Merge branch 'develop' of github.com:invoiceninja/invoiceninja into develop

2024-11-09 20:52:56 +01:00 · 2017-01-11 11:36:07 +02:00 · 2017-01-11 11:36:07 +02:00 · 6880e3abd2
commit 6880e3abd2
parent a8d15571ac 971653ec7d
3 changed files with 16 additions and 7 deletions
--- a/app/Constants.php
+++ b/app/Constants.php
@ -351,7 +351,8 @@ if (!defined('APP_NAME'))
    define('DEFAULT_API_PAGE_SIZE', 15);
    define('MAX_API_PAGE_SIZE', 500);

-    define('IOS_PUSH_CERTIFICATE', env('IOS_PUSH_CERTIFICATE', ''));
+    define('IOS_DEVICE', env('IOS_DEVICE', ''));
+    define('ANDROID_DEVICE', env('ANDROID_DEVICE', ''));

    define('TOKEN_BILLING_DISABLED', 1);
    define('TOKEN_BILLING_OPT_IN', 2);
--- a/app/Http/Controllers/AccountApiController.php
+++ b/app/Http/Controllers/AccountApiController.php
@ -27,11 +27,14 @@ class AccountApiController extends BaseAPIController
        $this->accountRepo = $accountRepo;
    }

-    public function ping()
+    public function ping(Request $request)
    {
        $headers = Utils::getApiHeaders();

-        return Response::make(RESULT_SUCCESS, 200, $headers);
+        if(hash_equals(env(API_SECRET),$request->api_secret))
+            return Response::make(RESULT_SUCCESS, 200, $headers);
+        else
+            return $this->errorResponse(['message'=>'API Secret does not match .env variable'], 400);
    }

    public function register(RegisterRequest $request)
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@ -25,7 +25,9 @@ class ApiCheck {
    {
        $loggingIn = $request->is('api/v1/login')
            || $request->is('api/v1/register')
-            || $request->is('api/v1/oauth_login');
+            || $request->is('api/v1/oauth_login')
+            || $request->is('api/v1/ping');
+
        $headers = Utils::getApiHeaders();
        $hasApiSecret = false;

@ -38,7 +40,8 @@ class ApiCheck {
            // check API secret
            if ( ! $hasApiSecret) {
                sleep(ERROR_DELAY);
-                return Response::json('Invalid value for API_SECRET', 403, $headers);
+                $error['error'] = ['message'=>'Invalid value for API_SECRET'];
+                return Response::json($error, 403, $headers);
            }
        } else {
            // check for a valid token
@ -50,7 +53,8 @@ class ApiCheck {
                Session::set('token_id', $token->id);
            } else {
                sleep(ERROR_DELAY);
-                return Response::json('Invalid token', 403, $headers);
+                $error['error'] = ['message'=>'Invalid token'];
+                return Response::json($error, 403, $headers);
            }
        }

@ -59,7 +63,8 @@ class ApiCheck {
        }

        if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
-            return Response::json('API requires pro plan', 403, $headers);
+            $error['error'] = ['message'=>'API requires pro plan'];
+            return Response::json($error, 403, $headers);
        } else {
            $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();