Using API Token rather than key. Token now in header. Closes #358.

2025-03-14 20:39:44 +01:00 · 2015-01-12 13:34:31 +00:00 · 2015-01-12 13:34:31 +00:00 · cc43dcc6aa
commit cc43dcc6aa
parent 342281ef0d
8 changed files with 37 additions and 39 deletions
--- a/app/config/packages/dingo/api/config.php
+++ b/app/config/packages/dingo/api/config.php
@ -81,8 +81,8 @@ return [
            return new Dingo\Api\Auth\BasicProvider($app['auth']);
        },

-        'api_key' => function ($app) {
-            return new CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator();
+        'api_token' => function ($app) {
+            return new CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator();
        },

    ],
--- a/app/lang/en/forms.php
+++ b/app/lang/en/forms.php
@ -77,12 +77,12 @@ return [
    ],

    'user' => [
-        'username'     => 'Username',
-        'email'        => 'Email',
-        'password'     => 'Password',
-        'api-key'      => 'API Key',
-        'api-key-help' => 'Regenerating your API key will revoke all existing applications.',
-        '2fa'          => [
+        'username'       => 'Username',
+        'email'          => 'Email',
+        'password'       => 'Password',
+        'api-token'      => 'API Token',
+        'api-token-help' => 'Regenerating your API token will revoke all existing applications.',
+        '2fa'            => [
            'help' => 'Enabling two factor authentication increases security of your account. You will need to download <a href="https://support.google.com/accounts/answer/1066447?hl=en">Google Authenticator</a> or a similar app on to your mobile device. When you login you will be asked to provide a token generated by the app.',
        ],
    ],
--- a/app/lang/fr/forms.php
+++ b/app/lang/fr/forms.php
@ -77,12 +77,12 @@ return [
    ],

    'user' => [
-        'username'     => 'Identifiant',
-        'email'        => 'Adresse email',
-        'password'     => 'Mot de passe',
-        'api-key'      => 'Clé API',
-        'api-key-help' => 'Regénérer votre clé API révoquera toutes les applications existantes.',
-        '2fa'          => [
+        'username'       => 'Identifiant',
+        'email'          => 'Adresse email',
+        'password'       => 'Mot de passe',
+        'api-token'      => 'Jeton API',
+        'api-token-help' => 'Regénérer votre jeton API révoquera toutes les applications existantes.',
+        '2fa'            => [
            'help' => 'Enabling two factor authentication increases security of your account. You will need to download <a href="https://support.google.com/accounts/answer/1066447?hl=en">Google Authenticator</a> or a similar app on to your mobile device. When you login you will be asked to provide a token generated by the app.',
        ],
    ],
--- a/app/lang/pt-BR/forms.php
+++ b/app/lang/pt-BR/forms.php
@ -76,12 +76,12 @@ return [
    ],

    'user' => [
-        'username'     => 'Usuário',
-        'email'        => 'Email',
-        'password'     => 'Senha',
-        'api-key'      => 'Chave da API',
-        'api-key-help' => 'Regenerar sua chave de API irá revogar todos os aplicativos existentes.',
-        '2fa'          => [
+        'username'       => 'Usuário',
+        'email'          => 'Email',
+        'password'       => 'Senha',
+        'api-token'      => 'API Token',
+        'api-token-help' => 'Regenerating your API token will revoke all existing applications.',
+        '2fa'            => [
            'help' => 'Enabling two factor authentication increases security of your account. You will need to download <a href="https://support.google.com/accounts/answer/1066447?hl=en">Google Authenticator</a> or a similar app on to your mobile device. When you login you will be asked to provide a token generated by the app.',
        ],
    ],
--- a/app/views/dashboard/user/index.blade.php
+++ b/app/views/dashboard/user/index.blade.php
@ -29,9 +29,9 @@
                        </div>
                        <hr />
                        <div class="form-group">
-                            <label>{{ trans('forms.user.api-key') }}</label>
+                            <label>{{ trans('forms.user.api-token') }}</label>
                            <input type="text" class="form-control" name="api_key" disabled value="{{ Auth::user()->api_key }}" />
-                            <span class="help-block">{{ trans('forms.user.api-key-help') }}</span>
+                            <span class="help-block">{{ trans('forms.user.api-token-help') }}</span>
                        </div>
                        <hr />
                        <div class="form-group">
--- a/src/Http/Auth/ApiTokenAuthenticator.php
+++ b/src/Http/Auth/ApiTokenAuthenticator.php
@ -9,7 +9,7 @@ use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Http\Request;
 use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;

-class ApiKeyAuthenticator extends AuthorizationProvider
+class ApiTokenAuthenticator extends AuthorizationProvider
 {
    /**
     * Authenticate the request and return the authenticated user instance.
@ -23,17 +23,15 @@ class ApiKeyAuthenticator extends AuthorizationProvider
     */
    public function authenticate(Request $request, Route $route)
    {
-        $api_key = $request->input('api_key', false);
-
-        if ($api_key === false) {
-            throw new UnauthorizedHttpException(null, 'You did not provide an API key.');
+        if ($apiToken = $request->header('X-Cachet-Token')) {
+            try {
+                return User::findByApiToken($apiToken);
+            } catch (ModelNotFoundException $e) {
+                throw new UnauthorizedHttpException(null, 'The API key you provided was not correct.');
+            }
        }

-        try {
-            return User::findByApiKey($api_key);
-        } catch (ModelNotFoundException $e) {
-            throw new UnauthorizedHttpException(null, 'You need to be authenticated to perform this action.');
-        }
+        throw new UnauthorizedHttpException(null, 'You are not authorized to view this content.');
    }

    /**
@ -43,6 +41,6 @@ class ApiKeyAuthenticator extends AuthorizationProvider
     */
    public function getAuthorizationMethod()
    {
-        return 'api_key';
+        return 'api_token';
    }
 }
--- a/src/Models/User.php
+++ b/src/Models/User.php
@ -96,16 +96,16 @@ class User extends Model implements UserInterface, RemindableInterface
    /**
     * Find by api_key, or throw an exception.
     *
-     * @param string   $api_key
+     * @param string   $token
     * @param string[] $columns
     *
     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
     *
     * @return \CachetHQ\Cachet\Models\User
     */
-    public static function findByApiKey($api_key, $columns = ['*'])
+    public static function findByApiToken($token, $columns = ['*'])
    {
-        $user = static::where('api_key', $api_key)->first($columns);
+        $user = static::where('api_key', $token)->first($columns);

        if (!$user) {
            throw new ModelNotFoundException();
--- a/src/Providers/AuthServiceProvider.php
+++ b/src/Providers/AuthServiceProvider.php
@ -2,7 +2,7 @@

 namespace CachetHQ\Cachet\Providers;

-use CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator;
+use CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator;
 use Illuminate\Support\ServiceProvider;

 class AuthServiceProvider extends ServiceProvider
@ -24,8 +24,8 @@ class AuthServiceProvider extends ServiceProvider
     */
    public function register()
    {
-        $this->app->bindShared('CachetHQ\Cachet\Http\Auth\ApiKeyAuthenticator', function () {
-            return new ApiKeyAuthenticator();
+        $this->app->bindShared('CachetHQ\Cachet\Http\Auth\ApiTokenAuthenticator', function () {
+            return new ApiTokenAuthenticator();
        });
    }
 }