diff --git a/apidocs/lib/resources.rb b/apidocs/lib/resources.rb index da29333e7..b543c758b 100644 --- a/apidocs/lib/resources.rb +++ b/apidocs/lib/resources.rb @@ -396,11 +396,11 @@ module GitHub } ERROR_AUTH = { - "error" => "You need to sign in or sign up before continuing." + "message" => "You need to sign in or sign up before continuing." } ERROR_WRONG_PASS = { - "error" => "Invalid email or password." + "message" => "Invalid email or password." } ERROR_RATE_LIMIT = { diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb index 2fec686d9..515258490 100644 --- a/app/controllers/api/v1/base_controller.rb +++ b/app/controllers/api/v1/base_controller.rb @@ -1,5 +1,6 @@ # -*- encoding : utf-8 -*- class Api::V1::BaseController < ApplicationController + before_filter :http_auth before_filter :restrict_paginate, :only => :index protected @@ -8,4 +9,12 @@ class Api::V1::BaseController < ApplicationController params[:per_page] = 30 if params[:per_page].blank? or params[:per_page].to_i < 1 params[:per_page] = 100 if params[:per_page].to_i >100 end + + def http_auth + authenticate_or_request_with_http_basic do |email, password| + raise HttpBasicAuthError if email.blank? && password.blank? + @current_user = User.find_by_email(email) + @current_user && @current_user.valid_password?(password) ? true : raise(HttpBasicWrongPassError) + end + end end diff --git a/app/controllers/api/v1/build_lists_controller.rb b/app/controllers/api/v1/build_lists_controller.rb index 0b3e395f1..43996de5e 100644 --- a/app/controllers/api/v1/build_lists_controller.rb +++ b/app/controllers/api/v1/build_lists_controller.rb @@ -1,7 +1,7 @@ # -*- encoding : utf-8 -*- class Api::V1::BuildListsController < Api::V1::BaseController - before_filter :authenticate_user! - skip_before_filter :authenticate_user!, :only => [:show, :index] if APP_CONFIG['anonymous_access'] + #before_filter :authenticate_user! + #skip_before_filter :authenticate_user!, :only => [:show, :index] if APP_CONFIG['anonymous_access'] load_and_authorize_resource :project, :only => :index load_and_authorize_resource :build_list, :only => [:show, :create, :cancel, :publish, :reject_publish]#, :shallow => true diff --git a/app/controllers/api/v1/platforms_controller.rb b/app/controllers/api/v1/platforms_controller.rb index 930201b7f..e98bcd024 100644 --- a/app/controllers/api/v1/platforms_controller.rb +++ b/app/controllers/api/v1/platforms_controller.rb @@ -1,8 +1,8 @@ # -*- encoding : utf-8 -*- class Api::V1::PlatformsController < Platforms::BaseController - before_filter :authenticate_user! - skip_before_filter :authenticate_user!, :only => [:advisories] if APP_CONFIG['anonymous_access'] + #before_filter :authenticate_user! + #skip_before_filter :authenticate_user!, :only => [:advisories] if APP_CONFIG['anonymous_access'] load_and_authorize_resource autocomplete :user, :uname diff --git a/app/controllers/api/v1/projects_controller.rb b/app/controllers/api/v1/projects_controller.rb index dca7fc7b5..cd556e902 100644 --- a/app/controllers/api/v1/projects_controller.rb +++ b/app/controllers/api/v1/projects_controller.rb @@ -1,6 +1,6 @@ # -*- encoding : utf-8 -*- class Api::V1::ProjectsController < Api::V1::BaseController - before_filter :authenticate_user! + #before_filter :authenticate_user! load_and_authorize_resource def get_id diff --git a/app/controllers/api/v1/repositories_controller.rb b/app/controllers/api/v1/repositories_controller.rb index 76c22f036..767dd6347 100644 --- a/app/controllers/api/v1/repositories_controller.rb +++ b/app/controllers/api/v1/repositories_controller.rb @@ -1,6 +1,6 @@ # -*- encoding : utf-8 -*- class Api::V1::RepositoriesController < Api::V1::BaseController - before_filter :authenticate_user! + #before_filter :authenticate_user! load_and_authorize_resource :repository, :through => :platform, :shallow => true end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a7df2ec34..d0a18d1e9 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -40,6 +40,13 @@ class ApplicationController < ActionController::Base end end + rescue_from HttpBasicAuthError do |exception| + render :json => {:message => t("flash.http_basic_error_msg")}.to_json, :status => 401 + end + rescue_from HttpBasicWrongPassError do |exception| + render :json => {:message => t("flash.http_basic_wrong_pass_error_message")}.to_json, :status => 401 + end + rescue_from Grit::NoSuchPathError, :with => :not_found protected diff --git a/config/initializers/http_basic.rb b/config/initializers/http_basic.rb new file mode 100644 index 000000000..eda76154b --- /dev/null +++ b/config/initializers/http_basic.rb @@ -0,0 +1,4 @@ +class HttpBasicWrongPassError < StandardError +end +class HttpBasicAuthError < StandardError +end diff --git a/config/locales/en.yml b/config/locales/en.yml index de9d9a391..465d4fd13 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -138,6 +138,8 @@ en: 500_message: Error 500. Something went wrong. We've been notified about this issue and we'll take a look at it shortly. 404_message: Error 404. Resource not found! + http_basic_auth_error_message: You need to sign in or sign up before continuing + http_basic_wrong_pass_error_message: Invalid email or password collaborators: successfully_changed: Collaborators list successfully changed diff --git a/config/locales/ru.yml b/config/locales/ru.yml index baa7fd1d2..be2f292df 100644 --- a/config/locales/ru.yml +++ b/config/locales/ru.yml @@ -138,6 +138,8 @@ ru: 500_message: Ошибка 500. Что-то пошло не так. Мы уже в курсе данной проблемы и постараемся поскорее ее решить. 404_message: Ошибка 404. Страница не найдена! + http_basic_auth_error_message: Вы должны авторизоваться или зарегестрироваться + http_basic_wrong_pass_error_message: Неверный имейл или пароль collaborators: successfully_changed: Список коллабораторов успешно изменен