From cbd757cf151cd61bfdd5637d09f43e4831fec3bb Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 16:15:46 +0100
Subject: require token when updating user via API

---
 users/app/controllers/v1/users_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users/app/controllers')

diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index a16c6e9..8897d01 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -3,8 +3,8 @@ module V1
 
     skip_before_filter :verify_authenticity_token
     before_filter :fetch_user, :only => [:update]
-    before_filter :require_login, :only => [:update, :index]
     before_filter :require_admin, :only => [:index]
+    before_filter :require_token, :only => [:update]
 
     respond_to :json
 
-- 
cgit v1.2.3