From 8d0bed37541af46f63270f669b6ff013da3605d9 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Sun, 29 May 2016 17:31:03 +0300
Subject: [PATCH] Enable mobile app for non-pro users

---
 app/Http/Middleware/ApiCheck.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index b20b19841f..5200c3264a 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -23,10 +23,11 @@ class ApiCheck {
     {
         $loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
         $headers = Utils::getApiHeaders();
+        $hasApiSecret = hash_equals($request->api_secret ?: '', env(API_SECRET));
 
         if ($loggingIn) {
             // check API secret
-            if ( ! $request->api_secret || ! env(API_SECRET) || ! hash_equals($request->api_secret, env(API_SECRET))) {
+            if ( ! $hasApiSecret) {
                 sleep(ERROR_DELAY);
                 return Response::json('Invalid secret', 403, $headers);
             }
@@ -48,7 +49,7 @@ class ApiCheck {
             return $next($request);
         }
 
-        if (!Utils::hasFeature(FEATURE_API) && !$loggingIn) {
+        if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
             return Response::json('API requires pro plan', 403, $headers);
         } else {
             $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();
@@ -59,7 +60,7 @@ class ApiCheck {
             $hour_throttle = Cache::get("hour_throttle:{$key}", null);
             $last_api_request = Cache::get("last_api_request:{$key}", 0);
             $last_api_diff = time() - $last_api_request;
-            
+
             if (is_null($hour_throttle)) {
                 $new_hour_throttle = 0;
             } else {
@@ -83,4 +84,4 @@ class ApiCheck {
         return $next($request);
     }
 
-}
\ No newline at end of file
+}