diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | app/Api/Auth.php | 17 | ||||
| -rw-r--r-- | doc/config.markdown | 3 |
3 files changed, 20 insertions, 1 deletions
@@ -23,6 +23,7 @@ New features: * Add new project role Viewer (Work in progress) * Add generic LDAP client library * Add search query attribute for task link +* Add the possibility to define API token in config file Version 1.0.21 -------------- diff --git a/app/Api/Auth.php b/app/Api/Auth.php index 0a911796..a9d1617c 100644 --- a/app/Api/Auth.php +++ b/app/Api/Auth.php @@ -60,6 +60,21 @@ class Auth extends Base */ private function isAppAuthenticated($username, $password) { - return $username === 'jsonrpc' && $password === $this->config->get('api_token'); + return $username === 'jsonrpc' && $password === $this->getApiToken(); + } + + /** + * Get API Token + * + * @access private + * @return string + */ + private function getApiToken() + { + if (defined('API_AUTHENTICATION_TOKEN')) { + return API_AUTHENTICATION_TOKEN; + } + + return $this->config->get('api_token'); } } diff --git a/doc/config.markdown b/doc/config.markdown index 8ae56df6..e7916454 100644 --- a/doc/config.markdown +++ b/doc/config.markdown @@ -294,4 +294,7 @@ define('API_AUTHENTICATION_HEADER', ''); // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication define('HIDE_LOGIN_FORM', false); + +// Override API token stored in the database, useful for automated tests +define('API_AUTHENTICATION_TOKEN', 'My unique API Token'); ``` |