use orm for app password stuff

This commit is contained in:
Andrew Dolgov 2021-03-02 08:08:48 +03:00
parent 372e8e062c
commit f56a4eab17
3 changed files with 29 additions and 27 deletions

View File

@ -8,14 +8,12 @@ class Pref_Labels extends Handler_Protected {
} }
function edit() { function edit() {
$label_id = clean($_REQUEST['id']); $label = ORM::for_table('ttrss_labels2')
->where('owner_uid', $_SESSION['uid'])
->find_one($_REQUEST['id']);
$sth = $this->pdo->prepare("SELECT id, caption, fg_color, bg_color FROM ttrss_labels2 WHERE if ($label) {
id = ? AND owner_uid = ?"); print json_encode($label->as_array());
$sth->execute([$label_id, $_SESSION['uid']]);
if ($line = $sth->fetch(PDO::FETCH_ASSOC)) {
print json_encode($line);
} }
} }

View File

@ -1366,23 +1366,25 @@ class Pref_Prefs extends Handler_Protected {
<th align='right'><?= __("Last used") ?></th> <th align='right'><?= __("Last used") ?></th>
</tr> </tr>
<?php <?php
$sth = $this->pdo->prepare("SELECT id, title, created, last_used
FROM ttrss_app_passwords WHERE owner_uid = ?");
$sth->execute([$_SESSION['uid']]);
while ($row = $sth->fetch()) { ?> $passwords = ORM::for_table('ttrss_app_passwords')
<tr data-row-id='<?= $row['id'] ?>'> ->where('owner_uid', $_SESSION['uid'])
->order_by_asc('title')
->find_many();
foreach ($passwords as $pass) { ?>
<tr data-row-id='<?= $pass['id'] ?>'>
<td align='center'> <td align='center'>
<input onclick='Tables.onRowChecked(this)' dojoType='dijit.form.CheckBox' type='checkbox'> <input onclick='Tables.onRowChecked(this)' dojoType='dijit.form.CheckBox' type='checkbox'>
</td> </td>
<td> <td>
<?= htmlspecialchars($row["title"]) ?> <?= htmlspecialchars($pass["title"]) ?>
</td> </td>
<td align='right' class='text-muted'> <td align='right' class='text-muted'>
<?= TimeHelper::make_local_datetime($row['created'], false) ?> <?= TimeHelper::make_local_datetime($pass['created'], false) ?>
</td> </td>
<td align='right' class='text-muted'> <td align='right' class='text-muted'>
<?= TimeHelper::make_local_datetime($row['last_used'], false) ?> <?= TimeHelper::make_local_datetime($pass['last_used'], false) ?>
</td> </td>
</tr> </tr>
<?php } ?> <?php } ?>
@ -1391,12 +1393,11 @@ class Pref_Prefs extends Handler_Protected {
<?php <?php
} }
function deleteAppPassword() { function deleteAppPasswords() {
$ids = explode(",", clean($_REQUEST['ids'])); $passwords = ORM::for_table('ttrss_app_passwords')
$ids_qmarks = arr_qmarks($ids); ->where('owner_uid', $_SESSION['uid'])
->where_in('id', $_REQUEST['ids'] ?? [])
$sth = $this->pdo->prepare("DELETE FROM ttrss_app_passwords WHERE id IN ($ids_qmarks) AND owner_uid = ?"); ->delete_many();
$sth->execute(array_merge($ids, [$_SESSION['uid']]));
$this->appPasswordList(); $this->appPasswordList();
} }
@ -1409,12 +1410,15 @@ class Pref_Prefs extends Handler_Protected {
print_warning(T_sprintf("Generated password <strong>%s</strong> for %s. Please remember it for future reference.", $new_password, $title)); print_warning(T_sprintf("Generated password <strong>%s</strong> for %s. Please remember it for future reference.", $new_password, $title));
$sth = $this->pdo->prepare("INSERT INTO ttrss_app_passwords $password = ORM::for_table('ttrss_app_passwords')->create();
(title, pwd_hash, service, created, owner_uid)
VALUES
(?, ?, ?, NOW(), ?)");
$sth->execute([$title, "$new_password_hash:$new_salt", Auth_Base::AUTH_SERVICE_API, $_SESSION['uid']]); $password->title = $title;
$password->owner_uid = $_SESSION['uid'];
$password->pwd_hash = "$new_password_hash:$new_salt";
$password->service = Auth_Base::AUTH_SERVICE_API;
$password->created = Db::NOW();
$password->save();
$this->appPasswordList(); $this->appPasswordList();
} }

View File

@ -19,7 +19,7 @@ const Helpers = {
alert("No passwords selected."); alert("No passwords selected.");
} else if (confirm(__("Remove selected app passwords?"))) { } else if (confirm(__("Remove selected app passwords?"))) {
xhr.post("backend.php", {op: "pref-prefs", method: "deleteAppPassword", ids: rows.toString()}, (reply) => { xhr.post("backend.php", {op: "pref-prefs", method: "deleteAppPasswords", "ids[]": rows}, (reply) => {
this.updateContent(reply); this.updateContent(reply);
Notify.close(); Notify.close();
}); });