Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not store session for api_key auth #3207 #3208

Merged
merged 3 commits into from
Apr 16, 2015

Conversation

rafatower
Copy link
Contributor

@Kartones
Copy link
Contributor

Nice! 👍

@Cartofante
Copy link
Collaborator

Frontend tests were OK 👍 (details)

@juanignaciosl
Copy link
Contributor

Great 👍

@rafatower
Copy link
Contributor Author

There's an issue with ApplicationController#current_viewer that relies on warden storing stuff in the session context. I'm gonna look for a solution for that.

The current_viewer is taken from the subdomain if the user was
previously authenticated. This covers api_key authentication (no
session).

Also we make sure to return nil if there's no authenticated user in the
context of the request. This is very important from a security
standpoint.
@Cartofante
Copy link
Collaborator

Frontend tests were OK 👍 (details)

@rafatower
Copy link
Contributor Author

@Kartones can you please review the current_viewer stuff?

@Kartones
Copy link
Contributor

👍

@Cartofante
Copy link
Collaborator

Frontend tests were OK 👍 (details)

rafatower pushed a commit that referenced this pull request Apr 16, 2015
@rafatower rafatower merged commit 2ca401e into master Apr 16, 2015
@rafatower rafatower deleted the 3207-no-session-when-api-key branch April 16, 2015 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants