Commit e2a4051c authored by Timothy Andrew's avatar Timothy Andrew

Allow personal access tokens to be specified in a header.

- In addition to a param.
parent 5fb44192
...@@ -6,6 +6,7 @@ module API ...@@ -6,6 +6,7 @@ module API
SUDO_HEADER ="HTTP_SUDO" SUDO_HEADER ="HTTP_SUDO"
SUDO_PARAM = :sudo SUDO_PARAM = :sudo
PERSONAL_ACCESS_TOKEN_PARAM = :personal_access_token PERSONAL_ACCESS_TOKEN_PARAM = :personal_access_token
PERSONAL_ACCESS_TOKEN_HEADER = "HTTP_PERSONAL_ACCESS_TOKEN"
def find_user_by_private_token def find_user_by_private_token
private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
...@@ -13,10 +14,9 @@ module API ...@@ -13,10 +14,9 @@ module API
end end
def find_user_by_personal_access_token def find_user_by_personal_access_token
personal_access_token = PersonalAccessToken.find_by_token(params[PERSONAL_ACCESS_TOKEN_PARAM]) personal_access_token_string = (params[PERSONAL_ACCESS_TOKEN_PARAM] || env[PERSONAL_ACCESS_TOKEN_HEADER]).to_s
if personal_access_token personal_access_token = PersonalAccessToken.find_by_token(personal_access_token_string)
personal_access_token.user personal_access_token.user if personal_access_token
end
end end
def current_user def current_user
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment