mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-07-09 03:14:30 -04:00
Enable mobile app for non-pro users
This commit is contained in:
parent
990b9bff28
commit
8d0bed3754
@ -23,10 +23,11 @@ class ApiCheck {
|
|||||||
{
|
{
|
||||||
$loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
|
$loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
|
||||||
$headers = Utils::getApiHeaders();
|
$headers = Utils::getApiHeaders();
|
||||||
|
$hasApiSecret = hash_equals($request->api_secret ?: '', env(API_SECRET));
|
||||||
|
|
||||||
if ($loggingIn) {
|
if ($loggingIn) {
|
||||||
// check API secret
|
// check API secret
|
||||||
if ( ! $request->api_secret || ! env(API_SECRET) || ! hash_equals($request->api_secret, env(API_SECRET))) {
|
if ( ! $hasApiSecret) {
|
||||||
sleep(ERROR_DELAY);
|
sleep(ERROR_DELAY);
|
||||||
return Response::json('Invalid secret', 403, $headers);
|
return Response::json('Invalid secret', 403, $headers);
|
||||||
}
|
}
|
||||||
@ -48,7 +49,7 @@ class ApiCheck {
|
|||||||
return $next($request);
|
return $next($request);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!Utils::hasFeature(FEATURE_API) && !$loggingIn) {
|
if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
|
||||||
return Response::json('API requires pro plan', 403, $headers);
|
return Response::json('API requires pro plan', 403, $headers);
|
||||||
} else {
|
} else {
|
||||||
$key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();
|
$key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();
|
||||||
|
Loading…
x
Reference in New Issue
Block a user