mirror of
https://github.com/CachetHQ/Cachet.git
synced 2025-03-14 20:39:44 +01:00
Using API Token rather than key. Token now in header. Closes #358.
This commit is contained in:
parent
342281ef0d
commit
cc43dcc6aa
@ -81,8 +81,8 @@ return [
|
||||
return new Dingo\Api\Auth\BasicProvider($app['auth']);
|
||||
},
|
||||
|
||||
'api_key' => function ($app) {
|
||||
return new CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator();
|
||||
'api_token' => function ($app) {
|
||||
return new CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator();
|
||||
},
|
||||
|
||||
],
|
||||
|
@ -77,12 +77,12 @@ return [
|
||||
],
|
||||
|
||||
'user' => [
|
||||
'username' => 'Username',
|
||||
'email' => 'Email',
|
||||
'password' => 'Password',
|
||||
'api-key' => 'API Key',
|
||||
'api-key-help' => 'Regenerating your API key will revoke all existing applications.',
|
||||
'2fa' => [
|
||||
'username' => 'Username',
|
||||
'email' => 'Email',
|
||||
'password' => 'Password',
|
||||
'api-token' => 'API Token',
|
||||
'api-token-help' => 'Regenerating your API token will revoke all existing applications.',
|
||||
'2fa' => [
|
||||
'help' => 'Enabling two factor authentication increases security of your account. You will need to download <a href="https://support.google.com/accounts/answer/1066447?hl=en">Google Authenticator</a> or a similar app on to your mobile device. When you login you will be asked to provide a token generated by the app.',
|
||||
],
|
||||
],
|
||||
|
@ -77,12 +77,12 @@ return [
|
||||
],
|
||||
|
||||
'user' => [
|
||||
'username' => 'Identifiant',
|
||||
'email' => 'Adresse email',
|
||||
'password' => 'Mot de passe',
|
||||
'api-key' => 'Clé API',
|
||||
'api-key-help' => 'Regénérer votre clé API révoquera toutes les applications existantes.',
|
||||
'2fa' => [
|
||||
'username' => 'Identifiant',
|
||||
'email' => 'Adresse email',
|
||||
'password' => 'Mot de passe',
|
||||
'api-token' => 'Jeton API',
|
||||
'api-token-help' => 'Regénérer votre jeton API révoquera toutes les applications existantes.',
|
||||
'2fa' => [
|
||||
'help' => 'Enabling two factor authentication increases security of your account. You will need to download <a href="https://support.google.com/accounts/answer/1066447?hl=en">Google Authenticator</a> or a similar app on to your mobile device. When you login you will be asked to provide a token generated by the app.',
|
||||
],
|
||||
],
|
||||
|
@ -76,12 +76,12 @@ return [
|
||||
],
|
||||
|
||||
'user' => [
|
||||
'username' => 'Usuário',
|
||||
'email' => 'Email',
|
||||
'password' => 'Senha',
|
||||
'api-key' => 'Chave da API',
|
||||
'api-key-help' => 'Regenerar sua chave de API irá revogar todos os aplicativos existentes.',
|
||||
'2fa' => [
|
||||
'username' => 'Usuário',
|
||||
'email' => 'Email',
|
||||
'password' => 'Senha',
|
||||
'api-token' => 'API Token',
|
||||
'api-token-help' => 'Regenerating your API token will revoke all existing applications.',
|
||||
'2fa' => [
|
||||
'help' => 'Enabling two factor authentication increases security of your account. You will need to download <a href="https://support.google.com/accounts/answer/1066447?hl=en">Google Authenticator</a> or a similar app on to your mobile device. When you login you will be asked to provide a token generated by the app.',
|
||||
],
|
||||
],
|
||||
|
@ -29,9 +29,9 @@
|
||||
</div>
|
||||
<hr />
|
||||
<div class="form-group">
|
||||
<label>{{ trans('forms.user.api-key') }}</label>
|
||||
<label>{{ trans('forms.user.api-token') }}</label>
|
||||
<input type="text" class="form-control" name="api_key" disabled value="{{ Auth::user()->api_key }}" />
|
||||
<span class="help-block">{{ trans('forms.user.api-key-help') }}</span>
|
||||
<span class="help-block">{{ trans('forms.user.api-token-help') }}</span>
|
||||
</div>
|
||||
<hr />
|
||||
<div class="form-group">
|
||||
|
@ -9,7 +9,7 @@ use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
|
||||
class ApiKeyAuthenticator extends AuthorizationProvider
|
||||
class ApiTokenAuthenticator extends AuthorizationProvider
|
||||
{
|
||||
/**
|
||||
* Authenticate the request and return the authenticated user instance.
|
||||
@ -23,17 +23,15 @@ class ApiKeyAuthenticator extends AuthorizationProvider
|
||||
*/
|
||||
public function authenticate(Request $request, Route $route)
|
||||
{
|
||||
$api_key = $request->input('api_key', false);
|
||||
|
||||
if ($api_key === false) {
|
||||
throw new UnauthorizedHttpException(null, 'You did not provide an API key.');
|
||||
if ($apiToken = $request->header('X-Cachet-Token')) {
|
||||
try {
|
||||
return User::findByApiToken($apiToken);
|
||||
} catch (ModelNotFoundException $e) {
|
||||
throw new UnauthorizedHttpException(null, 'The API key you provided was not correct.');
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
return User::findByApiKey($api_key);
|
||||
} catch (ModelNotFoundException $e) {
|
||||
throw new UnauthorizedHttpException(null, 'You need to be authenticated to perform this action.');
|
||||
}
|
||||
throw new UnauthorizedHttpException(null, 'You are not authorized to view this content.');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -43,6 +41,6 @@ class ApiKeyAuthenticator extends AuthorizationProvider
|
||||
*/
|
||||
public function getAuthorizationMethod()
|
||||
{
|
||||
return 'api_key';
|
||||
return 'api_token';
|
||||
}
|
||||
}
|
@ -96,16 +96,16 @@ class User extends Model implements UserInterface, RemindableInterface
|
||||
/**
|
||||
* Find by api_key, or throw an exception.
|
||||
*
|
||||
* @param string $api_key
|
||||
* @param string $token
|
||||
* @param string[] $columns
|
||||
*
|
||||
* @throws \Illuminate\Database\Eloquent\ModelNotFoundException
|
||||
*
|
||||
* @return \CachetHQ\Cachet\Models\User
|
||||
*/
|
||||
public static function findByApiKey($api_key, $columns = ['*'])
|
||||
public static function findByApiToken($token, $columns = ['*'])
|
||||
{
|
||||
$user = static::where('api_key', $api_key)->first($columns);
|
||||
$user = static::where('api_key', $token)->first($columns);
|
||||
|
||||
if (!$user) {
|
||||
throw new ModelNotFoundException();
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
namespace CachetHQ\Cachet\Providers;
|
||||
|
||||
use CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator;
|
||||
use CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
|
||||
class AuthServiceProvider extends ServiceProvider
|
||||
@ -24,8 +24,8 @@ class AuthServiceProvider extends ServiceProvider
|
||||
*/
|
||||
public function register()
|
||||
{
|
||||
$this->app->bindShared('CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator', function () {
|
||||
return new ApiKeyAuthenticator();
|
||||
$this->app->bindShared('CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator', function () {
|
||||
return new ApiTokenAuthenticator();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user