From cf71d4ef08d88ee85763b258b2738fc26e3ed3eb Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 10:24:24 +0200 Subject: separate login_required from access denied response They are very different. Let's handle them in different methods. --- .../controller_extension/authentication.rb | 24 +++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index 1f73f38..fae5145 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -16,7 +16,7 @@ module ControllerExtension::Authentication end def require_login - access_denied unless logged_in? + login_required unless logged_in? end # some actions only make sense if you are not logged in yet. @@ -29,14 +29,24 @@ module ControllerExtension::Authentication def access_denied respond_to do |format| format.html do - if logged_in? - redirect_to home_url, :alert => t(:not_authorized) - else - redirect_to login_url, :alert => t(:not_authorized_login) - end + redirect_to home_url, :alert => t(:not_authorized) end format.json do - render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity + render :json => {'error' => t(:not_authorized)}, status: :forbidden + end + end + end + + def login_required + respond_to do |format| + format.html do + redirect_to login_url, alert: t(:not_authorized_login) + end + format.json do + # Warden will intercept the 401 response and call + # SessionController#unauthenticated instead. + render json: {error: t(:not_authorized_login)}, + status: :unauthorized end end end -- cgit v1.2.3 From b79a97235b5474e4775c07be1fb7c6208a29f5b4 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 10:28:50 +0200 Subject: SessionsController#unauthenticated for 401s Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated. I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message. Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method. We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand. --- app/controllers/sessions_controller.rb | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/controllers') diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 8919a4d..4818191 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -15,6 +15,14 @@ class SessionsController < ApplicationController redirect_to home_url end + # + # Warden will catch all 401s and run this instead: + # + def unauthenticated + render json: {error: t(:not_authorized_login)}, + status: :unauthorized + end + # # this is a bad hack, but user_url(user) is not available # also, this doesn't work because the redirect happens as a PUT. no idea why. -- cgit v1.2.3 From 4dbfdf30c3235eb19e4f0ad959f65125ed18b39a Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 10:57:44 +0200 Subject: render valid json error if provider file not found --- app/controllers/static_config_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/static_config_controller.rb b/app/controllers/static_config_controller.rb index c669316..450cbb2 100644 --- a/app/controllers/static_config_controller.rb +++ b/app/controllers/static_config_controller.rb @@ -17,8 +17,8 @@ class StaticConfigController < ActionController::Base render :text => File.read(PROVIDER_JSON) end else - render :text => 'not found', :status => 404 + render json: {error: 'not found'}, status: 404 end end -end \ No newline at end of file +end -- cgit v1.2.3 From 303ec07901af3798efc873cbe050aa5cb4ba7655 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 11:00:40 +0200 Subject: use cucumber; initial ConfigsController --- app/controllers/v1/configs_controller.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 app/controllers/v1/configs_controller.rb (limited to 'app/controllers') diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb new file mode 100644 index 0000000..a43861b --- /dev/null +++ b/app/controllers/v1/configs_controller.rb @@ -0,0 +1,11 @@ +class V1::ConfigsController < ApplicationController + + before_filter :require_login + + def index + end + + def show + end + +end -- cgit v1.2.3 From f1a8cefb810bef263d3a96edffbec511dbe15291 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Jul 2014 12:48:33 +0200 Subject: send static list of configs for now Also added authentication steps to cucumber --- app/controllers/v1/configs_controller.