enable cookie sessions for the API, temporarily.

author: elijah <elijah@riseup.net> 2014-11-30 14:32:01 -0800
committer: elijah <elijah@riseup.net> 2014-11-30 14:32:01 -0800
commit: 564d4e787a29b50a72c086b94d3c13faf39333f5 (patch)
tree: a1a3340d60567dfc1337eae76b59183c8648495b /app
parent: c3305f1c29a1a37913bfb05cd11d547e9d7f16a0 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 70b3cac..d5bec70 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -5,8 +5,18 @@ class ApiController < ApplicationController
 
   protected
 
+  #
+  # For now, we are going to allow cookie authentication if there is
+  # no "Authorization" header in the request. This is to keep backward
+  # compatibility with older clients. In the future, this should be
+  # disabled.
+  #
   def require_login
-    require_token
+    if ActionController::HttpAuthentication::Token.token_and_options(request)
+      require_token
+    else
+      super
+    end
   end
 
   def anonymous_access_allowed?
author	elijah <elijah@riseup.net>	2014-11-30 14:32:01 -0800
committer	elijah <elijah@riseup.net>	2014-11-30 14:32:01 -0800
commit	564d4e787a29b50a72c086b94d3c13faf39333f5 (patch)
tree	a1a3340d60567dfc1337eae76b59183c8648495b /app
parent	c3305f1c29a1a37913bfb05cd11d547e9d7f16a0 (diff)