From f93de3a516d23cddea7cce147d3da3decac85f2f Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 11 Jul 2017 17:08:26 +0200
Subject: [PATCH] Fix #3462 - Require authentication for search API (#4155)

This makes it consistent with /api/v1/accounts/search and
previous behaviour has been an oversight.
---
 app/controllers/api/v1/search_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb
index 1353682eaf..bc5b8e5d40 100644
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@@ -3,6 +3,9 @@
 class Api::V1::SearchController < Api::BaseController
   RESULTS_LIMIT = 5
 
+  before_action -> { doorkeeper_authorize! :read }
+  before_action :require_user!
+
   respond_to :json
 
   def index
-- 
GitLab