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'app/controllers') diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index a43861b..b11b0a9 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,8 +1,17 @@ class V1::ConfigsController < ApplicationController + CONFIGS = { + services: { + soledad: "/1/configs/soledad-service.json", + eip: "/1/configs/eip-service.json", + smtp: "/1/configs/smtp-service.json" + } + } + before_filter :require_login def index + render json: CONFIGS end def show -- cgit v1.2.3 From 60052d15ca02b1c40ed265bed6515880d2851b8f Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 10 Jul 2014 12:13:30 +0200 Subject: clean up and simplify error responses and test code --- .../controller_extension/authentication.rb | 24 ++++++++++------------ .../controller_extension/token_authentication.rb | 2 +- 2 files changed, 12 insertions(+), 14 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index fae5145..687bc6e 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -27,26 +27,24 @@ module ControllerExtension::Authentication end def access_denied - respond_to do |format| - format.html do - redirect_to home_url, :alert => t(:not_authorized) - end - format.json do - render :json => {'error' => t(:not_authorized)}, status: :forbidden - end - end + respond_to_error :not_authorized, :forbidden, home_url end def login_required + # Warden will intercept the 401 response and call + # SessionController#unauthenticated instead. + respond_to_error :not_authorized_login, :unauthorized, login_url + end + + def respond_to_error(message, status=nil, redirect=nil) + message = t(message) if message.is_a?(Symbol) respond_to do |format| format.html do - redirect_to login_url, alert: t(:not_authorized_login) + redirect_to redirect, alert: message end format.json do - # Warden will intercept the 401 response and call - # SessionController#unauthenticated instead. - render json: {error: t(:not_authorized_login)}, - status: :unauthorized + status ||= :unprocessable_entity + render json: {error: message}, status: status end end end diff --git a/app/controllers/controller_extension/token_authentication.rb b/app/controllers/controller_extension/token_authentication.rb index b0ed624..1cb6ffa 100644 --- a/app/controllers/controller_extension/token_authentication.rb +++ b/app/controllers/controller_extension/token_authentication.rb @@ -12,7 +12,7 @@ module ControllerExtension::TokenAuthentication end def require_token - access_denied unless token_authenticate + login_required unless token_authenticate end def logout -- cgit v1.2.3 From b80be9832526ee956b3a73a634896c6cd8d2914e Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 12:18:18 +0200 Subject: ApiController with API style auth require_login is require_token for the api controller It also skips the verify_authenticity_token before filter. So all Subclasses of the ApiController will only support token auth. Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either. --- app/controllers/api_controller.rb | 11 +++++++++++ app/controllers/v1/certs_controller.rb | 2 +- app/controllers/v1/configs_controller.rb | 18 +++++++++--------- app/controllers/v1/messages_controller.rb | 7 ++----- app/controllers/v1/services_controller.rb | 4 +--- app/controllers/v1/sessions_controller.rb | 5 ++--- app/controllers/v1/smtp_certs_controller.rb | 2 +- app/controllers/v1/users_controller.rb | 14 +++++++++++--- 8 files changed, 38 insertions(+), 25 deletions(-) create mode 100644 app/controllers/api_controller.rb (limited to 'app/controllers') diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb new file mode 100644 index 0000000..0aa9507 --- /dev/null +++ b/app/controllers/api_controller.rb @@ -0,0 +1,11 @@ +class ApiController < ApplicationController + + skip_before_filter :verify_authenticity_token + respond_to :json + + def require_login + require_token + end + +end + diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb index b6d1d0b..68d6586 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/v1/certs_controller.rb @@ -1,4 +1,4 @@ -class V1::CertsController < ApplicationController +class V1::CertsController < ApiController before_filter :require_login, :unless => :anonymous_certs_allowed? diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index b11b0a9..537123f 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,12 +1,4 @@ -class V1::ConfigsController < ApplicationController - - CONFIGS = { - services: { - soledad: "/1/configs/soledad-service.json", - eip: "/1/configs/eip-service.json", - smtp: "/1/configs/smtp-service.json" - } - } +class V1::ConfigsController < ApiController before_filter :require_login @@ -17,4 +9,12 @@ class V1::ConfigsController < ApplicationController def show end + CONFIGS = { + services: { + soledad: "/1/configs/soledad-service.json", + eip: "/1/configs/eip-service.json", + smtp: "/1/configs/smtp-service.json" + } + } + end diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb index 85156b7..a9b93a9 100644 --- a/app/controllers/v1/messages_controller.rb +++ b/app/controllers/v1/messages_controller.rb @@ -1,10 +1,7 @@ module V1 - class MessagesController < ApplicationController + class MessagesController < ApiController - skip_before_filter :verify_authenticity_token - before_filter :require_token - - respond_to :json + before_filter :require_login def index render json: current_user.messages diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb index 594940e..114870f 100644 --- a/app/controllers/v1/services_controller.rb +++ b/app/controllers/v1/services_controller.rb @@ -1,6 +1,4 @@ -class V1::ServicesController < ApplicationController - - respond_to :json +class V1::ServicesController < ApiController def show respond_with current_user.effective_service_level diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/v1/sessions_controller.rb index d88fcdc..a343d9b 100644 --- a/app/controllers/v1/sessions_controller.rb +++ b/app/controllers/v1/sessions_controller.rb @@ -1,8 +1,7 @@ module V1 - class SessionsController < ApplicationController + class SessionsController < ApiController - skip_before_filter :verify_authenticity_token - before_filter :require_token, only: :destroy + before_filter :require_login, only: :destroy def new @session = Session.new diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index 377a49c..fa53b26 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -1,4 +1,4 @@ -class V1::SmtpCertsController < ApplicationController +class V1::SmtpCertsController < ApiController before_filter :require_login before_filter :require_email_account diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index abaefd8..5c9e33f 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,10 +1,9 @@ module V1 - class UsersController < UsersBaseController + class UsersController < ApiController - skip_before_filter :verify_authenticity_token before_filter :fetch_user, :only => [:update] before_filter :require_admin, :only => [:index] - before_filter :require_token, :only => [:update] + before_filter :require_login, :only => [:index, :update] before_filter :require_registration_allowed, only: :create respond_to :json @@ -29,11 +28,20 @@ module V1 respond_with @user end + protected + def require_registration_allowed unless APP_CONFIG[:allow_registration] head :forbidden end end + def fetch_user + @user = User.find(params[:id]) + if @user != current_user + access_denied + end + end + end end -- cgit v1.2.3 From f07c952c870bfb8634ef0d80737b67a1eec760f6 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 13:04:30 +0200 Subject: send config files from ConfigsController --- app/controllers/controller_extension/json_file.rb | 22 +++++++++++++++ app/controllers/static_config_controller.rb | 33 +++++++++++++---------- app/controllers/v1/configs_controller.rb | 28 ++++++++++++++----- 3 files changed, 62 insertions(+), 21 deletions(-) create mode 100644 app/controllers/controller_extension/json_file.rb (limited to 'app/controllers') diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb new file mode 100644 index 0000000..0cb4b6d --- /dev/null +++ b/app/controllers/controller_extension/json_file.rb @@ -0,0 +1,22 @@ +module ControllerExtension::JsonFile + extend ActiveSupport::Concern + + protected + + def send_file + if stale?(:last_modified => @file.mtime) + response.content_type = 'application/json' + render :text => @file.read + end + end + + def fetch_file + if File.exists?(@filename) + @file = File.new(@filename) + else + not_found + end + end + +end + diff --git a/app/controllers/static_config_controller.rb b/app/controllers/static_config_controller.rb index 450cbb2..c78e006 100644 --- a/app/controllers/static_config_controller.rb +++ b/app/controllers/static_config_controller.rb @@ -2,23 +2,28 @@ # This controller is responsible for returning some static config files, such as /provider.json # class StaticConfigController < ActionController::Base + include ControllerExtension::JsonFile - PROVIDER_JSON = File.join(Rails.root, 'config', 'provider', 'provider.json') + before_filter :set_minimum_client_version + before_filter :set_filename + before_filter :fetch_file + + PROVIDER_JSON = Rails.root.join('config', 'provider', 'provider.json') - # - # return the provider.json, ensuring that the header X-Minimum-Client-Version is sent - # regardless if a 200 or 304 (not modified) response is sent. - # def provider - response.headers["X-Minimum-Client-Version"] = APP_CONFIG[:minimum_client_version].to_s - if File.exists?