From 6620597898b2fe1ecbf2655de47c12939efb1271 Mon Sep 17 00:00:00 2001
From: Nitesh Kesarkar <nitesh_k@techjoomla.com>
Date: Tue, 12 May 2020 13:52:59 +0530
Subject: [PATCH] Issue #80 Fix: Tokens should not be accepted via request
 variables

---
 code/site/libraries/authentication.php     |  5 +++--
 code/site/libraries/authentication/key.php | 10 +++++++---
 code/site/libraries/plugin.php             | 15 ++++++++++++---
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/code/site/libraries/authentication.php b/code/site/libraries/authentication.php
index 63805a9..614e988 100644
--- a/code/site/libraries/authentication.php
+++ b/code/site/libraries/authentication.php
@@ -182,13 +182,14 @@ public static function getCom_apiVersion()
 	private static function getAuthMethod()
 	{
 		$app = JFactory::getApplication();
-		$key = $app->input->get('key');
+
+		// $key = $app->input->get('key');
 
 		if (isset($_SERVER['HTTP_X_AUTH']) && $_SERVER['HTTP_X_AUTH'])
 		{
 			$authMethod = $_SERVER['HTTP_X_AUTH'];
 		}
-		elseif ($key || self::getBearerToken())
+		elseif (self::getBearerToken())
 		{
 			$authMethod = 'key';
 		}
diff --git a/code/site/libraries/authentication/key.php b/code/site/libraries/authentication/key.php
index 37cd788..b75b1a6 100755
--- a/code/site/libraries/authentication/key.php
+++ b/code/site/libraries/authentication/key.php
@@ -30,10 +30,14 @@ class ApiAuthenticationKey extends ApiAuthentication
 	public function authenticate()
 	{
 		$app          = JFactory::getApplication();
-		$query_token  = $app->input->get('key', '', 'STRING');
+
+		// $query_token  = $app->input->get('key', '', 'STRING');
+
 		$header_token = $this->getBearerToken();
-		$key          = $header_token ? $header_token : $query_token;
-		$token        = $this->loadTokenByHash($key);
+
+		// $key = $header_token ? $header_token : $query_token;
+
+		$token  = $this->loadTokenByHash($header_token);
 
 		if (isset($token->state) && $token->state == 1)
 		{
diff --git a/code/site/libraries/plugin.php b/code/site/libraries/plugin.php
index c1ebadc..baba1a4 100755
--- a/code/site/libraries/plugin.php
+++ b/code/site/libraries/plugin.php
@@ -349,7 +349,10 @@ final private function checkRequestLimit()
 			return true;
 		}
 
-		$hash = $app->input->get('key', '', 'STRING');
+		// $hash = $app->input->get('key', '', 'STRING');
+
+		$hash = APIAuthentication::getBearerToken();
+
 		$ip_address = $app->input->server->get('REMOTE_ADDR', '', 'STRING');
 
 		$time = $this->params->get('request_limit_time', 'hour');
@@ -442,7 +445,10 @@ final private function log()
 
 		$table = JTable::getInstance('Log', 'ApiTable');
 		$date = JFactory::getDate();
-		$table->hash = $app->input->get('key', '', 'STRING');
+
+		// $table->hash = $app->input->get('key', '', 'STRING');
+
+		$table->hash = APIAuthentication::getBearerToken();
 		$table->ip_address = $app->input->server->get('REMOTE_ADDR', '', 'STRING');
 		$table->time = $date->toSql();
 		$table->request = $req_url;
@@ -465,7 +471,10 @@ final private function lastUsed()
 		$app = JFactory::getApplication();
 		$table = JTable::getInstance('Key', 'ApiTable');
 
-		$hash = $app->input->get('key', '', 'STRING');
+		// $hash = $app->input->get('key', '', 'STRING');
+
+		$hash = APIAuthentication::getBearerToken();
+
 		$table->setLastUsed($hash);
 	}