Author: tchemit Date: 2012-10-17 00:37:06 +0200 (Wed, 17 Oct 2012) New Revision: 369 Url: http://nuiton.org/repositories/revision/jredmine/369 Log: refs #2197: Can use api Key to connect to redmine (do it for jredmine-2.x Modified: trunk/jredmine-client/src/main/redmine/jredmine-2.x/app/controllers/jredmine_controller.rb Modified: trunk/jredmine-client/src/main/redmine/jredmine-2.x/app/controllers/jredmine_controller.rb =================================================================== --- trunk/jredmine-client/src/main/redmine/jredmine-2.x/app/controllers/jredmine_controller.rb 2012-10-16 20:19:50 UTC (rev 368) +++ trunk/jredmine-client/src/main/redmine/jredmine-2.x/app/controllers/jredmine_controller.rb 2012-10-16 22:37:06 UTC (rev 369) @@ -55,13 +55,14 @@ render_status 405, "POST method required" else # Authenticate user - user = User.try_to_login(params[:username], params[:password]) + #user = User.try_to_login(params[:username], params[:password]) + user = find_current_user if user.nil? # Invalid credentials render_status 401, "Invalid credentials" - elsif user.new_record? - # Onthefly creation failed, - render_status 401, "User not activated" + #elsif user.new_record? + # # Onthefly creation failed, + # render_status 401, "User not activated" else # Valid user self.logged_user = user @@ -453,15 +454,37 @@ # Returns the current user or nil if no user is logged in def find_current_user + user = nil if session[:user_id] # existing session - (User.active.find(session[:user_id]) rescue nil) + user = (User.active.find(session[:user_id]) rescue nil) elsif cookies[:autologin] # auto-login feature - User.find_by_autologin_key(cookies[:autologin]) + user = User.find_by_autologin_key(cookies[:autologin]) end + if user.nil? && Setting.rest_api_enabled? + if (key = api_key_from_request) + # Use API key + user = User.find_by_api_key(key) + else + # HTTP Basic, either username/password or API key/random + authenticate_with_http_basic do |username, password| + user = User.try_to_login(username, password) || User.find_by_api_key(username) + end + end + end + user end + # Returns the API key present in the request + def api_key_from_request + if params[:key].present? + params[:key].to_s + elsif request.headers["X-Redmine-API-Key"].present? + request.headers["X-Redmine-API-Key"].to_s + end + end + def find_project( pid = params[:pid] ) begin @project = Project.find(pid)