From 092f8425921d374b3805a4466199143e03467743 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Tue, 20 Sep 2016 09:03:07 +0300
Subject: [PATCH] Clarify API secret error

---
 app/Http/Middleware/ApiCheck.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index 3561695e5cb4..f6cb0126c53f 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -25,6 +25,7 @@ class ApiCheck {
     {
         $loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
         $headers = Utils::getApiHeaders();
+        $hasApiSecret = false;
 
         if ($secret = env(API_SECRET)) {
             $hasApiSecret = hash_equals($request->api_secret ?: '', $secret);
@@ -34,7 +35,7 @@ class ApiCheck {
             // check API secret
             if ( ! $hasApiSecret) {
                 sleep(ERROR_DELAY);
-                return Response::json('Invalid secret', 403, $headers);
+                return Response::json('Invalid value for API_SECRET', 403, $headers);
             }
         } else {
             // check for a valid token