Fix FLEXIAPI-262 Bypass the JWT auth if we have an API

CHANGELOG.md

@@ -14,6 +14,7 @@ v1.7
 - Fix FLEXIAPI-255 Create a INSTALL.md tutorial and log FlexisipPusherConnector errors
 - Fix FLEXIAPI-257 Return a more coherent message when search API endpoints returns a 404
 - Fix FLEXIAPI-260 Return 404 and not 403 if the contact is already in the list or missing when removing it
+- Fix FLEXIAPI-262 Bypass the JWT auth if we have an API Key
 
 v1.6
 ----

flexiapi/app/Http/Middleware/AuthenticateJWT.php

@@ -99,7 +99,12 @@ class AuthenticateJWT
             return $next($request);
         }
 
-        if (!empty(config('app.account_authentication_bearer'))) {
+        if (
+            !empty(config('app.account_authentication_bearer'))
+            // Bypass the JWT auth if we have an API Key
+            && !$request->header('x-api-key')
+            && !$request->cookie('x-api-key')
+        ) {
             $response = new Response();
 
             $response->header(

flexiapi/tests/Feature/ApiAccountApiKeyTest.php

@@ -64,13 +64,20 @@ class ApiAccountApiKeyTest extends TestCase
             ->json($this->method, '/api/accounts/me')
             ->assertStatus(200);
 
+        $this->keyAuthenticated($account)
+            ->json($this->method, '/api/accounts/me')
+            ->assertStatus(200);
+
+        // Bypass the JWT middleware
+        config()->set('app.account_authentication_bearer', 'fake-bearer');
+
         $this->keyAuthenticated($account)
             ->json($this->method, '/api/accounts/me')
             ->assertStatus(200);
 
         $this->assertDatabaseHas('api_keys', [
             'account_id' => $account->id,
-            'requests' => 2
+            'requests' => 3
         ]);
 
         DB::table('api_keys')->update(['ip' => 'no_localhost']);