trivoallan Hi, I am currently developing a solution to migrate a Lussumo Vanilla (1) forum to Flarum. I am limited by the new flood control capabilities (one must wait 10 seconds between two new discussions). I see in the code that there is a way to bypass flood control : https://github.com/flarum/core/search?utf8=%E2%9C%93&q=bypassFloodgate But i don't understand how it works. Can somebody help me? Thanks!
trivoallan Thanks a lot Franz and Toby 🙂 If I change the value of userId will it enable me to impersonate any user in the forum?
Toby Generate a 40 character random, unguessable string Add it to the api_keys table Use the following header in API requests: Authorization: Token [API key here]; userId=1
VIRUXE Wouldn't it be better to just write for example a raw php code importer instead of using the api? If you continue developing it, will you release it for public use?
Franz trivoallan If I change the value of userId will it enable me to impersonate any user in the forum? Yes, exactly.
luceos Franz just to clarify further, I assume there's an expiry column and by inserting it like this it will remain NULL? This could become a feature request for an extension as well.
Franz luceos For the API token? Or for the impersonation? The latter is only valid for each API request, as the user to be impersonated is set in the Authorization header.
luceos Franz the token; because you make it perpetual by setting the expiry property to null in the database?
Toby luceos No, there is no expiry column on the api_keys table. (I think you're mixing this up with access_tokens, which is different.)
