From e47df0b301510a49b49fc43266f436b7d58a02b1 Mon Sep 17 00:00:00 2001
From: B-OnTheGo <42626718+beeonthego@users.noreply.github.com>
Date: Tue, 11 Sep 2018 02:15:52 +1000
Subject: Enforce token on api routes [fixed critical security issue #4357]
 (#4840)

---
 modules/auth/auth.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/auth')

diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index f3aac51899..8391e7de8f 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -63,6 +63,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 			if err = models.UpdateAccessToken(t); err != nil {
 				log.Error(4, "UpdateAccessToken: %v", err)
 			}
+			ctx.Data["IsApiToken"] = true
 			return t.UID
 		}
 	}
@@ -136,7 +137,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
 				}
 				return nil, false
 			}
-
+			ctx.Data["IsApiToken"] = true
 			return u, true
 		}
 	}
-- 
cgit v1.2.3