X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/742291a840ea9dd741ef439e8678c50d1537973b..94d19ae567dc7723129ee2f00576023aaee18fc7:/app/controllers/api_controller.rb?ds=inline diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 8ddb7242f..cb3d71d49 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,6 +1,19 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") + # make the current_user object from any auth sources we have + setup_user_auth + + # handle authenticate pass/fail + unless current_user + # no auth, the user does not exist or the password was wrong + response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" + render :plain => errormessage, :status => :unauthorized + return false + end + end + def deny_access(_exception) if current_token set_locale