From 564d4e787a29b50a72c086b94d3c13faf39333f5 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Sun, 30 Nov 2014 14:32:01 -0800
Subject: enable cookie sessions for the API, temporarily.

---
 app/controllers/api_controller.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 70b3cac..d5bec70 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -5,8 +5,18 @@ class ApiController < ApplicationController
 
   protected
 
+  #
+  # For now, we are going to allow cookie authentication if there is
+  # no "Authorization" header in the request. This is to keep backward
+  # compatibility with older clients. In the future, this should be
+  # disabled.
+  #
   def require_login
-    require_token
+    if ActionController::HttpAuthentication::Token.token_and_options(request)
+      require_token
+    else
+      super
+    end
   end
 
   def anonymous_access_allowed?
-- 
cgit v1.2.3