api: return error if login or api_key params are given but blank.

* Make it an error to supply empty API credentials, like this: `https://danbooru.donmai.us/posts.json?login=&api_key=`. Some clients did this for some reason. * Make it so that the `login` and `api_key` params are only allowed as URL params, not as POST or PUT body params. Allowing them as body params could interfere with the `PUT /api_keys/:id` endpoint, which takes an `api_key` param.
2022-10-14 20:27:58 -05:00
parent b24e8ae2a7
commit 185c8bac82
3 changed files with 19 additions and 10 deletions
--- a/test/unit/session_loader_test.rb
+++ b/test/unit/session_loader_test.rb
@@ -11,6 +11,7 @@ class SessionLoaderTest < ActiveSupport::TestCase
      @request.stubs(:cookie_jar).returns({})
      @request.stubs(:cookies).returns({})
      @request.stubs(:parameters).returns({})
+      @request.stubs(:query_parameters).returns({})
      @request.stubs(:session).returns({})
      @request.stubs(:headers).returns({})
      SessionLoader.any_instance.stubs(:initialize_session_cookies)