discourse

Commit Graph

Author	SHA1	Message	Date
David Taylor	6230f5c554	FEATURE: Allow parameter authentication for UserApiKeys (#9742 ) This refactors default_current_user_provider in a few ways: - Introduce a generic `api_parameter_allowed?` method which checks for whitelisted routes/formats - Only read the api_key parameter on allowed routes. It is now completely ignored on other routes (previously it would raise a 403) - Start reading user_api_key parameter on allowed routes - Refactor tests as end-end integration tests A plugin API for PARAMETER_API_PATTERNS will be added soon	2020-05-12 13:35:36 +01:00

Author

SHA1

Message

Date

David Taylor

6230f5c554

FEATURE: Allow parameter authentication for UserApiKeys (#9742 )

This refactors default_current_user_provider in a few ways:
- Introduce a generic `api_parameter_allowed?` method which checks for whitelisted routes/formats
- Only read the api_key parameter on allowed routes. It is now completely ignored on other routes (previously it would raise a 403)
- Start reading user_api_key parameter on allowed routes
- Refactor tests as end-end integration tests

A plugin API for PARAMETER_API_PATTERNS will be added soon

2020-05-12 13:35:36 +01:00

1 Commits