Merge pull request #708 from eyJhb/api-token

Adds ability to use API Key to "sign in"

Author: rolandgeider

lib/l10n/app_en.arb

@@ -53,6 +53,18 @@
  "@invalidUsername": {
  "description": "Error message when the user enters an invalid username"
  },
+ "useApiToken": "Use API Token",
+ "useUsernameAndPassword": "Use username and password",
+ "apiToken": "API Token",
+ "@apiToken": {},
+ "invalidApiToken": "Please enter a valid API key",
+ "@invalidApiToken": {
+ "description": "Error message when the user enters an invalid API key"
+ },
+ "apiTokenValidChars": "An API key may only contain the letters a-f, numbers 0-9 and be exactly 40 characters long",
+ "@apiTokenValidChars": {
+ "description": "Error message when the user tries to input a API key with forbidden characters"
+ },
  "customServerUrl": "URL of the wger instance",
  "@customServerUrl": {
  "description": "Label in the form where the users can enter their own wger instance"

lib/providers/auth.dart

@@ -58,6 +58,7 @@ class AuthProvider with ChangeNotifier {
  static const SERVER_VERSION_URL = 'version';
  static const REGISTRATION_URL = 'register';
  static const LOGIN_URL = 'login';
+ static const TEST_URL = 'userprofile';
 
  late http.Client client;
 
@@ -134,29 +135,52 @@ class AuthProvider with ChangeNotifier {
  throw WgerHttpException(response.body);
  }
 
- return login(username, password, serverUrl);
+ return login(username, password, serverUrl, null);
  }
 
  /// Authenticates a user
  Future<LoginActions> login(
  String username,
  String password,
  String serverUrl,
+ String? apiToken,
  ) async {
  await logout(shouldNotify: false);
 
- final response = await client.post(
- makeUri(serverUrl, LOGIN_URL),
- headers: {
- HttpHeaders.contentTypeHeader: 'application/json; charset=UTF-8',
- HttpHeaders.userAgentHeader: getAppNameHeader(),
- },
- body: json.encode({'username': username, 'password': password}),
- );
- final responseData = json.decode(response.body);
+ // Login using the API token
+ if (apiToken != null && apiToken.isNotEmpty) {
+ final response = await client.get(
+ makeUri(serverUrl, TEST_URL),
+ headers: {
+ HttpHeaders.contentTypeHeader: 'application/json; charset=UTF-8',
+ HttpHeaders.userAgentHeader: getAppNameHeader(),
+ HttpHeaders.authorizationHeader: 'Token $apiToken',
+ },
+ );
 
- if (response.statusCode >= 400) {
- throw WgerHttpException(response.body);
+ if (response.statusCode != 200) {
+ throw WgerHttpException(response.body);
+ }
+
+ token = apiToken;
+
+ // Login using password
+ } else {
+ final response = await client.post(
+ makeUri(serverUrl, LOGIN_URL),
+ headers: {
+ HttpHeaders.contentTypeHeader: 'application/json; charset=UTF-8',
+ HttpHeaders.userAgentHeader: getAppNameHeader(),
+ },
+ body: json.encode({'username': username, 'password': password}),
+ );
+ final responseData = json.decode(response.body);
+
+ if (response.statusCode >= 400) {
+ throw WgerHttpException(response.body);
+ }
+
+ token = responseData['token'];
  }
 
  await initVersions(serverUrl);
@@ -168,7 +192,6 @@ class AuthProvider with ChangeNotifier {
  }
 
  // Log user in
- token = responseData['token'];
  state = AuthState.loggedIn;
  notifyListeners();