diff --git a/application/config/migration.php b/application/config/migration.php index b60a960f..67f170a7 100755 --- a/application/config/migration.php +++ b/application/config/migration.php @@ -37,7 +37,7 @@ $config['migration_table'] = 'ea_migrations'; | be upgraded / downgraded to. | */ -$config['migration_version'] = 15; // current +$config['migration_version'] = 17; // current /* diff --git a/application/controllers/api/v1/API_V1_Controller.php b/application/controllers/api/v1/API_V1_Controller.php index 2940bfc4..c92a47ea 100644 --- a/application/controllers/api/v1/API_V1_Controller.php +++ b/application/controllers/api/v1/API_V1_Controller.php @@ -11,7 +11,7 @@ * @since v1.2.0 * ---------------------------------------------------------------------------- */ -use \EA\Engine\Types\NonEmptyText; +use EA\Engine\Types\NonEmptyText; /** * API V1 Controller @@ -35,27 +35,88 @@ class API_V1_Controller extends CI_Controller { */ public function __construct() { - if ( ! isset($_SERVER['PHP_AUTH_USER'])) - { - $this->_requestAuthentication(); - return; - } - - parent::__construct(); - try { + parent::__construct(); + + $this->load->model('settings_model'); + + $api_token = $this->settings_model->get_setting('api_token'); + + $authorization = new \EA\Engine\Api\V1\Authorization($this); + + if ( ! empty($api_token) && $api_token === $this->_getBearerToken()) + { + return; + } + + if ( ! isset($_SERVER['PHP_AUTH_USER'])) + { + $this->_requestAuthentication(); + return; + } + $username = new NonEmptyText($_SERVER['PHP_AUTH_USER']); $password = new NonEmptyText($_SERVER['PHP_AUTH_PW']); - $authorization = new \EA\Engine\Api\V1\Authorization($this); $authorization->basic($username, $password); - } - catch (\Exception $exception) + } catch (\Exception $exception) { exit($this->_handleException($exception)); } } + /** + * Returns the bearer token value. + * + * @return string + */ + protected function _getBearerToken() + { + $headers = $this->_getAuthorizationHeader(); + // HEADER: Get the access token from the header + if ( ! empty($headers)) + { + if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) + { + return $matches[1]; + } + } + return NULL; + } + + /** + * Returns the authorization header. + * + * @return string + */ + protected function _getAuthorizationHeader() + { + $headers = NULL; + + if (isset($_SERVER['Authorization'])) + { + $headers = trim($_SERVER['Authorization']); + } else + { + if (isset($_SERVER['HTTP_AUTHORIZATION'])) + { + //Nginx or fast CGI + $headers = trim($_SERVER['HTTP_AUTHORIZATION']); + } elseif (function_exists('apache_request_headers')) + { + $requestHeaders = apache_request_headers(); + // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization) + $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders)); + //print_r($requestHeaders); + if (isset($requestHeaders['Authorization'])) + { + $headers = trim($requestHeaders['Authorization']); + } + } + } + return $headers; + } + /** * Sets request authentication headers. */ diff --git a/application/language/arabic/translations_lang.php b/application/language/arabic/translations_lang.php index 4ac5ab16..4486dc77 100755 --- a/application/language/arabic/translations_lang.php +++ b/application/language/arabic/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/bulgarian/translations_lang.php b/application/language/bulgarian/translations_lang.php index 82a519e6..461a705e 100755 --- a/application/language/bulgarian/translations_lang.php +++ b/application/language/bulgarian/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/chinese/translations_lang.php b/application/language/chinese/translations_lang.php index 501e707b..8a1d9137 100755 --- a/application/language/chinese/translations_lang.php +++ b/application/language/chinese/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/czech/translations_lang.php b/application/language/czech/translations_lang.php index 6c73b975..1737b644 100644 --- a/application/language/czech/translations_lang.php +++ b/application/language/czech/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/danish/translations_lang.php b/application/language/danish/translations_lang.php index 30cb6ced..f524aa72 100755 --- a/application/language/danish/translations_lang.php +++ b/application/language/danish/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/dutch/translations_lang.php b/application/language/dutch/translations_lang.php