deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

allow login via private token only for atom feeds

Browse source
This commit is contained in:
Nihad Abbasov 2012-06-01 06:56:28 -07:00
parent f8f6ff065e
commit cc3c6ad0ef
2 changed files with 16 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
app/controllers/application_controller.rb
View file

@ -1,7 +1,7 @@
class ApplicationController < ActionController::Base
before_filter :authenticate_user!
before_filter :reject_blocked!
before_filter :set_current_user_for_mailer
before_filter :set_current_user_for_mailer, :check_token_auth
protect_from_forgery
helper_method :abilities, :can?
@ -17,9 +17,16 @@ class ApplicationController < ActionController::Base
protected
def check_token_auth
# Redirect to login page if not atom feed
if params[:private_token].present? && params[:format] != 'atom'
redirect_to new_user_session_path
end
end
def reject_blocked!
if current_user && current_user.blocked
sign_out current_user
sign_out current_user
flash[:alert] = "Your account was blocked"
redirect_to new_user_session_path
end