From a25a8115e8884d2b0f676161e7ae2ca03f988a73 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 17 Aug 2016 09:58:19 +1000 Subject: [PATCH] FEATURE: support HEAD request to /user-api-key/new This allows us to cleanly sniff to find if it exists --- app/controllers/user_api_keys_controller.rb | 9 ++++++++- spec/controllers/user_api_keys_controller_spec.rb | 8 ++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/app/controllers/user_api_keys_controller.rb b/app/controllers/user_api_keys_controller.rb index 59140a3ced7..3dbedb6e9a6 100644 --- a/app/controllers/user_api_keys_controller.rb +++ b/app/controllers/user_api_keys_controller.rb @@ -6,7 +6,15 @@ class UserApiKeysController < ApplicationController skip_before_filter :check_xhr, :preload_json before_filter :ensure_logged_in, only: [:create, :revoke, :undo_revoke] + AUTH_API_VERSION ||= 1 + def new + + if request.head? + head :ok, auth_api_version: AUTH_API_VERSION + return + end + require_params validate_params @@ -31,7 +39,6 @@ class UserApiKeysController < ApplicationController require_params - unless SiteSetting.allowed_user_api_auth_redirects .split('|') .any?{|u| params[:auth_redirect] == u} diff --git a/spec/controllers/user_api_keys_controller_spec.rb b/spec/controllers/user_api_keys_controller_spec.rb index 60eb2910624..260da46f92c 100644 --- a/spec/controllers/user_api_keys_controller_spec.rb +++ b/spec/controllers/user_api_keys_controller_spec.rb @@ -44,6 +44,14 @@ TXT } end + context 'new' do + it "supports a head request cleanly" do + head :new + expect(response.code).to eq("200") + expect(response.headers["Auth-Api-Version"]).to eq("1") + end + end + context 'create' do it "does not allow anon" do