diff options
author | Azul <azul@leap.se> | 2014-07-14 12:18:18 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-07-14 13:04:08 +0200 |
commit | b80be9832526ee956b3a73a634896c6cd8d2914e (patch) | |
tree | 3c8d4ebafd6a7d063fedaeb0d307667b05c05e74 /app/controllers/v1/messages_controller.rb | |
parent | 3885308e9a2aa48f25313567525e375362253f47 (diff) |
ApiController with API style auth
require_login is require_token for the api controller
It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.
Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
Diffstat (limited to 'app/controllers/v1/messages_controller.rb')
-rw-r--r-- | app/controllers/v1/messages_controller.rb | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb index 85156b7..a9b93a9 100644 --- a/app/controllers/v1/messages_controller.rb +++ b/app/controllers/v1/messages_controller.rb @@ -1,10 +1,7 @@ module V1 - class MessagesController < ApplicationController + class MessagesController < ApiController - skip_before_filter :verify_authenticity_token - before_filter :require_token - - respond_to :json + before_filter :require_login def index render json: current_user.messages |