From 0bbc58297138856b9015f03b1d49e04ab5b14ba3 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Tue, 7 May 2019 15:03:13 -0400 Subject: [PATCH] New token= query for JWT --- web/api/app/Controller/AppController.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index 51575f055..840a14f58 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -73,19 +73,27 @@ class AppController extends Controller { $mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user'); $mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass'); - $mAuth = $this->request->query('auth') ? $this->request->query('auth') : $this->request->data('auth'); + $mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token'); if ( $mUser and $mPassword ) { - $user = userLogin($mUser, $mPassword); + $user = userLogin($mUser, $mPassword, true); if ( !$user ) { throw new UnauthorizedException(__('User not found or incorrect password')); return; } - } else if ( $mAuth ) { - $user = getAuthUser($mAuth); + } else if ( $mToken ) { + $ret = validateToken($mToken); + $user = $ret[0]; + $retstatus = $ret[1]; if ( !$user ) { - throw new UnauthorizedException(__('Invalid Auth Key')); + throw new UnauthorizedException(__($retstatus)); return; + } else if ( $mAuth ) { + $user = getAuthUser($mAuth); + if ( !$user ) { + throw new UnauthorizedException(__('Invalid Auth Key')); + return; + } } } // We need to reject methods that are not authenticated