wallabag/src/Wallabag/ApiBundle/Controller/DeveloperController.php

<?php

namespace Wallabag\ApiBundle\Controller;

use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Contracts\Translation\TranslatorInterface;
use Wallabag\ApiBundle\Entity\Client;
use Wallabag\ApiBundle\Form\Type\ClientType;
use Wallabag\ApiBundle\Repository\ClientRepository;

class DeveloperController extends AbstractController
{
    /**
     * List all clients and link to create a new one.
     *
     * @Route("/developer", name="developer")
     *
     * @return Response
     */
    public function indexAction(ClientRepository $repo)
    {
        $clients = $repo->findByUser($this->getUser()->getId());

        return $this->render('@WallabagCore/Developer/index.html.twig', [
            'clients' => $clients,
        ]);
    }

    /**
     * Create a client (an app).
     *
     * @Route("/developer/client/create", name="developer_create_client")
     *
     * @return Response
     */
    public function createClientAction(Request $request, EntityManagerInterface $entityManager, TranslatorInterface $translator)
    {
        $client = new Client($this->getUser());
        $clientForm = $this->createForm(ClientType::class, $client);
        $clientForm->handleRequest($request);

        if ($clientForm->isSubmitted() && $clientForm->isValid()) {
            $client->setAllowedGrantTypes(['token', 'authorization_code', 'password', 'refresh_token']);
            $entityManager->persist($client);
            $entityManager->flush();

            $this->addFlash(
                'notice',
                $translator->trans('flashes.developer.notice.client_created', ['%name%' => $client->getName()])
            );

            return $this->render('@WallabagCore/Developer/client_parameters.html.twig', [
                'client_id' => $client->getPublicId(),
                'client_secret' => $client->getSecret(),
                'client_name' => $client->getName(),
            ]);
        }

        return $this->render('@WallabagCore/Developer/client.html.twig', [
            'form' => $clientForm->createView(),
        ]);
    }

    /**
     * Remove a client.
     *
     * @Route("/developer/client/delete/{id}", requirements={"id" = "\d+"}, name="developer_delete_client", methods={"POST"})
     *
     * @return RedirectResponse
     */
    public function deleteClientAction(Request $request, Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator)
    {
        if (!$this->isCsrfTokenValid('delete-client', $request->request->get('token'))) {
            throw new BadRequestHttpException('Bad CSRF token.');
        }

        if (null === $this->getUser() || $client->getUser()->getId() !== $this->getUser()->getId()) {
            throw $this->createAccessDeniedException('You can not access this client.');
        }

        $entityManager->remove($client);
        $entityManager->flush();

        $this->addFlash(
            'notice',
            $translator->trans('flashes.developer.notice.client_deleted', ['%name%' => $client->getName()])
        );

        return $this->redirect($this->generateUrl('developer'));
    }

    /**
     * Display developer how to use an existing app.
     *
     * @Route("/developer/howto/first-app", name="developer_howto_firstapp")
     *
     * @return Response
     */
    public function howtoFirstAppAction()
    {
        return $this->render('@WallabagCore/Developer/howto_app.html.twig',
        [
            'wallabag_url' => $this->getParameter('domain_name'),
        ]);
    }
}
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`<?php`

Ensure access_token are removed When we remove the client, we should ensure that access_token are also removed. To ensure that, I created a test that generated an access_token. So when we remove the client, this association should be cascaded and shouldn’t generate an error. Also I moved some Api related stuff to the ApiBundle (like the developer controler and ClientType form) 2016-10-08 00:02:22 +02:00			`namespace Wallabag\ApiBundle\Controller;`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`use Doctrine\ORM\EntityManagerInterface;`
			`use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;`
Import used classes 2022-08-28 16:59:43 +02:00			`use Symfony\Component\HttpFoundation\RedirectResponse;`
Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00			`use Symfony\Component\HttpFoundation\Request;`
Import used classes 2022-08-28 16:59:43 +02:00			`use Symfony\Component\HttpFoundation\Response;`
Use 400 Bad Request errors for invalid CSRF everywhere 2025-03-23 22:12:08 +01:00			`use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;`
Jump to Symfony 3.4 Thanks to the BC compatibility, almost nothing have to be changed. All changes are related to new bundle version of: - SensioFrameworkExtraBundle - DoctrineFixturesBundle 2018-10-04 14:07:20 +02:00			`use Symfony\Component\Routing\Annotation\Route;`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`use Symfony\Contracts\Translation\TranslatorInterface;`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`use Wallabag\ApiBundle\Entity\Client;`
Ensure access_token are removed When we remove the client, we should ensure that access_token are also removed. To ensure that, I created a test that generated an access_token. So when we remove the client, this association should be cascaded and shouldn’t generate an error. Also I moved some Api related stuff to the ApiBundle (like the developer controler and ClientType form) 2016-10-08 00:02:22 +02:00			`use Wallabag\ApiBundle\Form\Type\ClientType;`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`use Wallabag\ApiBundle\Repository\ClientRepository;`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`class DeveloperController extends AbstractController`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`{`
			`/**`
Add translations 2016-03-05 22:29:58 +01:00			`* List all clients and link to create a new one.`
			`*`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`* @Route("/developer", name="developer")`
Added developer documentation 2016-02-16 07:55:18 +01:00			`*`
Import used classes 2022-08-28 16:59:43 +02:00			`* @return Response`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`*/`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`public function indexAction(ClientRepository $repo)`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`{`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`$clients = $repo->findByUser($this->getUser()->getId());`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00
Remove LiipThemeBundle As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore. So: - move all `*.twig` files from the material theme folder to the root - remove useless translations 2022-11-23 14:49:52 +01:00			`return $this->render('@WallabagCore/Developer/index.html.twig', [`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`'clients' => $clients,`
Convert array + phpDoc Thanks for https://github.com/thomasbachem/php-short-array-syntax-converter 2016-04-12 11:36:01 +02:00			`]);`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`}`

