Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: correctly handle api key so it uses current user provider

This commit is contained in:
Sam 2016-08-26 10:37:02 +10:00
parent b1c8ede617
commit eaf87f0770
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/application_controller.rb
View File

@ -452,7 +452,7 @@ class ApplicationController < ActionController::Base
def check_xhr def check_xhr
# bypass xhr check on PUT / POST / DELETE provided api key is there, otherwise calling api is annoying # bypass xhr check on PUT / POST / DELETE provided api key is there, otherwise calling api is annoying
return if !request.get? && api_key_valid? return if !request.get? && is_api?
raise RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?) raise RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?)
end end
@ -469,7 +469,7 @@ class ApplicationController < ActionController::Base
end end
def redirect_to_login_if_required def redirect_to_login_if_required
return if current_user || (request.format.json? && api_key_valid?) return if current_user || (request.format.json? && is_api?)
# redirect user to the SSO page if we need to log in AND SSO is enabled # redirect user to the SSO page if we need to log in AND SSO is enabled
if SiteSetting.login_required? if SiteSetting.login_required?
@ -514,10 +514,6 @@ class ApplicationController < ActionController::Base
render_json_dump(post_serializer) render_json_dump(post_serializer)
end end
def api_key_valid?
request["api_key"] && ApiKey.where(key: request["api_key"]).exists?
end
# returns an array of integers given a param key # returns an array of integers given a param key
# returns nil if key is not found # returns nil if key is not found
def param_to_integer_list(key, delimiter = ',') def param_to_integer_list(key, delimiter = ',')