diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-07-27 18:24:42 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-07-27 18:24:42 +0000 |
| commit | ed165f671620409c39830a7d8326d37c27ea2fc1 (patch) | |
| tree | 23d952509780d6294e30f2e3a8897c4bfe805fc6 /app | |
| parent | 8ed4620bb9e7b30cadea15aa6a4b499a5f165ea1 (diff) | |
| download | redmine-ed165f671620409c39830a7d8326d37c27ea2fc1.tar.gz redmine-ed165f671620409c39830a7d8326d37c27ea2fc1.zip | |
Do not user user session for API requests.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10085 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application_controller.rb | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 98a52a834..5a1774c04 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -86,25 +86,30 @@ class ApplicationController < ActionController::Base # Returns the current user or nil if no user is logged in # and starts a session if needed def find_current_user - if session[:user_id] - # existing session - (User.active.find(session[:user_id]) rescue nil) - elsif user = try_to_autologin - user - elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth? - # RSS key authentication does not start a session - User.find_by_rss_key(params[:key]) - elsif Setting.rest_api_enabled? && accept_api_auth? + user = nil + unless api_request? + if session[:user_id] + # existing session + user = (User.active.find(session[:user_id]) rescue nil) + elsif autologin_user = try_to_autologin + user = autologin_user + elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth? + # RSS key authentication does not start a session + user = User.find_by_rss_key(params[:key]) + end + end + if user.nil? && Setting.rest_api_enabled? && accept_api_auth? if (key = api_key_from_request) # Use API key - User.find_by_api_key(key) + user = User.find_by_api_key(key) else # HTTP Basic, either username/password or API key/random authenticate_with_http_basic do |username, password| - User.try_to_login(username, password) || User.find_by_api_key(username) + user = User.try_to_login(username, password) || User.find_by_api_key(username) end end end + user end def try_to_autologin |