diff --git a/admin/api_settings.php b/admin/api_settings.php
index 288305be..f6a16102 100644
--- a/admin/api_settings.php
+++ b/admin/api_settings.php
@@ -145,7 +145,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
while ($row = hesk_dbFetchAssoc($userRs)) {
$row['number_of_tokens'] = 0;
- $users[$row['user']] = $row;
+ $users[$row['id']] = $row;
}
$tokensRs = hesk_dbQuery("SELECT `user_id`, 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`");
while ($row = hesk_dbFetchAssoc($tokensRs)) {
@@ -168,7 +168,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
|
- |
+ |
|
+
+
+ Generated Token:
+ NOTE: Please record this token, as this is the only time you will be able to view it!
+ |
+
diff --git a/internal-api/admin/api-authentication/index.php b/internal-api/admin/api-authentication/index.php
index 8335cbec..cb6189f7 100644
--- a/internal-api/admin/api-authentication/index.php
+++ b/internal-api/admin/api-authentication/index.php
@@ -21,10 +21,17 @@ if ($request_method == 'POST') {
}
if ($action == 'generate') {
- $hash = hash("sha512", time());
+ $token = '';
+ $letter_array = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'];
+ // Pick 32 random characters. That will be the hash
+ for ($i = 0; $i < 32; $i++) {
+ $letter = $letter_array[rand(0, 15)];
+ $token .= $letter;
+ }
+ $hash = hash("sha512", $token);
store_token($user_id, $hash, $hesk_settings);
- output($hash);
+ output($token);
return http_response_code(200);
} elseif ($action == 'reset') {
//TODO
diff --git a/internal-api/dao/api_authentication_dao.php b/internal-api/dao/api_authentication_dao.php
index 67649ed8..109e52e4 100644
--- a/internal-api/dao/api_authentication_dao.php
+++ b/internal-api/dao/api_authentication_dao.php
@@ -1,5 +1,7 @@
.token').text(data);
+ $('#token-' + userId + '-created').removeClass('hide');
markSuccess('token-' + userId);
+ var oldNumberOfTokens = parseInt($('#token-' + userId + '-count').text());
+ $('#token-' + userId + '-count').text(++oldNumberOfTokens);
},
error: function (data) {
+ console.error(data);
markFailure('token-' + userId);
}
});