general fixes & clean code

appinfo/info.xml

@@ -33,7 +33,7 @@ This way, the migration from Google Authenticator to OTP Manager will be quick a
 * [Official iOS App](https://apps.apple.com/us/app/nextcloud-otp-manager/id6471510170)
 ]]>
   </description>
-  <version>0.4.0</version>
+  <version>0.5.0</version>
   <licence>agpl</licence>
   <author mail="[email protected]" homepage="https://www.convertino.cloud">Matteo Convertino</author>
   <namespace>OtpManager</namespace>

appinfo/routes.php

@@ -15,33 +15,36 @@
 	'routes' => [
 		['name' => 'page#index', 'url' => '/', 'verb' => 'GET'],
 
-		['name' => 'sync#update', 'url' => '/accounts/sync', 'verb' => 'POST'],
-
 		['name' => 'account#getAll', 'url' => '/accounts', 'verb' => 'GET'],
 		['name' => 'account#create', 'url' => '/accounts', 'verb' => 'POST'],
 		['name' => 'account#get', 'url' => '/accounts/{id}', 'verb' => 'GET'],
 		['name' => 'account#update', 'url' => '/accounts', 'verb' => 'PUT'],
 		['name' => 'account#delete', 'url' => '/accounts/{id}', 'verb' => 'DELETE'],
 		// ['name' => 'account#destroy', 'url' => '/accounts/destroy/{id}', 'verb' => 'DELETE'],
 		['name' => 'account#import', 'url' => '/accounts/import', 'verb' => 'POST'],
-		['name' => 'account#updateCounter', 'url' => '/accounts/update-counter', 'verb' => 'POST'],
+		//['name' => 'account#updateCounter', 'url' => '/accounts/update-counter', 'verb' => 'POST'],
 
 		['name' => 'setting#get', 'url' => '/settings', 'verb' => 'GET'],
 		['name' => 'setting#save', 'url' => '/settings', 'verb' => 'POST'],
 
 		['name' => 'password#get', 'url' => '/password', 'verb' => 'GET'],
 		['name' => 'password#create', 'url' => '/password', 'verb' => 'POST'],
 		['name' => 'password#update', 'url' => '/password', 'verb' => 'PUT'],
-		['name' => 'password#check', 'url' => '/password/check', 'verb' => 'POST'],
 
 		['name' => 'sharedAccount#getByUser', 'url' => '/share', 'verb' => 'GET'],
 		['name' => 'sharedAccount#getByAccount', 'url' => '/share/{id}', 'verb' => 'GET'],
 		['name' => 'sharedAccount#create', 'url' => '/share', 'verb' => 'POST'],
 		['name' => 'sharedAccount#update', 'url' => '/share', 'verb' => 'PUT'],
-		['name' => 'sharedAccount#unlock', 'url' => '/share/unlock', 'verb' => 'POST'],
 		['name' => 'sharedAccount#delete', 'url' => '/share/{accountId}', 'verb' => 'DELETE'],
 		['name' => 'sharedAccount#getUsers', 'url' => '/get-users/{accountId}', 'verb' => 'GET'],
-		['name' => 'sharedAccount#updateCounter', 'url' => '/share/update-counter', 'verb' => 'POST'],
 		// ['name' => 'info#get', 'url' => '/info', 'verb' => 'GET'],
+	],
+
+	'ocs' => [
+		['name' => 'sharedAccountApi#unlock', 'url' => '/share/unlock', 'verb' => 'POST'],
+		['name' => 'sharedAccountApi#updateCounter', 'url' => '/share/update-counter', 'verb' => 'POST'],
+		['name' => 'accountApi#updateCounter', 'url' => '/accounts/update-counter', 'verb' => 'POST'],
+		['name' => 'syncApi#update', 'url' => '/accounts/sync', 'verb' => 'POST'],
+		['name' => 'passwordApi#check', 'url' => '/password/check', 'verb' => 'POST'],
 	]
 ];

lib/AppInfo/Application.php

@@ -1,4 +1,5 @@
 <?php
+
 declare(strict_types=1);
 // SPDX-FileCopyrightText: Matteo Convertino <[email protected]>
 // SPDX-License-Identifier: AGPL-3.0-or-later
@@ -7,13 +8,15 @@
 
 use OCP\AppFramework\App;
 
