Allow personal access tokens to be specified in a header.

- In addition to a param.

Allow personal access tokens to be specified in a header.
- In addition to a param.
e2a4051c · Timothy Andrew · 5fb44192 · e2a4051c
Commit e2a4051c authored Apr 15, 2016 by Timothy Andrew
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

lib/api/helpers/authentication.rb lib/api/helpers/authentication.rb +4 -4

No files found.
--- a/lib/api/helpers/authentication.rb
+++ b/lib/api/helpers/authentication.rb
@@ -6,6 +6,7 @@ module API
      SUDO_HEADER ="HTTP_SUDO"
      SUDO_PARAM = :sudo
      PERSONAL_ACCESS_TOKEN_PARAM = :personal_access_token
+      PERSONAL_ACCESS_TOKEN_HEADER = "HTTP_PERSONAL_ACCESS_TOKEN"

      def find_user_by_private_token
        private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
@@ -13,10 +14,9 @@ module API
      end

      def find_user_by_personal_access_token
-        personal_access_token = PersonalAccessToken.find_by_token(params[PERSONAL_ACCESS_TOKEN_PARAM])
-        if personal_access_token
-          personal_access_token.user
-        end
+        personal_access_token_string = (params[PERSONAL_ACCESS_TOKEN_PARAM] || env[PERSONAL_ACCESS_TOKEN_HEADER]).to_s
+        personal_access_token = PersonalAccessToken.find_by_token(personal_access_token_string)
+        personal_access_token.user if personal_access_token
      end

      def current_user