api-auth-switch-user-v2.patch - Redmine

Feature #11755 » api-auth-switch-user-v2.patch

Vincent Caron, 2012-10-09 23:41

           # RSS key authentication does not start a session
           User.find_by_rss_key(params[:key])
         elsif Setting.rest_api_enabled? && accept_api_auth?
           user = nil
           if (key = api_key_from_request)
             # Use API key
             User.find_by_api_key(key)
             user = User.find_by_api_key(key)
           else
             # HTTP Basic, either username/password or API key/random
             authenticate_with_http_basic do |username, password|
               User.try_to_login(username, password) || User.find_by_api_key(username)
               user = User.try_to_login(username, password) || User.find_by_api_key(username)
             end
           end
           # If authenticated user is 'admin', she may use the 'switch user' feature
           if (user && user.admin? &&  (su = api_switch_user_from_request))
             # Replace user even if 'su' auth fails, don't fallback on the original admin user
             user = User.find_by_login(su)
             if not user
               render_error({:message => :notice_account_invalid_creditentials, :status => 412})
             end
           end
           user
         end
       end
-...
         end
       end
       # Returns the API 'switch user' feature value if present
       def api_switch_user_from_request
         if request.headers["X-Redmine-Switch-User"].present?
           request.headers["X-Redmine-Switch-User"].to_s
         end
       end
       # Renders a warning flash if obj has unsaved attachments
       def render_attachment_warning_if_needed(obj)
         flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?

« Previous
1
2
Next »

(2-2/2)

Project

General

Profile

Redmine

Feature #11755 » api-auth-switch-user-v2.patch