From 57e44d343f7a2e04157d7acde0ad4f3df6fd650b Mon Sep 17 00:00:00 2001
From: Kekskurse <git@kekskurse.de>
Date: Thu, 2 May 2019 15:22:37 +0200
Subject: [PATCH] #22 Recreate API Secret

---
 app/Http/Controllers/GUI/AppController.php | 12 ++++++++++++
 app/Models/App.php                         | 15 +++++++++++++--
 resources/views/app/details.php            |  2 +-
 routes/web.php                             |  1 +
 4 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/GUI/AppController.php b/app/Http/Controllers/GUI/AppController.php
index c57df5a..a6f4726 100644
--- a/app/Http/Controllers/GUI/AppController.php
+++ b/app/Http/Controllers/GUI/AppController.php
@@ -117,6 +117,18 @@ class AppController extends Controller
 
         return response($app->icon)
             ->header('Content-Type',$r["mime"]);
+    }
 
+    public function regenerateAppSecret(Request $request, $id) {
+        $app = App::query()->where("id", "=", $id)->firstOrFail();
+
+        if($app->user_id != Auth::user()->id) {
+            abort(401);
+        }
+
+        $app->regenerateApiSecret();
+        $app->saveOrFail();
+
+        return redirect('/gui/apps/'.$id);
     }
 }
diff --git a/app/Models/App.php b/app/Models/App.php
index 1e112f0..384ad1b 100644
--- a/app/Models/App.php
+++ b/app/Models/App.php
@@ -32,12 +32,12 @@ class App extends Model
         $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
         $randstring = '';
         for ($i = 0; $i < 20; $i++) {
-            $randstring = $characters[rand(0, strlen($characters)-1)];
+            $randstring .= $characters[rand(0, strlen($characters)-1)];
         }
         $apiKey = hash("sha512", $randstring);
         $randstring = '';
         for ($i = 0; $i < 20; $i++) {
-            $randstring = $characters[rand(0, strlen($characters)-1)];
+            $randstring .= $characters[rand(0, strlen($characters)-1)];
         }
         $apiSecret = hash("sha512", $randstring);
 
@@ -58,4 +58,15 @@ class App extends Model
         return $app;
     }
 
+    public function regenerateApiSecret() {
+        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+        $randstring = '';
+        for ($i = 0; $i < 20; $i++) {
+            $randstring .= $characters[rand(0, strlen($characters)-1)];
+        }
+        $apiSecret = hash("sha512", $randstring);
+
+        $this->apiSecret = $apiSecret;
+    }
+
 }
diff --git a/resources/views/app/details.php b/resources/views/app/details.php
index 3649591..1cfd5aa 100644
--- a/resources/views/app/details.php
+++ b/resources/views/app/details.php
@@ -33,7 +33,7 @@
                     <h3>API Access</h3>
                     <b>API-Key</b>
                     <input class="form-control" value="<?php echo $app->apiKey; ?>">
-                    <b>API-Secret</b>
+                    <b>API-Secret</b> <a href="/gui/apps/<?php echo $app->id; ?>/regenerateAPISecret" class="btn-danger btn-sm btn" style="height: 16px; font-size: 11px;padding-top:0px;margin-top:0px;">Regenerate API Secret</a>
                     <input class="form-control" value="<?php echo $app->apiSecret; ?>">
                 </div>
                 <div class="tab-pane fade" id="settings" role="tabpanel" aria-labelledby="settings-tab">
diff --git a/routes/web.php b/routes/web.php
index 28bd84c..4ca4aa2 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -72,6 +72,7 @@ $router->group(['prefix' => 'gui', 'middleware' => 'gui'], function () use ($rou
     $router->get('/apps/{id}', ['uses' => 'GUI\AppController@viewApp']);
     $router->post('/apps/{id}', ['uses' => 'GUI\AppController@updateApp']);
     $router->post('/apps/{id}/changeIcon', ['uses' => 'GUI\AppController@changeIcon']);
+    $router->get('/apps/{id}/regenerateAPISecret', ['uses' => 'GUI\AppController@regenerateAppSecret']);
     $router->get('/apps/{id}/icon', ['uses' => 'GUI\AppController@getAppIcon']);
     $router->get("/mailValidation/{id}/{code}",  ['uses' => 'GUI\AccountController@validateEMail']);