#2203: Allow using REST API with token

app/controllers/contexts_controller.rb

@@ -4,8 +4,8 @@ class ContextsController < ApplicationController
 
   before_action :init, :except => [:index, :create, :destroy, :order]
   before_action :set_context_from_params, :only => [:update, :destroy]
-  skip_before_action :login_required, :only => [:index]
-  prepend_before_action :login_or_feed_token_required, :only => [:index]
+  skip_before_action :login_required, :only => [:index, :show]
+  prepend_before_action :login_or_feed_token_required, :only => [:index, :show]
 
   def index
     @all_contexts    = current_user.contexts

app/controllers/projects_controller.rb

@@ -4,8 +4,8 @@ class ProjectsController < ApplicationController
   before_action :set_source_view
   before_action :set_project_from_params, :only => [:update, :destroy, :show, :edit, :set_reviewed]
   before_action :default_context_filter, :only => [:create, :update]
-  skip_before_action :login_required, :only => [:index]
-  prepend_before_action :login_or_feed_token_required, :only => [:index]
+  skip_before_action :login_required, :only => [:index, :show]
+  prepend_before_action :login_or_feed_token_required, :only => [:index, :show]
 
   def index
     @source_view = params['_source_view'] || 'project_list'

app/controllers/todos_controller.rb

@@ -1,7 +1,7 @@
 class TodosController < ApplicationController
 
-  skip_before_action :login_required, :only => [:index, :tag]
-  prepend_before_action :login_or_feed_token_required, :only => [:index, :tag]
+  skip_before_action :login_required, :only => [:index, :tag, :list_deferred, :show, :list_hidden, :done]
+  prepend_before_action :login_or_feed_token_required, :only => [:index, :tag, :list_deferred, :show, :list_hidden, :done]
   append_before_action :find_and_activate_ready, :only => [:index, :list_deferred]
 
   protect_from_forgery :except => :check_deferred

lib/login_system.rb

@@ -71,7 +71,7 @@ module LoginSystem
   end
 
   def login_or_feed_token_required
-    if ['rss', 'atom', 'txt', 'ics'].include?(params[:format])
+    if ['rss', 'atom', 'txt', 'ics', 'xml'].include?(params[:format])
       if user = User.where(:token => params[:token]).first
         set_current_user(user)
         return true