             $('#enable-api-button').removeClass('disabled');
             $('#disable-api-button').removeClass('disabled');
-            $('#public-api-saving').addClass('hide');
-            $('#public-api-success').removeClass('hide');
+            markSuccess('public-api');
 
             if (enable == '1') {
                 $('#public-api-sidebar').addClass('success')
@@ -45,14 +42,48 @@ function updatePublicApi(enable) {
             console.error(data);
             $('#enable-api-button').removeClass('disabled');
             $('#disable-api-button').removeClass('disabled');
-            $('#public-api-saving').addClass('hide');
-            $('#public-api-failure').removeClass('hide');
+            markFailure('public-api');
         }
     });
 }
 
+function markSuccess(id) {
+    $('#' + id + '-saving').addClass('hide');
+    $('#' + id + '-failure').addClass('hide');
+    $('#' + id + '-success').removeClass('hide');
+}
+
+function markSaving(id) {
+    $('#' + id + '-saving').removeClass('hide');
+    $('#' + id + '-failure').addClass('hide');
+    $('#' + id + '-success').addClass('hide');
+}
+
+function markFailure(id) {
+    $('#' + id + '-saving').addClass('hide');
+    $('#' + id + '-failure').removeClass('hide');
+    $('#' + id + '-success').addClass('hide');
+}
+
 function generateToken(userId) {
-    alert(userId);
+    var endpoint = getHelpdeskUrl();
+    endpoint += '/internal-api/admin/api-authentication/';
+    markSaving('token-' + userId);
+    var data = {
+        userId: userId,
+        action: 'generate'
+    };
+    $.ajax({
+        url: endpoint,
+        data: data,
+        method: 'POST',
+        success: function (data) {
+            markSuccess('token-' + userId);
+        },
+        error: function (data) {
+            markFailure('token-' + userId);
+        }
+    });
 }
 
 function clearTokens(userId) {