-class Application extends App {
+class Application extends App
+{
 	public const APP_ID = 'otpmanager';
 	public const ACCOUNTS_DB = 'otpmanager_accounts';
 	public const SETTINGS_DB = 'otpmanager_settings';
 	public const SHARED_ACCOUNTS_DB = 'otpmanager_shared';
 
-	public function __construct() {
+	public function __construct()
+	{
 		parent::__construct(self::APP_ID);
 	}
 }

lib/Controller/AccountApiController.php

@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+// SPDX-FileCopyrightText: Matteo Convertino <[email protected]>
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+namespace OCA\OtpManager\Controller;
+
+use OCA\OtpManager\Db\AccountMapper;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\IRequest;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\OCSController;
+
+class AccountApiController extends OCSController
+{
+	private AccountMapper $accountMapper;
+	private ?string $userId;
+
+	public function __construct(
+		string $AppName,
+		IRequest $request,
+		AccountMapper $accountMapper,
+		?string $UserId = null
+	) {
+		parent::__construct($AppName, $request);
+		$this->accountMapper = $accountMapper;
+		$this->userId = $UserId;
+	}
+
+	/**
+	 * @NoAdminRequired
+	 */
+	public function updateCounter(string $secret): JSONResponse
+	{
+		$account = $this->accountMapper->find("secret", $secret, $this->userId);
+
+		if ($account == null) return new JSONResponse(["error" => "This account does not exists"], Http::STATUS_NOT_FOUND);
+		if ($account->getType() == "totp")  return new JSONResponse(["error" => "You cannot update counter of a TOTP account"], Http::STATUS_NOT_FOUND);
+
+		$account->setCounter($account->getCounter() + 1);
+		$this->accountMapper->update($account);
+
+		return new JSONResponse($account->getCounter(), Http::STATUS_OK);
+	}
+}

lib/Controller/AccountController.php

@@ -54,7 +54,7 @@ public function get($id)
 	public function getAll()
 	{
 		$accounts = $this->accountMapper->findAllByUser($this->userId);
-		$sharedAccounts = $this->sharedAccountMapper->findAllByReceiver($this->userId);
+		$sharedAccounts = $this->sharedAccountMapper->findAllByReceiverJoin($this->userId);
 
 		$data = [
 			"accounts" => $accounts,
@@ -81,7 +81,7 @@ private function convertAlgorithmToInt($algorithm)
 	 * @NoAdminRequired
 	 */
 	public function create($data)
-	{	
+	{
 		$errors = AccountForm::validate($data);
 
 		if (count($errors) > 0) {
@@ -103,15 +103,15 @@ public function create($data)
 
 			if ($account == null) {
 				$account = new Account();
-				
+
 				$account->setSecret($data["secret"]);
 				$account->setName($data["name"]);
 				$account->setIssuer($data["issuer"]);
 				$account->setDigits($data["digits"]);
 				$account->setType($data["type"]);
 				$account->setPeriod($data["period"]);
 				$account->setAlgorithm($data["algorithm"]);
-				$account->setCounter($data["type"] == "totp" ? null : 0);
+				$account->setCounter($data["type"] == "totp" ? null : -1);
 				$account->setPosition($position);
 				$account->setUserId($this->userId);
 				$account->setCreatedAt(date("Y-m-d H:i:s"));
@@ -165,7 +165,7 @@ public function update($data)
 			$account->setType($data["type"]);
 			$account->setPeriod($data["period"]);
 			$account->setAlgorithm($data["algorithm"]);
-			//if (isset($data["counter"])) $account->setCounter($data["counter"]);
+			if ($account->getCounter() == null) $account->setCounter(-1);
 			$account->setUpdatedAt(date("Y-m-d H:i:s"));
 
 			$this->accountMapper->update($account);
@@ -181,22 +181,14 @@ public function delete(int $id)
 	{
 		$account = $this->accountMapper->find("id", $id, $this->userId);
 
-		if($account == null) return new JSONResponse(["error" => "There was an error while deleting your account"], 500);
+		if ($account == null) return new JSONResponse(["error" => "There was an error while deleting your account"], 500);
 
 		// delete shares
 		$this->sharedAccountMapper->destroy($account);
 
