X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3bb07e29ec7c178757f3c94eea84935a554d812d..94d19ae567dc7723129ee2f00576023aaee18fc7:/app/controllers/api_controller.rb?ds=sidebyside diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index fb3717b2a..cb3d71d49 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,3 +1,30 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + + def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") + # make the current_user object from any auth sources we have + setup_user_auth + + # handle authenticate pass/fail + unless current_user + # no auth, the user does not exist or the password was wrong + response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" + render :plain => errormessage, :status => :unauthorized + return false + end + end + + def deny_access(_exception) + if current_token + set_locale + report_error t("oauth.permissions.missing"), :forbidden + elsif current_user + head :forbidden + else + realm = "Web Password" + errormessage = "Couldn't authenticate you" + response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" + render :plain => errormessage, :status => :unauthorized + end + end end