Fixed bug that sometimes prevented the token server key from being generated

Author: Jared Hendrickson

docs/CONTRIBUTING.md

@@ -100,6 +100,10 @@ writing a model that tests user's local database credentials and do not want the
 auth mode you would specify `$this->set_auth_mode = "local";` to always force local authentication. Defaults to the 
 API's configured auth mode in the /api/ webConfigurator page.
 
+- `$this->set_read_mode` : Allows the read only API setting to be bypassed for this model. If you set this value to 
+`true` the model will be allowed to use POST, PUT or DELETE methods even when the API is in read only mode. There is 
+rarely a use case for this. Do not override this property unless absolutely needed. 
+
 - `$this->change_note` : Sets the description of the action that occurred via API. This value will be shown in the 
 change logs found at Diagnostics > Backup & Restore > Config History. This defaults to "Made unknown change via API". 
 This is only necessary if your API model writes changes to the configuration.

pfSense-pkg-API/files/etc/inc/api/framework/APIAuth.inc

@@ -119,7 +119,6 @@ class APIAuth {
         $authorized = false;
         $client_config =& getUserEntry($this->username);;
         $this->privs = get_user_privileges($client_config);
-        $read_only = array_key_exists("readonly", $this->api_config);
 
         # If no require privileges were given, assume call is always authorized
         if (!empty($this->req_privs)) {

pfSense-pkg-API/files/etc/inc/api/framework/APIModel.inc

@@ -30,7 +30,7 @@ class APIModel {
     public $change_note;
     public $requires_auth;
     public $set_auth_mode;
-    public $set_read_mode;
+    public $bypass_read_mode;
 
     public function __construct() {
         global $config;
@@ -40,7 +40,7 @@ class APIModel {
         $this->client = null;
         $this->requires_auth = true;
         $this->set_auth_mode = null;
-        $this->set_read_mode = null;
+        $this->bypass_read_mode = null;
         $this->change_note = "Made unknown change via API";
         $this->id = null;
         $this->validate_id = true;
@@ -97,7 +97,7 @@ class APIModel {
     }
 
     private function check_authentication() {
-        $this->client = new APIAuth($this->privileges, $this->set_auth_mode, $this->set_read_mode);
+        $this->client = new APIAuth($this->privileges, $this->set_auth_mode, $this->bypass_read_mode);
         if ($this->requires_auth === true) {
             if (!$this->client->is_authenticated) {
                 $this->errors[] = APIResponse\get(3);

pfSense-pkg-API/files/etc/inc/api/models/APIAccessTokenCreate.inc

@@ -21,7 +21,7 @@ class APIAccessTokenCreate extends APIModel {
     public function __construct() {
         parent::__construct();
         $this->set_auth_mode = "local";
-        $this->set_read_mode = false;
+        $this->bypass_read_mode = false;
     }
 
     # Validate our API configurations auth mode (must be JWT)

pfSense-pkg-API/files/usr/local/www/api/index.php

@@ -98,6 +98,7 @@
     $config["installedpackages"]["package"][$pkg_index]["conf"] = $api_config;
     $change_note = " Updated API settings";
     write_config(sprintf(gettext($change_note)));
+    APITools\create_jwt_server_key();
     print_apply_result_box(0);
 }