gem push signs out logged in user

[sonalkr132]

Sign in to rubygems.org, push a gem using gem push <some.gem>. Reload rubygems.org in browser, user has been logged out.

[ecnelises]

Actually cause of this bug is not related to gem push. If I logged in in one browser and log in again in another browser using the same username & passwords, the login session in the first browser will be reset. Because identification of current_user is implemented using User#remember_token, which is a field in users table. If a 'new me' logged in, the older remember token will be replaced by the newer one. That is to say any user can only logged in at one place.

[sonalkr132]

We don't really have to support login from multiple sessions, it will be lot of work.
I find log out on gem push particularly annoying, and want to fix just that. authenticate_with_api_key gets called on every api request which needs authentication.

 def authenticate_with_api_key
    api_key = request.headers["Authorization"] || params[:api_key]
    sign_in User.find_by_api_key(api_key)
  end

It is signing in user on every api request. I can't think of any good reason to create a session on api call when we are sending api_key with all requests anyway. We can create an @api_user instead of sign_in and use it instead of current_user in api controllers.