diff --git a/services_api_key_auth.module b/services_api_key_auth.module index 1f67d01..f3a2f1f 100644 --- a/services_api_key_auth.module +++ b/services_api_key_auth.module @@ -22,10 +22,21 @@ function services_api_key_auth_services_authentication_info() { function services_api_key_auth_services_authenticate() { // Get function arguments. $args = func_get_args(); + // Get the key from the request. - $api_key = (!empty($_REQUEST['api-key'])) ? $_REQUEST['api-key'] : ''; + $api_key = ''; + switch ($args[0]['api_key_source']) { + case 'request': + $api_key = empty($_REQUEST['api-key']) ? '' : $_REQUEST['api-key']; + break; + + case 'header': + $api_key = empty($_SERVER['HTTP_API_KEY']) ? '' : $_SERVER['HTTP_API_KEY']; + break; + } + // Validate request. - $valid = (services_api_key_auth_compare_key($api_key, $args[0]['api_key'])) ? TRUE : FALSE; + $valid = (bool) services_api_key_auth_compare_key($api_key, $args[0]['api_key']); // Allow other modules to have their say. drupal_alter('services_api_key_valid', $valid, $args); if ($valid) { @@ -67,6 +78,19 @@ function services_api_key_auth_services_settings_form($settings) { )), '#default_value' => (!empty($settings['api_key'])) ? $settings['api_key'] : $key, ); + + // Define where we should look up of the API key value. + $form['api_key_source'] = array( + '#type' => 'select', + '#title' => t('API Key source'), + '#description' => t('Where look up an API key: in request parameters or in HTTP header?'), + '#options' => array( + 'request' => t('Request (@example)', array('@example' => "\$_REQUEST['api-key']")), + 'header' => t('Header (@example)', array('@example' => "\$_SERVER['HTTP_API_KEY']")), + ), + '#default_value' => empty($settings['api_key_source']) ? 'request' : $settings['api_key_source'], + ); + // Get list of users with given role. $role = user_role_load_by_name(variable_get('service_api_key_role', 'administrator')); $query = 'SELECT DISTINCT(ur.uid) FROM {users_roles} AS ur WHERE ur.rid = :rids';