From b80be9832526ee956b3a73a634896c6cd8d2914e Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 14 Jul 2014 12:18:18 +0200
Subject: ApiController with API style auth

require_login is require_token for the api controller

It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.

Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
---
 app/controllers/api_controller.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 app/controllers/api_controller.rb

(limited to 'app/controllers/api_controller.rb')

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
new file mode 100644
index 0000000..0aa9507
--- /dev/null
+++ b/app/controllers/api_controller.rb
@@ -0,0 +1,11 @@
+class ApiController < ApplicationController
+
+  skip_before_filter :verify_authenticity_token
+  respond_to :json
+
+  def require_login
+    require_token
+  end
+
+end
+
-- 
cgit v1.2.3