From: Andy Allan Date: Wed, 20 Mar 2019 13:36:43 +0000 (+0100) Subject: Move the authorize method to api_controller X-Git-Tag: live~2668^2~3 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/94d19ae567dc7723129ee2f00576023aaee18fc7?hp=742291a840ea9dd741ef439e8678c50d1537973b;ds=sidebyside Move the authorize method to api_controller --- diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 8ddb7242f..cb3d71d49 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,6 +1,19 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") + # make the current_user object from any auth sources we have + setup_user_auth + + # handle authenticate pass/fail + unless current_user + # no auth, the user does not exist or the password was wrong + response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" + render :plain => errormessage, :status => :unauthorized + return false + end + end + def deny_access(_exception) if current_token set_locale diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 485c30b21..c5545c068 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -112,19 +112,6 @@ class ApplicationController < ActionController::Base end end - def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") - # make the current_user object from any auth sources we have - setup_user_auth - - # handle authenticate pass/fail - unless current_user - # no auth, the user does not exist or the password was wrong - response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" - render :plain => errormessage, :status => :unauthorized - return false - end - end - def check_database_readable(need_api = false) if Settings.status == "database_offline" || (need_api && Settings.status == "api_offline") if request.xhr?