Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-08 07:54:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:invoiceninja/invoiceninja into develop

Browse Source
This commit is contained in:
Hillel Coren 2017-01-11 11:36:07 +02:00
commit 6880e3abd2
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Constants.php
View File

@ -351,7 +351,8 @@ if (!defined('APP_NAME'))
define('DEFAULT_API_PAGE_SIZE', 15); define('DEFAULT_API_PAGE_SIZE', 15);
define('MAX_API_PAGE_SIZE', 500); define('MAX_API_PAGE_SIZE', 500);
define('IOS_PUSH_CERTIFICATE', env('IOS_PUSH_CERTIFICATE', '')); define('IOS_DEVICE', env('IOS_DEVICE', ''));
define('ANDROID_DEVICE', env('ANDROID_DEVICE', ''));
define('TOKEN_BILLING_DISABLED', 1); define('TOKEN_BILLING_DISABLED', 1);
define('TOKEN_BILLING_OPT_IN', 2); define('TOKEN_BILLING_OPT_IN', 2);

5
app/Http/Controllers/AccountApiController.php
View File

@ -27,11 +27,14 @@ class AccountApiController extends BaseAPIController
$this->accountRepo = $accountRepo; $this->accountRepo = $accountRepo;
} }
public function ping() public function ping(Request $request)
{ {
$headers = Utils::getApiHeaders(); $headers = Utils::getApiHeaders();
if(hash_equals(env(API_SECRET),$request->api_secret))
return Response::make(RESULT_SUCCESS, 200, $headers); return Response::make(RESULT_SUCCESS, 200, $headers);
else
return $this->errorResponse(['message'=>'API Secret does not match .env variable'], 400);
} }
public function register(RegisterRequest $request) public function register(RegisterRequest $request)

13
app/Http/Middleware/ApiCheck.php
View File

@ -25,7 +25,9 @@ class ApiCheck {
{ {
$loggingIn = $request->is('api/v1/login') $loggingIn = $request->is('api/v1/login')
|| $request->is('api/v1/register') || $request->is('api/v1/register')
|| $request->is('api/v1/oauth_login'); || $request->is('api/v1/oauth_login')
|| $request->is('api/v1/ping');
$headers = Utils::getApiHeaders(); $headers = Utils::getApiHeaders();
$hasApiSecret = false; $hasApiSecret = false;
@ -38,7 +40,8 @@ class ApiCheck {
// check API secret // check API secret
if ( ! $hasApiSecret) { if ( ! $hasApiSecret) {
sleep(ERROR_DELAY); sleep(ERROR_DELAY);
return Response::json('Invalid value for API_SECRET', 403, $headers); $error['error'] = ['message'=>'Invalid value for API_SECRET'];
return Response::json($error, 403, $headers);
} }
} else { } else {
// check for a valid token // check for a valid token
@ -50,7 +53,8 @@ class ApiCheck {
Session::set('token_id', $token->id); Session::set('token_id', $token->id);
} else { } else {
sleep(ERROR_DELAY); sleep(ERROR_DELAY);
return Response::json('Invalid token', 403, $headers); $error['error'] = ['message'=>'Invalid token'];
return Response::json($error, 403, $headers);
} }
} }
@ -59,7 +63,8 @@ class ApiCheck {
} }
if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) { if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
return Response::json('API requires pro plan', 403, $headers); $error['error'] = ['message'=>'API requires pro plan'];
return Response::json($error, 403, $headers);
} else { } else {
$key = Auth::check() ? Auth::user()->account->id : $request->getClientIp(); $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();