From 756e8697c04dc0d4ba053f81a99022273377be35 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 6 Dec 2015 18:13:49 -0500
Subject: Add the possibility to define API token in config file

---
 ChangeLog           |  1 +
 app/Api/Auth.php    | 17 ++++++++++++++++-
 doc/config.markdown |  3 +++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 4d0e919c..06fbe4af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@ New features:
 * Add new project role Viewer (Work in progress)
 * Add generic LDAP client library
 * Add search query attribute for task link
+* Add the possibility to define API token in config file
 
 Version 1.0.21
 --------------
diff --git a/app/Api/Auth.php b/app/Api/Auth.php
index 0a911796..a9d1617c 100644
--- a/app/Api/Auth.php
+++ b/app/Api/Auth.php
@@ -60,6 +60,21 @@ class Auth extends Base
      */
     private function isAppAuthenticated($username, $password)
     {
-        return $username === 'jsonrpc' && $password === $this->config->get('api_token');
+        return $username === 'jsonrpc' && $password === $this->getApiToken();
+    }
+
+    /**
+     * Get API Token
+     *
+     * @access private
+     * @return string
+     */
+    private function getApiToken()
+    {
+        if (defined('API_AUTHENTICATION_TOKEN')) {
+            return API_AUTHENTICATION_TOKEN;
+        }
+
+        return $this->config->get('api_token');
     }
 }
diff --git a/doc/config.markdown b/doc/config.markdown
index 8ae56df6..e7916454 100644
--- a/doc/config.markdown
+++ b/doc/config.markdown
@@ -294,4 +294,7 @@ define('API_AUTHENTICATION_HEADER', '');
 
 // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication
 define('HIDE_LOGIN_FORM', false);
+
+// Override API token stored in the database, useful for automated tests
+define('API_AUTHENTICATION_TOKEN', 'My unique API Token');
 ```
-- 
cgit v1.2.3