Fix issue #127 : ajout système de token

Ajout du système de token pour accéder aux flux RSS même quand la
connexion a été paramétrée.
Pour l'utiliser, il faut simplement ajouter le paramètre
?token=<votre_token> à l'url

6 files changed, 29 insertions, 1 deletions

diff --git a/app/controllers/configureController.php b/app/controllers/configureController.php
index 0fce9679f..6ebc13f39 100755
--- a/app/controllers/configureController.php
+++ b/app/controllers/configureController.php
@@ -140,6 +140,8 @@ class configureController extends ActionController {
 		RSSThemes::init();
 
 		if (Request::isPost ()) {
+			$current_token = $this->view->conf->token ();
+
 			$language = Request::param ('language', 'en');
 			$nb = Request::param ('posts_per_page', 10);
 			$mode = Request::param ('view_mode', 'normal');
@@ -151,6 +153,7 @@ class configureController extends ActionController {
 			$old = Request::param ('old_entries', 3);
 			$mail = Request::param ('mail_login', false);
 			$anon = Request::param ('anon_access', 'no');
+			$token = Request::param ('token', $current_token);
 			$openArticle = Request::param ('mark_open_article', 'no');
 			$openSite = Request::param ('mark_open_site', 'no');
 			$scroll = Request::param ('mark_scroll', 'no');
@@ -168,6 +171,7 @@ class configureController extends ActionController {
 			$this->view->conf->_oldEntries ($old);
 			$this->view->conf->_mailLogin ($mail);
 			$this->view->conf->_anonAccess ($anon);
+			$this->view->conf->_token ($token);
 			$this->view->conf->_markWhen (array (
 				'article' => $openArticle,
 				'site' => $openSite,
@@ -188,6 +192,7 @@ class configureController extends ActionController {
 				'old_entries' => $this->view->conf->oldEntries (),
 				'mail_login' => $this->view->conf->mailLogin (),
 				'anon_access' => $this->view->conf->anonAccess (),
+				'token' => $this->view->conf->token (),
 				'mark_when' => $this->view->conf->markWhen (),
 				'url_shaarli' => $this->view->conf->urlShaarli (),
 				'theme' => $this->view->conf->theme ()
diff --git a/app/i18n/en.php b/app/i18n/en.php
index 61bf57e4e..a5b331e41 100644
--- a/app/i18n/en.php
+++ b/app/i18n/en.php
@@ -151,6 +151,8 @@ return array (
 	'month'				=> 'months',
 	'persona_connection_email'	=> 'Login mail address (use <a href="https://persona.org/">Persona</a>)',
 	'allow_anonymous'		=> 'Allow anonymous reading',
+	'auth_token'			=> 'Authentication token',
+	'explain_token'			=> 'This token allows to avoid authentication by adding it to URL (eg. %s?token=&lt;your_token&gt;). RSS output only.',
 	'reading_configuration'		=> 'Reading configuration',
 	'articles_per_page'		=> 'Number of articles per page',
 	'default_view'			=> 'Default view',
diff --git a/app/i18n/fr.php b/app/i18n/fr.php
index 0f14c0700..071cb8dd4 100644
--- a/app/i18n/fr.php
+++ b/app/i18n/fr.php
@@ -151,6 +151,8 @@ return array (
 	'month'				=> 'mois',
 	'persona_connection_email'	=> 'Adresse mail de connexion (utilise <a href="https://persona.org/">Persona</a>)',
 	'allow_anonymous'		=> 'Autoriser la lecture anonyme',
+	'auth_token'			=> 'Jeton d\'identification',
+	'explain_token'			=> 'Ce jeton permet de s\'affranchir d\'authentification en l\'ajoutant à l\'URL (ex. %s?token=&lt;votre_token&gt;). Seul la sortie RSS est concernée.',
 	'reading_configuration'		=> 'Configuration de lecture',
 	'articles_per_page'		=> 'Nombre d\'articles par page',
 	'default_view'			=> 'Vue par défaut',
diff --git a/app/layout/aside_flux.phtml b/app/layout/aside_flux.phtml
index f94a74add..ccbb0e213 100644
--- a/app/layout/aside_flux.phtml
+++ b/app/layout/aside_flux.phtml
@@ -8,6 +8,12 @@
 			if (isset ($params['search'])) {
 				$params['search'] = urlencode ($params['search']);
 			}
+
+			$token = $this->conf->token ();
+			if (login_is_conf($this->conf) && $token != '') {
+				$params['token'] = $token;
+			}
+
 			$url = array (
 				'c' => 'index',
 				'a' => 'index',
diff --git a/app/views/configure/display.phtml b/app/views/configure/display.phtml
index 1fdcdee41..3989ff06f 100644
--- a/app/views/configure/display.phtml
+++ b/app/views/configure/display.phtml
@@ -50,6 +50,15 @@
 				</label>
 			</div>
 		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="token"><?php echo Translate::t ('auth_token'); ?></label>
+			<?php $token = $this->conf->token (); ?>
+			<div class="group-controls">
+				<input type="text" id="token" name="token" value="<?php echo $token; ?>"  placeholder="<?php echo Translate::t ('blank_to_disable'); ?>"/>
+				<i class="icon i_help"></i> <?php echo Translate::t('explain_token', Url::display()); ?>
+			</div>
+		</div>
 	
 		<legend><?php echo Translate::t ('reading_configuration'); ?></legend>
 
diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml
index 4bf82f9b4..73e5fcc4d 100644
--- a/app/views/index/index.phtml
+++ b/app/views/index/index.phtml
@@ -1,10 +1,14 @@
 <?php
 
 $output = Request::param ('output', 'normal');
+$token = $this->conf->token();
+$token_param = Request::param ('token', '');
+$token_is_ok = ($token != '' && $token == $token_param);
 
 if(!login_is_conf ($this->conf) ||
    is_logged() ||
-   $this->conf->anonAccess() == 'yes') {
+   $this->conf->anonAccess() == 'yes' ||
+   ($output == 'rss' && $token_is_ok)) {
 	if($output == 'rss') {
 		$this->renderHelper ('view/rss_view');
 	} elseif($output == 'reader') {