index d71d13be..d86fdb08 100755 --- a/application/language/dutch/translations_lang.php +++ b/application/language/dutch/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/english/translations_lang.php b/application/language/english/translations_lang.php index 8f01004f..6d5fb984 100755 --- a/application/language/english/translations_lang.php +++ b/application/language/english/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/finnish/translations_lang.php b/application/language/finnish/translations_lang.php index 1a3d1560..f999beab 100755 --- a/application/language/finnish/translations_lang.php +++ b/application/language/finnish/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/french/translations_lang.php b/application/language/french/translations_lang.php index 6ec36d74..63ab6d36 100755 --- a/application/language/french/translations_lang.php +++ b/application/language/french/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/german/translations_lang.php b/application/language/german/translations_lang.php index 455e6b08..eea98eea 100755 --- a/application/language/german/translations_lang.php +++ b/application/language/german/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/greek/translations_lang.php b/application/language/greek/translations_lang.php index fe8c03b1..6ffc7aec 100755 --- a/application/language/greek/translations_lang.php +++ b/application/language/greek/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/hindi/translations_lang.php b/application/language/hindi/translations_lang.php index 84aba844..3a51a019 100755 --- a/application/language/hindi/translations_lang.php +++ b/application/language/hindi/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/hungarian/translations_lang.php b/application/language/hungarian/translations_lang.php index d7ecf4f9..521e4460 100755 --- a/application/language/hungarian/translations_lang.php +++ b/application/language/hungarian/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/italian/translations_lang.php b/application/language/italian/translations_lang.php index 746b6f34..fa8c4f89 100755 --- a/application/language/italian/translations_lang.php +++ b/application/language/italian/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Aggiungi giornata lavorativa'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/japanese/translations_lang.php b/application/language/japanese/translations_lang.php index e4ea4db1..ddb39f6d 100755 --- a/application/language/japanese/translations_lang.php +++ b/application/language/japanese/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/luxembourgish/translations_lang.php b/application/language/luxembourgish/translations_lang.php index 7df54a30..d316ccc9 100755 --- a/application/language/luxembourgish/translations_lang.php +++ b/application/language/luxembourgish/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/marathi/translations_lang.php b/application/language/marathi/translations_lang.php index 8c7694ae..2951b541 100644 --- a/application/language/marathi/translations_lang.php +++ b/application/language/marathi/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/polish/translations_lang.php b/application/language/polish/translations_lang.php index 2d344e5e..e3182dca 100755 --- a/application/language/polish/translations_lang.php +++ b/application/language/polish/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/portuguese-br/translations_lang.php b/application/language/portuguese-br/translations_lang.php index 4385bcda..3e55575b 100755 --- a/application/language/portuguese-br/translations_lang.php +++ b/application/language/portuguese-br/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/portuguese/translations_lang.php b/application/language/portuguese/translations_lang.php index 8bed3579..5f6e20d9 100755 --- a/application/language/portuguese/translations_lang.php +++ b/application/language/portuguese/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/romanian/translations_lang.php b/application/language/romanian/translations_lang.php index 9693c4fd..7cc3d373 100755 --- a/application/language/romanian/translations_lang.php +++ b/application/language/romanian/translations_lang.php @@ -308,3 +308,5 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/russian/translations_lang.php b/application/language/russian/translations_lang.php index 270afe65..bb3cc636 100755 --- a/application/language/russian/translations_lang.php +++ b/application/language/russian/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/slovak/translations_lang.php b/application/language/slovak/translations_lang.php index 8e9bd2ab..1cfc9346 100755 --- a/application/language/slovak/translations_lang.php +++ b/application/language/slovak/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/spanish/translations_lang.php b/application/language/spanish/translations_lang.php index 9e7ab506..7a9fc893 100755 --- a/application/language/spanish/translations_lang.php +++ b/application/language/spanish/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/language/turkish/translations_lang.php b/application/language/turkish/translations_lang.php index 7b2fb475..52629e97 100755 --- a/application/language/turkish/translations_lang.php +++ b/application/language/turkish/translations_lang.php @@ -308,3 +308,4 @@ $lang['add_extra_period'] = 'Add a working day'; $lang['require_phone_number'] = 'Require phone number'; $lang['require_phone_number_hint'] = 'When enabled, customers and users will need to enter the customer\'s phone number when booking an appointment'; $lang['check_spam_folder'] = 'Please check your spam folder if the email does not arrive within a few minutes.'; +$lang['api_token_hint'] = 'Set a secret token in order to enable the token based authentication of the Easy!Appointments API.'; diff --git a/application/migrations/013_location.php b/application/migrations/014_add_appointment_location_column.php similarity index 94% rename from application/migrations/013_location.php rename to application/migrations/014_add_appointment_location_column.php index a83c023e..3bc11f4c 100644 --- a/application/migrations/013_location.php +++ b/application/migrations/014_add_appointment_location_column.php @@ -11,7 +11,7 @@ * @since v1.4.0 * ---------------------------------------------------------------------------- */ -class Migration_location extends CI_Migration { +class Migration_add_appointment_location_column extends CI_Migration { public function up() { $this->db->query(' diff --git a/application/migrations/014_add_user_extra_working_plan.php b/application/migrations/015_add_user_extra_working_plan.php similarity index 100% rename from application/migrations/014_add_user_extra_working_plan.php rename to application/migrations/015_add_user_extra_working_plan.php diff --git a/application/migrations/015_add_require_phone_number_setting.php b/application/migrations/016_add_require_phone_number_setting.php similarity index 100% rename from application/migrations/015_add_require_phone_number_setting.php rename to application/migrations/016_add_require_phone_number_setting.php diff --git a/application/migrations/017_add_api_token_setting.php b/application/migrations/017_add_api_token_setting.php new file mode 100644 index 00000000..e0feda47 --- /dev/null +++ b/application/migrations/017_add_api_token_setting.php @@ -0,0 +1,35 @@ + + * @copyright Copyright (c) 2013 - 2020, Alex Tselegidis + * @license http://opensource.org/licenses/GPL-3.0 - GPLv3 + * @link http://easyappointments.org + * @since v1.4.0 + * ---------------------------------------------------------------------------- */ + +class Migration_Add_api_token_setting extends CI_Migration { + public function up() + { + $this->load->model('settings_model'); + + try + { + $this->settings_model->get_setting('api_token'); + } + catch (Exception $exception) + { + $this->settings_model->set_setting('api_token', ''); + } + } + + public function down() + { + $this->load->model('settings_model'); + + $this->settings_model->remove_setting('api_token'); + } +} diff --git a/application/views/backend/settings.php b/application/views/backend/settings.php index 0171a6ab..6f00bd10 100755 --- a/application/views/backend/settings.php +++ b/application/views/backend/settings.php @@ -100,17 +100,7 @@ - -
-
- - - - - -
+
+
+
+
+ + + + + +
+
+ + + + + +
+

diff --git a/assets/sql/data.sql b/assets/sql/data.sql index 98ae939a..02d109cc 100644 --- a/assets/sql/data.sql +++ b/assets/sql/data.sql @@ -24,6 +24,7 @@ VALUES ('display_privacy_policy', '0'), ('privacy_policy_content', 'Privacy policy content.'), ('first_weekday', 'sunday'), - ('require_phone_number', '1'); + ('require_phone_number', '1'), + ('api_token', ''); -INSERT INTO `ea_migrations` VALUES ('15'); +INSERT INTO `ea_migrations` VALUES ('16');