Automatically disable the keystore generate_auth_token action if Session Set Credentials is set in config. This will force systematic basic_auth.

Author: cdujeu

core/src/plugins/authfront.keystore/class.KeystoreAuthFrontend.php

@@ -108,6 +108,13 @@ function authTokenActions($action, $httpVars, $fileVars){
         switch($action){
             case "keystore_generate_auth_token":
 
+                if(ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")){
+                    $this->logDebug("Keystore Generate Tokens", "Session Credentials set: returning empty tokens to force basic authentication");
+                    HTMLWriter::charsetHeader("text/plain");
+                    echo "";
+                    break;
+                }
+
                 $token = AJXP_Utils::generateRandomString();
                 $private = AJXP_Utils::generateRandomString();
                 $data = array("USER_ID" => $user, "PRIVATE" => $private);
@@ -124,7 +131,7 @@ function authTokenActions($action, $httpVars, $fileVars){
                 $data["DEVICE_UA"] = $_SERVER['HTTP_USER_AGENT'];
                 $data["DEVICE_IP"] = $_SERVER['REMOTE_ADDR'];
                 $this->storage->simpleStoreSet("keystore", $token, $data, "serial");
-                header("Content-type: application/json;");
+                HTMLWriter::charsetHeader("application/json");
                 echo(json_encode(array(
                     "t" => $token,
                     "p" => $private)