github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 03:31:13 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Add deprecation warning of non-header based API auth

Browse Source 
This change adds a message to the admin panel if it detects an api
requests that doesn't use the new header based authentication method.

The message is to warn people to switch to header based auth and links
to the api documention topic on meta for more info.
This commit is contained in:
Blake Erickson
2019-11-07 16:58:19 -07:00
parent 99b0697bd9
commit 2db2003187
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/auth/default_current_user_provider.rb
View File

@ -283,6 +283,10 @@ class Auth::DefaultCurrentUserProvider
def lookup_api_user(api_key_value, request)
if api_key = ApiKey.active.where(key: api_key_value).includes(:user).first
api_username = header_api_key? ? @env[HEADER_API_USERNAME] : request[API_USERNAME]
if !header_api_key?
# Notify admins of deprecated auth method
AdminDashboardData.add_problem_message('dashboard.deprecated_api_usage', 1.day)
end
if api_key.allowed_ips.present? && !api_key.allowed_ips.any? { |ip| ip.include?(request.ip) }
Rails.logger.warn("[Unauthorized API Access] username: #{api_username}, IP address: #{request.ip}")