From bf2248c33ac69ac6f978cb69282aa65a14f3a097 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 11 Jan 2017 17:46:20 +1100
Subject: [PATCH 1/3] Push notification variables (#1275)

---
 app/Constants.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/Constants.php b/app/Constants.php
index 230d291897cf..05f5b61e4ffd 100644
--- a/app/Constants.php
+++ b/app/Constants.php
@@ -351,7 +351,8 @@ if (!defined('APP_NAME'))
     define('DEFAULT_API_PAGE_SIZE', 15);
     define('MAX_API_PAGE_SIZE', 500);
 
-    define('IOS_PUSH_CERTIFICATE', env('IOS_PUSH_CERTIFICATE', ''));
+    define('IOS_DEVICE', env('IOS_DEVICE', ''));
+    define('ANDROID_DEVICE', env('ANDROID_DEVICE', ''));
 
     define('TOKEN_BILLING_DISABLED', 1);
     define('TOKEN_BILLING_OPT_IN', 2);

From 3c19ac08cdc3b58d456954fed561be52e01670b1 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 11 Jan 2017 18:34:29 +1100
Subject: [PATCH 2/3] API error reporting (#1276)

* fix env variable

* update routes

* Improve error handling for API_SECRET when testing API endpoint credentials
---
 app/Http/Controllers/AccountApiController.php | 7 +++++--
 app/Http/Middleware/ApiCheck.php              | 6 +++---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/AccountApiController.php b/app/Http/Controllers/AccountApiController.php
index 1920978c0e77..f81e50510928 100644
--- a/app/Http/Controllers/AccountApiController.php
+++ b/app/Http/Controllers/AccountApiController.php
@@ -27,11 +27,14 @@ class AccountApiController extends BaseAPIController
         $this->accountRepo = $accountRepo;
     }
 
-    public function ping()
+    public function ping(Request $request)
     {
         $headers = Utils::getApiHeaders();
 
-        return Response::make(RESULT_SUCCESS, 200, $headers);
+        if(hash_equals(env(API_SECRET),$request->api_secret))
+            return Response::make(RESULT_SUCCESS, 200, $headers);
+        else
+            return $this->errorResponse(['message'=>'API Secret does not match .env variable'], 400);
     }
 
     public function register(RegisterRequest $request)
diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index 6e7e73223d20..2db5aefc3c77 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -38,7 +38,7 @@ class ApiCheck {
             // check API secret
             if ( ! $hasApiSecret) {
                 sleep(ERROR_DELAY);
-                return Response::json('Invalid value for API_SECRET', 403, $headers);
+                return Response::json(['message'=>'Invalid value for API_SECRET'], 403, $headers);
             }
         } else {
             // check for a valid token
@@ -50,7 +50,7 @@ class ApiCheck {
                 Session::set('token_id', $token->id);
             } else {
                 sleep(ERROR_DELAY);
-                return Response::json('Invalid token', 403, $headers);
+                return Response::json(['message'=>'Invalid token'], 403, $headers);
             }
         }
 
@@ -59,7 +59,7 @@ class ApiCheck {
         }
 
         if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
-            return Response::json('API requires pro plan', 403, $headers);
+            return Response::json(['message'=>'API requires pro plan'], 403, $headers);
         } else {
             $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();
 

From 971653ec7debb4afc0061cd5c21f0ab440652d24 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 11 Jan 2017 19:13:22 +1100
Subject: [PATCH 3/3] Api error handling (#1277)

* fix env variable

* update routes

* Improve error handling for API_SECRET when testing API endpoint credentials

* exclude /api/v1/ping from API check
---
 app/Http/Middleware/ApiCheck.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index 2db5aefc3c77..93de1b0c433c 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -25,7 +25,9 @@ class ApiCheck {
     {
         $loggingIn = $request->is('api/v1/login')
             || $request->is('api/v1/register')
-            || $request->is('api/v1/oauth_login');
+            || $request->is('api/v1/oauth_login')
+            || $request->is('api/v1/ping');
+
         $headers = Utils::getApiHeaders();
         $hasApiSecret = false;
 
@@ -38,7 +40,8 @@ class ApiCheck {
             // check API secret
             if ( ! $hasApiSecret) {
                 sleep(ERROR_DELAY);
-                return Response::json(['message'=>'Invalid value for API_SECRET'], 403, $headers);
+                $error['error'] = ['message'=>'Invalid value for API_SECRET'];
+                return Response::json($error, 403, $headers);
             }
         } else {
             // check for a valid token
@@ -50,7 +53,8 @@ class ApiCheck {
                 Session::set('token_id', $token->id);
             } else {
                 sleep(ERROR_DELAY);
-                return Response::json(['message'=>'Invalid token'], 403, $headers);
+                $error['error'] = ['message'=>'Invalid token'];
+                return Response::json($error, 403, $headers);
             }
         }
 
@@ -59,7 +63,8 @@ class ApiCheck {
         }
 
         if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
-            return Response::json(['message'=>'API requires pro plan'], 403, $headers);
+            $error['error'] = ['message'=>'API requires pro plan'];
+            return Response::json($error, 403, $headers);
         } else {
             $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();