I maintain the invoiceninja5 app.
To login into the app, one has to currently provide:
- username
- password
- API secret
Since using the API secret is optional and a hassle (there were already two issues on github because of this), I wanted to remove it from the default installation. (The API secret is set at installation time in a .env
-file inside the application)
However when not defining an API secret, invoiceninja does not work if it is not set to public at installation time. I don’t know the exact reasons for this. It seems to has something to do with the fact that the login uses the API somehow.
So now I have two problems:
-
For new installations if the user wants to make the app
public: false
, I must not define an API key. Remember that the API secret is set at installation time in a.env
-file inside the application. -
If I want to set the default to
public: false
during an upgrade, is that possible at all? And from the users perspective it wouldn’t be a good idea to change the public-status at all.
For problem 1 I could think about an if-else
-condition inside the install-script that checks how is_public
is set and depending on it, I could deploy a different .env
-file. I’ll probably need to do this in the upgrade and restore-scripts as well. Which seems hacky. Is there a better way?
For problem 2 I don’t know a good way to deal with it except to not deal with it at all.