- # HTTP AUTH stuff for the API
-
- def authorize(realm='Web Password', errormessage="Could't authenticate you")
- username, passwd = get_auth_data
- # check if authorized
- # try to get user
- if @user = User.authenticate(username, passwd)
+ def authorize(realm='Web Password', errormessage="Could't authenticate you") \r
+ username, passwd = get_auth_data # parse from headers\r
+ # authenticate per-scheme
+ if username.nil?\r
+ @user = nil # no authentication provided - perhaps first connect (client should retry after 401)\r
+ elsif username == 'token' \r
+ @user = User.authenticate_token(passwd) # preferred - random token for user from db, passed in basic auth\r
+ else\r
+ @user = User.authenticate(username, passwd) # basic auth\r
+ end\r
+ \r
+ # handle authenticate pass/fail\r
+ if @user