jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

logins: don't return api_token field in API.

Browse Source 
Remove the api_token field from the response to the login action (POST
/sessions). This doesn't make sense in the presence of multiple API
keys, and is also not generally useful; if you need an API key, create
one yourself and write it down.
This commit is contained in:
evazion
2021-02-15 14:22:59 -06:00
parent 206ff2b836
commit 3798a2d29e
3 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -14,6 +14,8 @@
you're highly encouraged to restrict your API keys to limit damage in case you're highly encouraged to restrict your API keys to limit damage in case
they get leaked or stolen. they get leaked or stolen.
* The login action (POST /sessions) no longer returns the api_token field.
## 2021-02-05 ## 2021-02-05
### Changes ### Changes

2
app/controllers/sessions_controller.rb
View File

@@ -15,7 +15,7 @@ class SessionsController < ApplicationController
if user if user
url = posts_path unless url&.start_with?("/") url = posts_path unless url&.start_with?("/")
respond_with(user, location: url, methods: [:api_token]) respond_with(user, location: url)
else else
flash.now[:notice] = "Password was incorrect" flash.now[:notice] = "Password was incorrect"
raise SessionLoader::AuthenticationFailure raise SessionLoader::AuthenticationFailure

5
app/models/user.rb
View File

@@ -559,11 +559,6 @@ class User < ApplicationRecord
neutral_feedback_count negative_feedback_count neutral_feedback_count negative_feedback_count
] ]
end end
# XXX
def api_token
api_keys.first.try(:key)
end
end end
module CountMethods module CountMethods