Using API Token rather than key. Token now in header. Closes #358.
This commit is contained in:
James Brooks
@@ -9,7 +9,7 @@ use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
|
||||
class ApiKeyAuthenticator extends AuthorizationProvider
|
||||
class ApiTokenAuthenticator extends AuthorizationProvider
|
||||
{
|
||||
/**
|
||||
* Authenticate the request and return the authenticated user instance.
|
||||
@@ -23,17 +23,15 @@ class ApiKeyAuthenticator extends AuthorizationProvider
|
||||
*/
|
||||
public function authenticate(Request $request, Route $route)
|
||||
{
|
||||
$api_key = $request->input('api_key', false);
|
||||
|
||||
if ($api_key === false) {
|
||||
throw new UnauthorizedHttpException(null, 'You did not provide an API key.');
|
||||
if ($apiToken = $request->header('X-Cachet-Token')) {
|
||||
try {
|
||||
return User::findByApiToken($apiToken);
|
||||
} catch (ModelNotFoundException $e) {
|
||||
throw new UnauthorizedHttpException(null, 'The API key you provided was not correct.');
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
return User::findByApiKey($api_key);
|
||||
} catch (ModelNotFoundException $e) {
|
||||
throw new UnauthorizedHttpException(null, 'You need to be authenticated to perform this action.');
|
||||
}
|
||||
throw new UnauthorizedHttpException(null, 'You are not authorized to view this content.');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -43,6 +41,6 @@ class ApiKeyAuthenticator extends AuthorizationProvider
|
||||
*/
|
||||
public function getAuthorizationMethod()
|
||||
{
|
||||
return 'api_key';
|
||||
return 'api_token';
|
||||
}
|
||||
}
|
||||
@@ -96,16 +96,16 @@ class User extends Model implements UserInterface, RemindableInterface
|
||||
/**
|
||||
* Find by api_key, or throw an exception.
|
||||
*
|
||||
* @param string $api_key
|
||||
* @param string $token
|
||||
* @param string[] $columns
|
||||
*
|
||||
* @throws \Illuminate\Database\Eloquent\ModelNotFoundException
|
||||
*
|
||||
* @return \CachetHQ\Cachet\Models\User
|
||||
*/
|
||||
public static function findByApiKey($api_key, $columns = ['*'])
|
||||
public static function findByApiToken($token, $columns = ['*'])
|
||||
{
|
||||
$user = static::where('api_key', $api_key)->first($columns);
|
||||
$user = static::where('api_key', $token)->first($columns);
|
||||
|
||||
if (!$user) {
|
||||
throw new ModelNotFoundException();
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace CachetHQ\Cachet\Providers;
|
||||
|
||||
use CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator;
|
||||
use CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
|
||||
class AuthServiceProvider extends ServiceProvider
|
||||
@@ -24,8 +24,8 @@ class AuthServiceProvider extends ServiceProvider
|
||||
*/
|
||||
public function register()
|
||||
{
|
||||
$this->app->bindShared('CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator', function () {
|
||||
return new ApiKeyAuthenticator();
|
||||
$this->app->bindShared('CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator', function () {
|
||||
return new ApiTokenAuthenticator();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user