diff --git a/CHANGELOG.md b/CHANGELOG.md index 20dac25..cfa601b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ v1.7 - Fix FLEXIAPI-255 Create a INSTALL.md tutorial and log FlexisipPusherConnector errors - Fix FLEXIAPI-257 Return a more coherent message when search API endpoints returns a 404 - Fix FLEXIAPI-260 Return 404 and not 403 if the contact is already in the list or missing when removing it +- Fix FLEXIAPI-262 Bypass the JWT auth if we have an API Key v1.6 ---- diff --git a/flexiapi/app/Http/Middleware/AuthenticateJWT.php b/flexiapi/app/Http/Middleware/AuthenticateJWT.php index 571608f..d99d24d 100644 --- a/flexiapi/app/Http/Middleware/AuthenticateJWT.php +++ b/flexiapi/app/Http/Middleware/AuthenticateJWT.php @@ -99,7 +99,12 @@ class AuthenticateJWT return $next($request); } - if (!empty(config('app.account_authentication_bearer'))) { + if ( + !empty(config('app.account_authentication_bearer')) + // Bypass the JWT auth if we have an API Key + && !$request->header('x-api-key') + && !$request->cookie('x-api-key') + ) { $response = new Response(); $response->header( diff --git a/flexiapi/tests/Feature/ApiAccountApiKeyTest.php b/flexiapi/tests/Feature/ApiAccountApiKeyTest.php index d53cbaf..171e5ab 100644 --- a/flexiapi/tests/Feature/ApiAccountApiKeyTest.php +++ b/flexiapi/tests/Feature/ApiAccountApiKeyTest.php @@ -64,13 +64,20 @@ class ApiAccountApiKeyTest extends TestCase ->json($this->method, '/api/accounts/me') ->assertStatus(200); + $this->keyAuthenticated($account) + ->json($this->method, '/api/accounts/me') + ->assertStatus(200); + + // Bypass the JWT middleware + config()->set('app.account_authentication_bearer', 'fake-bearer'); + $this->keyAuthenticated($account) ->json($this->method, '/api/accounts/me') ->assertStatus(200); $this->assertDatabaseHas('api_keys', [ 'account_id' => $account->id, - 'requests' => 2 + 'requests' => 3 ]); DB::table('api_keys')->update(['ip' => 'no_localhost']);