Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/diaspora/diaspora.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRaphael Sofaer <raphael@joindiaspora.com>2011-05-21 02:14:13 +0400
committerRaphael Sofaer <raphael@joindiaspora.com>2011-05-21 02:14:23 +0400
commit286f1b876d2c6ba03f13426ff8e54e3d92661f3f (patch)
tree5918b95399ed4c82fd6fbc08202192e520397a49 /config/environment.rb
parente9dbcc7972e14cf83b9d2925b30b8d97bd82eedd (diff)
Allow anyone to generate a token, restrict tokens to ActivityStreams::PhotosController#create, don't let tokens create sessions.
Diffstat (limited to 'config/environment.rb')
-rw-r--r--config/environment.rb12
1 files changed, 12 insertions, 0 deletions
diff --git a/config/environment.rb b/config/environment.rb
index 5db0d7a6f..26adfb6b1 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -24,3 +24,15 @@ end
# Initialize the rails application
Diaspora::Application.initialize!
+
+# allow token auth only for posting activitystream photos
+module Devise
+ module Strategies
+ class TokenAuthenticatable < Authenticatable
+ private
+ def valid_request?
+ params[:controller] == "activity_streams/photos" && params[:action] == "create"
+ end
+ end
+ end
+end