			`/**`
Add translations 2016-03-05 22:29:58 +01:00			`* Create a client (an app).`
			`*`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`* @Route("/developer/client/create", name="developer_create_client")`
Added developer documentation 2016-02-16 07:55:18 +01:00			`*`
Import used classes 2022-08-28 16:59:43 +02:00			`* @return Response`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`*/`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`public function createClientAction(Request $request, EntityManagerInterface $entityManager, TranslatorInterface $translator)`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`{`
Added relation between API Client and User Fix #2062 2016-10-24 21:56:28 +02:00			`$client = new Client($this->getUser());`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`$clientForm = $this->createForm(ClientType::class, $client);`
			`$clientForm->handleRequest($request);`

Fix tests & deprecation notice 2016-12-14 11:54:30 +01:00			`if ($clientForm->isSubmitted() && $clientForm->isValid()) {`
Revert client_credentials grant types 2017-07-08 19:28:12 +02:00			`$client->setAllowedGrantTypes(['token', 'authorization_code', 'password', 'refresh_token']);`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`$entityManager->persist($client);`
			`$entityManager->flush();`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`$this->addFlash(`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`'notice',`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`$translator->trans('flashes.developer.notice.client_created', ['%name%' => $client->getName()])`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`);`

Remove LiipThemeBundle As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore. So: - move all `*.twig` files from the material theme folder to the root - remove useless translations 2022-11-23 14:49:52 +01:00			`return $this->render('@WallabagCore/Developer/client_parameters.html.twig', [`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`'client_id' => $client->getPublicId(),`
			`'client_secret' => $client->getSecret(),`
Added name on client - Fix typos in field name - Added migration for name field in API client table Manually cherry-picked from PR https://github.com/wallabag/wallabag/pull/2171 2016-05-21 18:09:38 +02:00			`'client_name' => $client->getName(),`
Convert array + phpDoc Thanks for https://github.com/thomasbachem/php-short-array-syntax-converter 2016-04-12 11:36:01 +02:00			`]);`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`}`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00
Remove LiipThemeBundle As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore. So: - move all `*.twig` files from the material theme folder to the root - remove useless translations 2022-11-23 14:49:52 +01:00			`return $this->render('@WallabagCore/Developer/client.html.twig', [`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`'form' => $clientForm->createView(),`
Convert array + phpDoc Thanks for https://github.com/thomasbachem/php-short-array-syntax-converter 2016-04-12 11:36:01 +02:00			`]);`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`}`
Added developer documentation 2016-02-16 07:55:18 +01:00
			`/**`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`* Remove a client.`
			`*`
Replace GET way to POST way to delete API client 2023-07-29 10:31:51 +02:00			`* @Route("/developer/client/delete/{id}", requirements={"id" = "\d+"}, name="developer_delete_client", methods={"POST"})`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`*`
Import used classes 2022-08-28 16:59:43 +02:00			`* @return RedirectResponse`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`*/`
Replace GET way to POST way to delete API client 2023-07-29 10:31:51 +02:00			`public function deleteClientAction(Request $request, Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator)`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`{`
Replace GET way to POST way to delete API client 2023-07-29 10:31:51 +02:00			`if (!$this->isCsrfTokenValid('delete-client', $request->request->get('token'))) {`
Use 400 Bad Request errors for invalid CSRF everywhere 2025-03-23 22:12:08 +01:00			`throw new BadRequestHttpException('Bad CSRF token.');`
Replace GET way to POST way to delete API client 2023-07-29 10:31:51 +02:00			`}`

Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00			`if (null === $this->getUser() \|\| $client->getUser()->getId() !== $this->getUser()->getId()) {`
Added relation between API Client and User Fix #2062 2016-10-24 21:56:28 +02:00			`throw $this->createAccessDeniedException('You can not access this client.');`
			`}`

Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`$entityManager->remove($client);`
			`$entityManager->flush();`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`$this->addFlash(`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`'notice',`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 10:37:22 +01:00			`$translator->trans('flashes.developer.notice.client_deleted', ['%name%' => $client->getName()])`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`);`

			`return $this->redirect($this->generateUrl('developer'));`
			`}`

			`/**`
Add translations 2016-03-05 22:29:58 +01:00			`* Display developer how to use an existing app.`
			`*`
Add listing clients Rename route to be more consistive (ie: prefixed with developer_) 2016-03-05 21:44:39 +01:00			`* @Route("/developer/howto/first-app", name="developer_howto_firstapp")`
Added developer documentation 2016-02-16 07:55:18 +01:00			`*`
Import used classes 2022-08-28 16:59:43 +02:00			`* @return Response`
Added developer documentation 2016-02-16 07:55:18 +01:00			`*/`
Enhance documentation and create a form to create a new client 2016-02-16 13:49:25 +01:00			`public function howtoFirstAppAction()`
Added developer documentation 2016-02-16 07:55:18 +01:00			`{`
Replace hardcoded url by current wallabag url 2023-07-30 10:05:59 +02:00			`return $this->render('@WallabagCore/Developer/howto_app.html.twig',`
			`[`
			`'wallabag_url' => $this->getParameter('domain_name'),`
			`]);`
Added developer documentation 2016-02-16 07:55:18 +01:00			`}`
Fix #1597: first draft to create new client for the API 2016-02-15 22:12:50 +01:00			`}`