diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb index 760ee81cb..a269fc2d6 100644 --- a/app/controllers/concerns/authentication.rb +++ b/app/controllers/concerns/authentication.rb @@ -56,11 +56,15 @@ module Authentication end def authenticate_by_bearer_token - if request.authorization.to_s.include?("Bearer") && request.format.json? - authenticate_or_request_with_http_token do |token| - if identity = Identity.find_by_permissable_access_token(token, method: request.method) - Current.identity = identity + if request.authorization.to_s.include?("Bearer") + if request.format.json? + authenticate_or_request_with_http_token do |token| + if identity = Identity.find_by_permissable_access_token(token, method: request.method) + Current.identity = identity + end end + else + request_http_token_authentication end end end diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb index 1e49f0d9c..7fd9fd28d 100644 --- a/test/controllers/users_controller_test.rb +++ b/test/controllers/users_controller_test.rb @@ -152,7 +152,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest bearer = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:jasons_api_token).token}" } get user_path(users(:jason)), env: bearer - assert_response :redirect + assert_response :unauthorized end test "bearer token authenticates JSON requests" do