From b80be9832526ee956b3a73a634896c6cd8d2914e Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 14 Jul 2014 12:18:18 +0200
Subject: ApiController with API style auth

require_login is require_token for the api controller

It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.

Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
---
 app/controllers/v1/sessions_controller.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'app/controllers/v1/sessions_controller.rb')

diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/v1/sessions_controller.rb
index d88fcdc..a343d9b 100644
--- a/app/controllers/v1/sessions_controller.rb
+++ b/app/controllers/v1/sessions_controller.rb
@@ -1,8 +1,7 @@
 module V1
-  class SessionsController < ApplicationController
+  class SessionsController < ApiController
 
-    skip_before_filter :verify_authenticity_token
-    before_filter :require_token, only: :destroy
+    before_filter :require_login, only: :destroy
 
     def new
       @session = Session.new
-- 
cgit v1.2.3