Merge pull request #155 from zendesk/PEGASUS-933-update-magento-api-token-discovery

Author: thekindofme

src/app/code/community/Zendesk/Zendesk/Helper/Data.php

@@ -26,7 +26,7 @@ public function getUrl($object = '', $id = null, $format = 'old')
 
         $base = $protocol . $domain . $root;
         $hc = $protocol . $domain . '/hc';
-       
+
         switch($object) {
             case '':
                 return $base;
@@ -43,7 +43,7 @@ public function getUrl($object = '', $id = null, $format = 'old')
             case 'raw':
                 return $protocol . $domain . '/' . $id;
                 break;
-            
+
             case 'request':
                 return $hc . '/requests/' . $id;
                 break;
@@ -60,8 +60,8 @@ public function getZendeskDomain()
     {
         return Mage::getStoreConfig('zendesk/general/domain');
     }
-    
-    
+
+
     /**
      * Returns if SSO is enabled for EndUsers
      * @return integer
@@ -131,7 +131,7 @@ public function getZendeskUnauthUrl()
 
         return $protocol . $domain . $route;
     }
-    
+
     public function getApiToken($generate = true)
     {
         // Grab any existing token from the admin scope
@@ -147,7 +147,7 @@ public function getApiToken($generate = true)
     public function setApiToken($token = null)
     {
         if(!$token) {
-            $token = md5(time());
+            $token = hash('sha256', Mage::helper('oauth')->generateToken());
         }
         Mage::getModel('core/config')->saveConfig('zendesk/api/token', $token, 'default');
 
@@ -185,7 +185,7 @@ public function getProvisionToken($generate = false)
     public function setProvisionToken($token = null)
     {
         if(!$token) {
-            $token = md5(time());
+            $token = hash('sha256', Mage::helper('oauth')->generateToken());
         }
 
         Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token', $token, 'default');
@@ -292,19 +292,19 @@ public function getTicketUrl($row, $link = false)
         } else {
             $path = '*/sso/login';
             $object = 'request';
-        }   
+        }
         $path = Mage::getSingleton('admin/session')->getUser() ? 'adminhtml/zendesk/login' : '*/sso/login';
-        
+
         $url = Mage::helper('adminhtml')->getUrl($path, array("return_url" => Mage::helper('core')->urlEncode(Mage::helper('zendesk')->getUrl($object, $row['id']))));
-        
+
         if ($link)
             return $url;
-        
+
         $subject = $row['subject'] ? $row['subject'] : $this->__('No Subject');
 
         return '<a href="' . $url . '" target="_blank">' .  Mage::helper('core')->escapeHtml($subject) . '</a>';
     }
-        
+
     public function getStatusMap()
     {
         return array(
@@ -316,8 +316,8 @@ public function getStatusMap()
             'hold'      =>  'Hold'
         );
     }
-    
-        
+
+
     public function getPriorityMap()
     {
         return array(
@@ -327,7 +327,7 @@ public function getPriorityMap()
             'urgent'    =>  'Urgent'
         );
     }
-    
+
     public function getTypeMap()
     {
         return array(
@@ -337,26 +337,26 @@ public function getTypeMap()
             'task'      =>  'Task'
         );
     }
-    
+
     public function getChosenViews() {
         $list = trim(trim(Mage::getStoreConfig('zendesk/backend_features/show_views')), ',');
         return explode(',', $list);
     }
-    
+
     public function getFormatedDataForAPI($dateToFormat) {
         $myDateTime = DateTime::createFromFormat('d/m/Y', $dateToFormat);
         return $myDateTime->format('Y-m-d');
     }
-    
+
     public function isValidDate($date) {
         if(is_string($date)) {
             $d = DateTime::createFromFormat('d/m/Y', $date);
             return $d && $d->format('d/m/Y') == $date;
         }
-        
+
         return false;
     }
-    
+
     public function getFormatedDateTime($dateToFormat) {
         return Mage::helper('core')->formatDate($dateToFormat, 'medium', true);
     }
@@ -388,17 +388,17 @@ public function getConnectionStatus($domain = null, $username = null, $password
 
             $error = Mage::helper('zendesk')->__('Connection to Zendesk API failed') .
                 '<br />' . Mage::helper('zendesk')->__("Click 'Save Config' and try again. If the issue persist, check if the entered Agent Email Address and Agent Token combination is correct.");
-            
+
             return array(
                 'success'   => false,
                 'msg'       => $error,
             );
-            
+
         } catch (Exception $ex) {
             $error = Mage::helper('zendesk')->__('Connection to Zendesk API failed') .
                 '<br />' . $ex->getCode() . ': ' . $ex->getMessage() .
                 '<br />' . Mage::helper('zendesk')->__("Click 'Save Config' and try again. If the issue persist, check if the entered Agent Email Address and Agent Token combination is correct.");
-            
+
             return array(
                 'success'   => false,
                 'msg'       => $error,
@@ -424,12 +424,12 @@ public function storeDependenciesInCachedRegistry() {
                 $groups = serialize( Mage::getModel('zendesk/api_groups')->all() );
                 $cache->save($groups, 'zendesk_groups', array('zendesk', 'zendesk_groups'), 1200);
             }
-            
+
             $groups = unserialize( $cache->load('zendesk_groups') );
             Mage::register('zendesk_groups', $groups);
         }
     }
-    
+
     /**
      * Checks whether the user is in an admin page.
      *

src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php

@@ -32,7 +32,7 @@ public function _authorise()
         if(!$tokenString && isset($_SERVER['HTTP_AUTHORIZATION'])) {
             $tokenString = $_SERVER['HTTP_AUTHORIZATION'];
         }
-        
+
         if (!$tokenString && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
             $tokenString = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
         }