Allow bearer auth on Active Storage downloads
This commit is contained in:
@@ -57,7 +57,7 @@ module Authentication
|
|||||||
|
|
||||||
def authenticate_by_bearer_token
|
def authenticate_by_bearer_token
|
||||||
if request.authorization.to_s.include?("Bearer")
|
if request.authorization.to_s.include?("Bearer")
|
||||||
if request.format.json?
|
if bearer_token_authenticatable_request?
|
||||||
authenticate_or_request_with_http_token do |token|
|
authenticate_or_request_with_http_token do |token|
|
||||||
if identity = Identity.find_by_permissable_access_token(token, method: request.method)
|
if identity = Identity.find_by_permissable_access_token(token, method: request.method)
|
||||||
Current.identity = identity
|
Current.identity = identity
|
||||||
@@ -69,6 +69,10 @@ module Authentication
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def bearer_token_authenticatable_request?
|
||||||
|
request.format.json?
|
||||||
|
end
|
||||||
|
|
||||||
def request_authentication
|
def request_authentication
|
||||||
if Current.account.present?
|
if Current.account.present?
|
||||||
session[:return_to_after_authenticating] = request.url
|
session[:return_to_after_authenticating] = request.url
|
||||||
|
|||||||
@@ -31,6 +31,10 @@ Rails.application.config.to_prepare do
|
|||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
def bearer_token_authenticatable_request?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
def publicly_accessible_blob?
|
def publicly_accessible_blob?
|
||||||
@blob.publicly_accessible?
|
@blob.publicly_accessible?
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user