Skip to content

Commit

Permalink
authx - Extend support for legacy-auth to APIv4
Browse files Browse the repository at this point in the history
  • Loading branch information
totten committed Feb 5, 2022
1 parent 7511bc6 commit 8d5feab
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions ext/authx/authx.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,12 @@
}
}

if (count($e->args) > 2 && $e->args[1] === 'ajax' && $e->args[2] === 'rest' && (!empty($_REQUEST['api_key']) || !empty($_REQUEST['key']))) {
return (new \Civi\Authx\LegacyRestAuthenticator())->auth($e, ['flow' => 'legacyrest', 'cred' => 'Bearer ' . $_REQUEST['api_key'] ?? '', 'siteKey' => $_REQUEST['key'] ?? NULL]);
// Accept legacy auth (?key=...&api_key=...) for 'civicrm/ajax/rest' and 'civicrm/ajax/api4/*'.
// The use of `?key=` could clash on some endpoints. Only accept on a small list of endpoints that are compatible with it.
if (count($e->args) > 2 && $e->args[1] === 'ajax' && in_array($e->args[2], ['rest', 'api4'])) {
if ((!empty($_REQUEST['api_key']) || !empty($_REQUEST['key']))) {
return (new \Civi\Authx\LegacyRestAuthenticator())->auth($e, ['flow' => 'legacyrest', 'cred' => 'Bearer ' . $_REQUEST['api_key'] ?? '', 'siteKey' => $_REQUEST['key'] ?? NULL]);
}
}
});

Expand Down

0 comments on commit 8d5feab

Please sign in to comment.