mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-06 08:27:42 +02:00
Code Issues Releases Wiki Activity

[b8] master token fix (#1622)

Browse Source 
* fixed not being able to use master token because id column no longer holds key
* added flexibility of user_id column
* added tests to confirm the api keys actually work as intended
This commit is contained in:
Daniël Klabbers
2018-11-07 22:34:09 +01:00
committed by Franz Liedke
parent fb185f70cd
commit bb0fc165af
4 changed files with 174 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Http/Middleware/AuthenticateWithHeader.php
View File

@@ -32,13 +32,14 @@ class AuthenticateWithHeader implements Middleware
if (isset($parts[0]) && starts_with($parts[0], self::TOKEN_PREFIX)) {
$id = substr($parts[0], strlen(self::TOKEN_PREFIX));
if (isset($parts[1])) {
if ($key = ApiKey::find($id)) {
$actor = $this->getUser($parts[1]);
if ($key = ApiKey::where('key', $id)->first()) {
$key->touch();
$request = $request->withAttribute('apiKey', $key);
$request = $request->withAttribute('bypassFloodgate', true);
}
$userId = $parts[1] ?? '';
$actor = $key->user ?? $this->getUser($userId);
$request = $request->withAttribute('apiKey', $key);
$request = $request->withAttribute('bypassFloodgate', true);
} elseif ($token = AccessToken::find($id)) {
$token->touch();