Ignore:
Timestamp:
Apr 25, 2012, 10:42:52 PM (10 years ago)
Author:
work@…
Message:
  • changed application wide secret into a user specific api key which is automatically generated when a user is created. The key is available in the user's profile or through the user administration pages
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/services/api/ApiService.groovy

    r2224 r2225  
    2525    // inject the module communication service
    2626    def moduleCommunicationService
    27 
    28     // the shared secret used to validate api calls
    29     static final String API_SECRET = "th!s_sH0uld^Pr0bab7y_m0v3_t%_th3_uSeR_d0Ma!n_ins7ead!"
    3027
    3128    // transactional
     
    7269        // disable validation check on development and ci
    7370        if (['development', 'ci'].contains(grails.util.GrailsUtil.environment)) {
    74             return true
     71//            return true
    7572        }
    7673
     
    8582            // generate the validation checksum
    8683            MessageDigest digest = MessageDigest.getInstance("MD5")
    87             String validationSum = new BigInteger(1,digest.digest("${token.deviceToken}${token.sequence}${API_SECRET}".getBytes())).toString(16).padLeft(32,"0")
     84            String validationSum = new BigInteger(1,digest.digest("${token.deviceToken}${token.sequence}${token.user.apiKey}".getBytes())).toString(16).padLeft(32,"0")
    8885
    8986            // check if the validation confirms
Note: See TracChangeset for help on using the changeset viewer.