(PROVIDER_JSON) - if stale?(:last_modified => File.mtime(PROVIDER_JSON)) - response.content_type = 'application/json' - render :text => File.read(PROVIDER_JSON) - end - else - render json: {error: 'not found'}, status: 404 - end + send_file end + protected + + # ensure that the header X-Minimum-Client-Version is sent + # regardless if a 200 or 304 (not modified) or 404 response is sent. + def set_minimum_client_version + response.headers["X-Minimum-Client-Version"] = + APP_CONFIG[:minimum_client_version].to_s + end + + def set_filename + @filename = PROVIDER_JSON + end end diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index 537123f..0b2a64a 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,20 +1,34 @@ class V1::ConfigsController < ApiController + include ControllerExtension::JsonFile before_filter :require_login + before_filter :sanitize_filename, only: :show + before_filter :fetch_file, only: :show def index - render json: CONFIGS + render json: {services: service_paths} end def show + send_file end - CONFIGS = { - services: { - soledad: "/1/configs/soledad-service.json", - eip: "/1/configs/eip-service.json", - smtp: "/1/configs/smtp-service.json" - } + SERVICES = { + soledad: "soledad-service.json", + eip: "eip-service.json", + smtp: "smtp-service.json" } + protected + + def service_paths + Hash[SERVICES.map{|k,v| [k,"/1/configs/#{str}"] } ] + end + + def sanitize_filename + @filename = params[:id].downcase + @filename += '.json' unless @filename.ends_with?('.json') + access_denied unless SERVICES.values.include? name + @filename = Rails.root.join('public', '1', 'config', @filename) + end end -- cgit v1.2.3 From 67f70b31bd16b05759e1f8393f077ee17f2c34be Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 15:49:31 +0200 Subject: move fetch_user into module so it can be mixed in We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension. --- app/controllers/controller_extension/fetch_user.rb | 20 ++++++++++++++++++++ app/controllers/users_base_controller.rb | 18 ------------------ app/controllers/users_controller.rb | 3 ++- app/controllers/v1/users_controller.rb | 9 +-------- 4 files changed, 23 insertions(+), 27 deletions(-) create mode 100644 app/controllers/controller_extension/fetch_user.rb delete mode 100644 app/controllers/users_base_controller.rb (limited to 'app/controllers') diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb new file mode 100644 index 0000000..695d723 --- /dev/null +++ b/app/controllers/controller_extension/fetch_user.rb @@ -0,0 +1,20 @@ +# +# fetch the user taking into account permissions. +# While normal users can only change settings for themselves +# admins can change things for all users. +# +module ControllerExtension::FetchUser + extend ActiveSupport::Concern + + protected + + def fetch_user + @user = User.find(params[:user_id] || params[:id]) + if !@user && admin? + redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') + elsif !admin? && @user != current_user + access_denied + end + end + +end diff --git a/app/controllers/users_base_controller.rb b/app/controllers/users_base_controller.rb deleted file mode 100644 index 9becf0d..0000000 --- a/app/controllers/users_base_controller.rb +++ /dev/null @@ -1,18 +0,0 @@ -# -# common base class for all user related controllers -# - -class UsersBaseController < ApplicationController - - protected - - def fetch_user - @user = User.find(params[:user_id] || params[:id]) - if !@user && admin? - redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') - elsif !admin? && @user != current_user - access_denied - end - end - -end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0f822cb..dcf7607 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -2,7 +2,8 @@ # This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb # -class UsersController < UsersBaseController +class UsersController < ApplicationController + include ControllerExtension::FetchUser before_filter :require_login, :except => [:new] before_filter :redirect_if_logged_in, :only => [:new] diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index 5c9e33f..bfa04fc 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,5 +1,6 @@ module V1 class UsersController < ApiController + include ControllerExtension::FetchUser before_filter :fetch_user, :only => [:update] before_filter :require_admin, :only => [:index] @@ -35,13 +36,5 @@ module V1 head :forbidden