diff options
author | Raphael Sofaer <raphael@joindiaspora.com> | 2011-05-21 02:14:13 +0400 |
---|---|---|
committer | Raphael Sofaer <raphael@joindiaspora.com> | 2011-05-21 02:14:23 +0400 |
commit | 286f1b876d2c6ba03f13426ff8e54e3d92661f3f (patch) | |
tree | 5918b95399ed4c82fd6fbc08202192e520397a49 /config/environment.rb | |
parent | e9dbcc7972e14cf83b9d2925b30b8d97bd82eedd (diff) |
Allow anyone to generate a token, restrict tokens to ActivityStreams::PhotosController#create, don't let tokens create sessions.
Diffstat (limited to 'config/environment.rb')
-rw-r--r-- | config/environment.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/config/environment.rb b/config/environment.rb index 5db0d7a6f..26adfb6b1 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -24,3 +24,15 @@ end # Initialize the rails application Diaspora::Application.initialize! + +# allow token auth only for posting activitystream photos +module Devise + module Strategies + class TokenAuthenticatable < Authenticatable + private + def valid_request? + params[:controller] == "activity_streams/photos" && params[:action] == "create" + end + end + end +end |