1. 20 Sep, 2016 1 commit
  2. 19 Sep, 2016 5 commits
    • Rémy Coutable's avatar
      Merge branch '18302-use-rails-cookie-in-api' into 'master' · ba7c3685
      Rémy Coutable authored
      Allow the Rails cookie to be used for API authentication
      
      Makes the Rails cookie into a valid authentication token for the Grape
      API, and uses it instead of token authentication in frontend code that
      uses the API.
      
      Rendering the private token into client-side javascript is a security
      risk; it may be stolen through XSS or other attacks. In general,
      re-using API code in the frontend is more desirable than implementing
      endless actions that return JSON. 
      
      Closes #18302
      
      See merge request !1995
      ba7c3685
    • Nick Thomas's avatar
      Update API documentation to mention rails session cookies · 5d1b616e
      Nick Thomas authored
      [ci skip]
      5d1b616e
    • Nick Thomas's avatar
      Stop putting private tokens in Gon · 48d563a3
      Nick Thomas authored
      48d563a3
    • Nick Thomas's avatar
      Enable Warden for the Grape API · 10c07226
      Nick Thomas authored
      The practical effect of this commit is to make the API check the Rails session
      cookie for authentication details. If the cookie is present and valid, it will
      be used to authenticate.
      
      The API now has several authentication options for users. They follow in this
      order of precedence:
      
      * Authentication token
      * Personal access token
      * OAuth2 Bearer token (Doorkeeper - application access)
      * Rails session cookie
      10c07226
    • Nick Thomas's avatar
      Remove some dead code from the Grape API · 5db3bc64
      Nick Thomas authored
      The `guard_all!` method is never called, and `guard!` is not implemented. The
      `doorkeeper_guard!` method is also never called, and is mostly the same as its
      non-bang counterpart.
      5db3bc64
  3. 16 Sep, 2016 23 commits
  4. 15 Sep, 2016 11 commits