pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

API user creation behing a toggle

Browse Source 
I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.

I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
This commit is contained in:
Jeremy Benoist
2017-06-02 10:19:33 +02:00
parent a687c8d915
commit 426bb453d2
10 changed files with 297 additions and 343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/config/security.yml
View File

@ -56,6 +56,7 @@ security:
access_control:
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/version, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/user, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }