tim/invoiceninja
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow ping with api_secret or account token

Browse source
This commit is contained in:
Hillel Coren 2017-03-05 12:30:08 +02:00
parent 301c36809c
commit 675f899744
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/ApiCheck.php
View file

@ -54,6 +54,8 @@ class ApiCheck
if ($token && $token->user) {
Auth::onceUsingId($token->user_id);
Session::set('token_id', $token->id);
} elseif ($hasApiSecret && $request->is('api/v1/ping')) {
// do nothing: allow ping with api_secret or account token
} else {
sleep(ERROR_DELAY);
$error['error'] = ['message' => 'Invalid token'];