Commit graph

6 commits

Author SHA1 Message Date
Timothy Andrew
7fa06ed55d Calls to the API are checked for scope.
- Move the `Oauth2::AccessTokenValidationService` class to
  `AccessTokenValidationService`, since it is now being used for
  personal access token validation as well.

- Each API endpoint declares the scopes it accepts (if any). Currently,
  the top level API module declares the `api` scope, and the `Users` API
  module declares the `read_user` scope (for GET requests).

- Move the `find_user_by_private_token` from the API `Helpers` module to
  the `APIGuard` module, to avoid littering `Helpers` with more
  auth-related methods to support `find_user_by_private_token`
2016-12-16 16:29:31 +05:30
Grzegorz Bizon
9e211091a8 Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
Z.J. van de Weg
abca19da8b Use HTTP matchers if possible 2016-06-27 20:10:42 +02:00
Dmitriy Zaporozhets
7b9b3c5aab
Fix part of api specs for rubocop
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2015-06-22 15:05:19 +02:00
Jeroen van Baarsen
0c4a70a306 Updated rspec to rspec 3.x syntax
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 19:17:35 +01:00
Valery Sizov
e41dadcb33 Doorkeeper integration 2014-12-24 15:38:07 +02:00