-		$this->accountMapper->safeDelete($account); 
+		$this->accountMapper->safeDelete($account);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
-	/*public function destroy($id)
-	{
-		return $this->accountMapper->destroy($id, $this->userId);
-	}*/
-
 	/**
 	 * @NoAdminRequired
 	 */
@@ -220,20 +212,4 @@ public function import(array $data, string | null $passwordUsedOnExport, string
 
 		return new JSONResponse();
 	}
-
-	/**
-	 * @NoAdminRequired
-	 */
-	public function updateCounter(string $secret)
-	{
-		$account = $this->accountMapper->find("secret", $secret, $this->userId);
-
-		if($account == null) return new JSONResponse(["error" => "This account does not exists"], 400);
-		if($account->getType() == "totp")  return new JSONResponse(["error" => "You cannot update counter of a TOTP account"], 400);
-
-		$account->setCounter($account->getCounter() + 1);
-		$this->accountMapper->update($account);
-
-		return $account->getCounter();
-	}
 }

lib/Controller/PageController.php

@@ -1,4 +1,5 @@
 <?php
+
 declare(strict_types=1);
 // SPDX-FileCopyrightText: Matteo Convertino <[email protected]>
 // SPDX-License-Identifier: AGPL-3.0-or-later
@@ -11,17 +12,20 @@
 use OCP\IRequest;
 use OCP\Util;
 
-class PageController extends Controller {
+class PageController extends Controller
+{
 
-	public function __construct(string $AppName, IRequest $request){
+	public function __construct(string $AppName, IRequest $request)
+	{
 		parent::__construct($AppName, $request);
 	}
 
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
 	 */
-	public function index(): TemplateResponse {
+	public function index(): TemplateResponse
+	{
 		Util::addScript($this->appName, 'otpmanager-main');
 
 		//throw new \Exception(print_r($accounts));

lib/Controller/PasswordApiController.php

@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+// SPDX-FileCopyrightText: Matteo Convertino <[email protected]>
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+namespace OCA\OtpManager\Controller;
+
+use OCA\OtpManager\Db\SettingMapper;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\OCSController;
+use OCP\IRequest;
+
+
+class PasswordApiController extends OCSController
+{
+    private SettingMapper $settingMapper;
+    private ?string $userId;
+
+    public function __construct(
+        string $AppName,
+        IRequest $request,
+        SettingMapper $settingMapper,
+        ?string $UserId = null
+    ) {
+        parent::__construct($AppName, $request);
+        $this->settingMapper = $settingMapper;
+        $this->userId = $UserId;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     */
+    public function check(string $password): JSONResponse
+    {
+        $setting = $this->settingMapper->find($this->userId);
+        if (is_null($setting) || is_null($setting->getPassword())) return new JSONResponse(["error" => "No password set yet"], 400);
+
+        if (password_verify(hash("sha256", $password), $setting->getPassword())) {
+            return new JSONResponse(["iv" => $setting->getIv()]);
+        } else {
+            return new JSONResponse(["error" => "Incorrect password"], 400);
+        }
+    }
+}

lib/Controller/PasswordController.php

@@ -101,7 +101,7 @@ public function update(string $oldPassword, string $newPassword): JSONResponse
         $setting = $this->settingMapper->find($this->userId);
 
         if (is_null($setting->getPassword())) return new JSONResponse(["error" => "No password set yet"], 400);
-        else if(!password_verify(hash("sha256", $oldPassword), $setting->getPassword())) return new JSONResponse(["error" => "The old password is incorrect"], 400);
+        else if (!password_verify(hash("sha256", $oldPassword), $setting->getPassword())) return new JSONResponse(["error" => "The old password is incorrect"], 400);
 
         $newPassword = hash("sha256", $newPassword);
 
@@ -115,20 +115,4 @@ public function update(string $oldPassword, string $newPassword): JSONResponse
 
         return new JSONResponse(["iv" => $setting->getIv()]);
     }
-
-    /**
-     * @NoAdminRequired
-     * @NoCSRFRequired
-     */
-    public function check(string $password): JSONResponse
-    {
-        $setting = $this->settingMapper->find($this->userId);
-        if (is_null($setting) || is_null($setting->getPassword())) return new JSONResponse(["error" => "No password set yet"], 400);
-
-        if (password_verify(hash("sha256", $password), $setting->getPassword())) {
-            return new JSONResponse(["iv" => $setting->getIv()]);
-        } else {
-            return new JSONResponse(["error" => "Incorrect password"], 400);
-        }
-    }
 }