From 8730add15f70eab2a1f458f047f4f2df7c797358 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 1 May 2017 16:01:39 +0200
Subject: [PATCH] Better message for api key return

---
 build/debian/README.howto            | 29 +++++++++++++++++++++-------
 htdocs/api/class/api_login.class.php |  2 +-
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/build/debian/README.howto b/build/debian/README.howto
index 705899d47c4..399c4f07a1f 100644
--- a/build/debian/README.howto
+++ b/build/debian/README.howto
@@ -385,13 +385,14 @@ http://packages.qa.debian.org
 * Package will be into release when test will be moved as stable.
 
 
-##### Send an unblock request 
+
+##### Send an unblock request to make a full update of a stable package 
 
 Use this to move from unstable to testing.
 
 reportbug -B debian --smtphost=smtp.gmail.com:587 --smtpuser=xxxx --smtppasswd=yyyy --tls
 Choose package "release.debian.org"
-Then "unblock"
+Then usertag "unblock"
 Then name of package "dolibarr"
 Fill message, for example:
 "Please unblock package dolibarr
@@ -400,12 +401,11 @@ Note that package 3.5.7 contains not only fixed for bugs reported to debian. It
 so it is a better solution to validate this maintenance release than applying a patch of the only CVE-2015-3935. 
 After discussion with ..., it appears that security holes are enough to request this unblock request."
 
-
-Use this to request an update of a stable package
+Use this to request an full update of a stable package
 
 reportbug -B debian --smtphost=smtp.gmail.com:587 --smtpuser=xxxx --smtppasswd=yyyy --tls
 Choose package "release.debian.org"
-Then "unblock"
+Then usertag "unblock"
 Then name of package "dolibarr"
 Fill message, for example:
 "
@@ -417,11 +417,26 @@ Pro are:
 - It fixes also stability bugs
 - Patches were already tested because deployed and used by several thousands of users.
 - It is easier for package maintener to include this official set of fixes than applying one patch after one patch for each debian report or backported each patch into a dedicated version.
-- Debian maintenance version matches with official project maintenance version (better when all fixes are not related to the way the software is packaged)
+- Debian maintenance version is inline with official project maintenance version (better when all fixes are not related to the way the software is packaged)
 Cons are: 
-- The patch include more than the only one security reported fxes
+- The patch include more than the only one security reported fixes
 
 So I just need to know if it's ok to push such a version 3.5.7 (fixes for 3.5.* branch) instead of only one fix for only the few (the only) reported debian bugs,
 since it provides more stability and is for me a more secured process.
 "
 
+##### Send an request to ask a simple fix of a stable package 
+
+Use this to ask to apply patches on a stable version.
+
+reportbug -B debian --smtphost=smtp.gmail.com:587 --smtpuser=xxxx --smtppasswd=yyyy --tls
+Choose package "release.debian.org"
+Then usertag "jessie-pu"
+Then name of package "dolibarr"
+Fill message, for example:
+"Please unblock package dolibarr
+A security error CVE-2015-3935 was reported and is fixed into package 3.5.7.
+Note that package 3.5.7 contains not only fixed for bugs reported to debian. It includes other fixes, but they are all related to stability or security,
+so it is a better solution to validate this maintenance release than applying a patch of the only CVE-2015-3935. 
+After discussion with ..., it appears that security holes are enough to request this unblock request."
+
diff --git a/htdocs/api/class/api_login.class.php b/htdocs/api/class/api_login.class.php
index 704ec1b6874..76a9befebc9 100644
--- a/htdocs/api/class/api_login.class.php
+++ b/htdocs/api/class/api_login.class.php
@@ -102,7 +102,7 @@ class Login
 			'success' => array(
 				'code' => 200,
 				'token' => $token,
-				'message' => 'Welcome ' . $login.($reset?' - Token is new':' - This is your token (generated by a previous call)')
+				'message' => 'Welcome ' . $login.($reset?' - Token is new':' - This is your token (generated by a previous call). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
 			)
 		);
 	}