Commit graph

12 commits

Author SHA1 Message Date
Dane Everitt
ad3a954256
Rename APIKey to ApiKey 2018-01-14 12:06:15 -06:00
Dane Everitt
7aa540b895
Remove api permissions table 2018-01-14 12:05:18 -06:00
Dane Everitt
e0fb7fa30c
Fix failing ApiKeyCreationService test 2018-01-13 16:23:43 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
Dane Everitt
5f9fe4a69b
Update calls to missing function 2018-01-05 16:33:50 -06:00
Dane Everitt
285485d7b0
Change how API keys are validated (#771) 2017-12-03 14:29:14 -06:00
Dane Everitt
2f42396317
Fix bug with permissions including more than one dash, closes #727 2017-11-05 13:42:57 -06:00
Dane Everitt
e56f4cdd33
Update license headers on files. 2017-09-25 21:43:01 -05:00
Dane Everitt
a8c4d6afdb
Update random ID method to use str_random and not random_bytes
The use of random_bytes in combination with bin2hex was producing a lot of duplicate keys when tested in batches of 10k (anywhere from 2 to 6). The use of str_random yielded no duplicates even at scales of 100k keys that were 8 characters.
2017-09-13 23:07:02 -05:00
Dane Everitt
e045ef443a
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00
Dane Everitt
3ee5803416
Massive PHPCS linting 2017-08-21 22:10:48 -05:00
Dane Everitt
1f4f6024cc
Refactor (again) 2017-07-09 12:29:18 -05:00