HTTP Header: Add 'X-Api-Key'. Fix problem for token without argument name. Update doc.

f920fc54 · Carsten Rose · 6c589520 · f920fc54 · f920fc54 · f920fc54
Commit f920fc54 authored Apr 06, 2021 by Carsten Rose
--- a/Documentation-develop/REST.md
+++ b/Documentation-develop/REST.md
@@ -95,16 +95,13 @@ Details:
 Header Token Authorization 
 ==========================

-Example:
+Example::

    curl -X GET -H 'Authorization: token="mySuperSecretToken"' "http://localhost/qfq/typo3conf/ext/qfq/Classes/Api/rest.php/restPerson/"
-
-or
-
    curl -X GET -H 'X-Api-Key: token="mySuperSecretToken"' "http://localhost/qfq/typo3conf/ext/qfq/Classes/Api/rest.php/restPerson/"

 * Access the token via ``{{Authorization:C:alnumx}}`` or ``{{X-Api-Key:C:alnumx}}``.
-* The string ``token=`` is not used at all.
+* The argument ``token`` can be anything and is not used at all.

 Static token
 ------------

--- a/Documentation/Store.rst
+++ b/Documentation/Store.rst
@@ -202,7 +202,12 @@ Store: *CLIENT* - C
 +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
 | Authorization           | Value of the HTTP Header 'Authorization'. This is typically not set. Mostly used for authentication of REST requests                     |
 +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
+| X-Api-Key               | Value of the HTTP Header 'X-Api-Key'. This is typically not set.                                                                         |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
+
+.. tip::

+    Variable names are case sensitive.


 .. _STORE_TYPO3:

--- a/extension/Classes/Core/Store/Client.php
+++ b/extension/Classes/Core/Store/Client.php
@@ -68,8 +68,9 @@ class Client {
    }

    /**
-     * Check for Header 'Authorization' and 'X-Api-Key' - no other headers will be checked.
-     * Explode the given header by '='. Use the header name as key (purge string 'token' from example)
+     * Check for Header 'Authorization' and 'X-Api-Key' - no other headers will be copied here.
+     * Explode the given header by '=' or ':'. Use the header name as key (purge string 'token' from example)
+     * Example Header: 'Authorization: token=1234', 'Authorization: 1234', 'Authorization: token:1234'
     *
     * @return array
     */
@@ -88,13 +89,12 @@ class Client {
            if (isset($headers[$key])) {
                $line = $headers[$key];

+                // In case the key/value is separated by ':' instead of '='
                $delimiter = (strpos($line, '=') === false) ? ':' : '=';

-                // Header: 'Authorization: Token token=1234'
+                // Header: 'Authorization: token=1234'
                $split = explode($delimiter, $line, 2);
-                if (isset($split[1])) {
-                    $arr[$key] = OnString::trimQuote(trim($split[1]));
-                }
+                $arr[$key] = OnString::trimQuote(trim($split[1] ?? $split[0]));
            }
        }