Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-10 05:02:36 +01:00
Code Issues Releases Activity

Support sending API secret as header

Browse Source
This commit is contained in:
Hillel Coren 2016-10-26 10:24:16 +03:00
parent c82e8476dc
commit b7c783aa15
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Middleware/ApiCheck.php
View File

@ -30,7 +30,8 @@ class ApiCheck {
$hasApiSecret = false;
if ($secret = env(API_SECRET)) {
$hasApiSecret = hash_equals($request->api_secret ?: '', $secret);
$requestSecret = Request::header('X-Ninja-Secret') ?: ($request->api_secret ?: '');
$hasApiSecret = hash_equals($requestSecret, $secret);
}
if ($loggingIn) {