end end - - def fetch_user - @user = User.find(params[:id]) - if @user != current_user - access_denied - end - end - end end -- cgit v1.2.3 From bb10a669e1129c662ba01f223bd5a0ee7f2a0344 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 18:00:14 +0200 Subject: fix controller refactor and features Also save debug log on failing features --- .../controller_extension/authentication.rb | 23 --------------- app/controllers/controller_extension/errors.rb | 34 ++++++++++++++++++++++ app/controllers/controller_extension/json_file.rb | 1 + .../controller_extension/token_authentication.rb | 2 ++ app/controllers/v1/configs_controller.rb | 2 +- 5 files changed, 38 insertions(+), 24 deletions(-) create mode 100644 app/controllers/controller_extension/errors.rb (limited to 'app/controllers') diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index 687bc6e..e2b24f0 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -26,29 +26,6 @@ module ControllerExtension::Authentication redirect_to home_url if logged_in? end - def access_denied - respond_to_error :not_authorized, :forbidden, home_url - end - - def login_required - # Warden will intercept the 401 response and call - # SessionController#unauthenticated instead. - respond_to_error :not_authorized_login, :unauthorized, login_url - end - - def respond_to_error(message, status=nil, redirect=nil) - message = t(message) if message.is_a?(Symbol) - respond_to do |format| - format.html do - redirect_to redirect, alert: message - end - format.json do - status ||= :unprocessable_entity - render json: {error: message}, status: status - end - end - end - def admin? current_user.is_admin? end diff --git a/app/controllers/controller_extension/errors.rb b/app/controllers/controller_extension/errors.rb new file mode 100644 index 0000000..8f8edde --- /dev/null +++ b/app/controllers/controller_extension/errors.rb @@ -0,0 +1,34 @@ +module ControllerExtension::Errors + extend ActiveSupport::Concern + + protected + + def access_denied + respond_to_error :not_authorized, :forbidden, home_url + end + + def login_required + # Warden will intercept the 401 response and call + # SessionController#unauthenticated instead. + respond_to_error :not_authorized_login, :unauthorized, login_url + end + + def not_found + respond_to_error :not_found, :not_found, home_url + end + + + def respond_to_error(message, status=nil, redirect=nil) + error = message + message = t(message) if message.is_a?(Symbol) + respond_to do |format| + format.html do + redirect_to redirect, alert: message + end + format.json do + status ||= :unprocessable_entity + render json: {error: error, message: message}, status: status + end + end + end +end diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb index 0cb4b6d..6be919a 100644 --- a/app/controllers/controller_extension/json_file.rb +++ b/app/controllers/controller_extension/json_file.rb @@ -1,5 +1,6 @@ module ControllerExtension::JsonFile extend ActiveSupport::Concern + include ControllerExtension::Errors protected diff --git a/app/controllers/controller_extension/token_authentication.rb b/app/controllers/controller_extension/token_authentication.rb index 1cb6ffa..4ad1977 100644 --- a/app/controllers/controller_extension/token_authentication.rb +++ b/app/controllers/controller_extension/token_authentication.rb @@ -1,6 +1,8 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern + protected + def token @token ||= authenticate_with_http_token do |token, options| Token.find_by_token(token) diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index 0b2a64a..accdf5a 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -22,7 +22,7 @@ class V1::ConfigsController < ApiController protected def service_paths - Hash[SERVICES.map{|k,v| [k,"/1/configs/#{str}"] } ] + Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ] end def sanitize_filename -- cgit v1.2.3 From e8a3df62d14c8dd775811f4af885cf7e76d5d3f6 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 17 Jul 2014 11:18:57 +0200 Subject: clean up error assertions in tests We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions. --- app/controllers/sessions_controller.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 4818191..66eba40 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -19,8 +19,7 @@ class SessionsController < ApplicationController # Warden will catch all 401s and run this instead: # def unauthenticated - render json: {error: t(:not_authorized_login)}, - status: :unauthorized + login_required end # -- cgit v1.2.3