Skip to content

Commit a7359f1

Browse files
rsbowersrsbowers
committed
chore: remove get/set provision token from API authorize
1 parent a3a3a53 commit a7359f1

File tree

2 files changed

+25
-54
lines changed

2 files changed

+25
-54
lines changed

src/app/code/community/Zendesk/Zendesk/Helper/Data.php

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -154,29 +154,6 @@ public function setApiToken($token = null)
154154
return $token;
155155
}
156156

157-
public function getProvisionToken($generate = false)
158-
{
159-
$token = Mage::getStoreConfig('zendesk/hidden/provision_token', 0);
160-
161-
if( (!$token || strlen(trim($token)) == 0) && $generate) {
162-
$token = $this->setProvisionToken();
163-
}
164-
165-
return $token;
166-
}
167-
168-
public function setProvisionToken($token = null)
169-
{
170-
if(!$token) {
171-
$token = hash('sha256', Mage::helper('oauth')->generateToken());
172-
}
173-
174-
Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token', $token, 'default');
175-
Mage::getConfig()->removeCache();
176-
177-
return $token;
178-
}
179-
180157
public function getOrderDetail($order)
181158
{
182159
// if the admin site has a custom URL, use it

src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php

Lines changed: 25 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -67,45 +67,39 @@ public function _authorise()
6767
}
6868

6969
$apiToken = Mage::helper('zendesk')->getApiToken(false);
70-
$provisionToken = Mage::helper('zendesk')->getProvisionToken(false);
71-
72-
// Provisioning tokens are always accepted, hence why they are deleted after the initial process
73-
if(!$provisionToken || $token != $provisionToken) {
74-
// Use of the provisioning token "overrides" the configuration for the API, so we check this after
75-
// confirming the provisioning token has not been sent
76-
if(!Mage::getStoreConfig('zendesk/api/enabled')) {
77-
$this->getResponse()
78-
->setBody(json_encode(array('success' => false, 'message' => 'API access disabled')))
79-
->setHttpResponseCode(403)
80-
->setHeader('Content-type', 'application/json', true);
70+
71+
if(!Mage::getStoreConfig('zendesk/api/enabled')) {
72+
$this->getResponse()
73+
->setBody(json_encode(array('success' => false, 'message' => 'API access disabled')))
74+
->setHttpResponseCode(403)
75+
->setHeader('Content-type', 'application/json', true);
8176

82-
Mage::log('API access disabled.', null, 'zendesk.log');
77+
Mage::log('API access disabled.', null, 'zendesk.log');
8378

84-
return false;
85-
}
79+
return false;
80+
}
8681

87-
// If the API is enabled then check the token
88-
if(!$token) {
89-
$this->getResponse()
90-
->setBody(json_encode(array('success' => false, 'message' => 'No authorisation token provided')))
91-
->setHttpResponseCode(401)
92-
->setHeader('Content-type', 'application/json', true);
82+
// If the API is enabled then check the token
83+
if(!$token) {
84+
$this->getResponse()
85+
->setBody(json_encode(array('success' => false, 'message' => 'No authorisation token provided')))
86+
->setHttpResponseCode(401)
87+
->setHeader('Content-type', 'application/json', true);
9388

94-
Mage::log('No authorisation token provided.', null, 'zendesk.log');
89+
Mage::log('No authorisation token provided.', null, 'zendesk.log');
9590

96-
return false;
97-
}
91+
return false;
92+
}
9893

99-
if($token != $apiToken) {
100-
$this->getResponse()
101-
->setBody(json_encode(array('success' => false, 'message' => 'Not authorised')))
102-
->setHttpResponseCode(401)
103-
->setHeader('Content-type', 'application/json', true);
94+
if($token != $apiToken) {
95+
$this->getResponse()
96+
->setBody(json_encode(array('success' => false, 'message' => 'Not authorised')))
97+
->setHttpResponseCode(401)
98+
->setHeader('Content-type', 'application/json', true);
10499

105-
Mage::log('Not authorised.', null, 'zendesk.log');
100+
Mage::log('Not authorised.', null, 'zendesk.log');
106101

107-
return false;
108-
}
102+
return false;
109103
}
110104

111105
return true;

0 commit comments

Comments
 (0)