From eaf87f07701b70903dcc88a7235371a00cc61083 Mon Sep 17 00:00:00 2001 From: Sam Date: Fri, 26 Aug 2016 10:37:02 +1000 Subject: [PATCH] FIX: correctly handle api key so it uses current user provider --- app/controllers/application_controller.rb | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7ca4330a511..1e1f5322d91 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -452,7 +452,7 @@ class ApplicationController < ActionController::Base def check_xhr # bypass xhr check on PUT / POST / DELETE provided api key is there, otherwise calling api is annoying - return if !request.get? && api_key_valid? + return if !request.get? && is_api? raise RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?) end @@ -469,7 +469,7 @@ class ApplicationController < ActionController::Base end def redirect_to_login_if_required - return if current_user || (request.format.json? && api_key_valid?) + return if current_user || (request.format.json? && is_api?) # redirect user to the SSO page if we need to log in AND SSO is enabled if SiteSetting.login_required? @@ -514,10 +514,6 @@ class ApplicationController < ActionController::Base render_json_dump(post_serializer) end - def api_key_valid? - request["api_key"] && ApiKey.where(key: request["api_key"]).exists? - end - # returns an array of integers given a param key # returns nil if key is not found def param_to_integer_list(key, delimiter = ',')