Fix API key creation logic

2020-03-28 16:06:36 -07:00 · 2020-03-28 16:06:36 -07:00 · e4e5dea6b8
commit e4e5dea6b8
parent ff49165447
3 changed files with 68 additions and 57 deletions
--- a/app/Models/ApiKey.php
+++ b/app/Models/ApiKey.php
@ -53,7 +53,7 @@ class ApiKey extends Validable
     * @var array
     */
    protected $casts = [
-        'allowed_ips' => 'json',
+        'allowed_ips' => 'array',
        'user_id' => 'int',
        'r_' . AdminAcl::RESOURCE_USERS => 'int',
        'r_' . AdminAcl::RESOURCE_ALLOCATIONS => 'int',
@ -99,7 +99,8 @@ class ApiKey extends Validable
        'identifier' => 'required|string|size:16|unique:api_keys,identifier',
        'token' => 'required|string',
        'memo' => 'required|nullable|string|max:500',
-        'allowed_ips' => 'nullable|json',
+        'allowed_ips' => 'nullable|array',
+        'allowed_ips.*' => 'string',
        'last_used_at' => 'nullable|date',
        'r_' . AdminAcl::RESOURCE_USERS => 'integer|min:0|max:3',
        'r_' . AdminAcl::RESOURCE_ALLOCATIONS => 'integer|min:0|max:3',
--- a/app/Models/Validable.php
+++ b/app/Models/Validable.php
@ -140,7 +140,12 @@ abstract class Validable extends Model
        }

        return $this->getValidator()->setData(
-            $this->toArray()
+            // Trying to do self::toArray() here will leave out keys based on the whitelist/blacklist
+            // for that model. Doing this will return all of the attributes in a format that can
+            // properly be validated.
+            $this->addCastAttributesToArray(
+                $this->getAttributes(), $this->getMutatedAttributes()
+            )
        )->passes();
    }
 }