X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/82a8db373961d89ab1c9a3736ba5fc467fe2e03d..refs/pull/2393/head:/app/Http/Middleware/ApiAuthenticate.php diff --git a/app/Http/Middleware/ApiAuthenticate.php b/app/Http/Middleware/ApiAuthenticate.php index 15962b3b0..728057bed 100644 --- a/app/Http/Middleware/ApiAuthenticate.php +++ b/app/Http/Middleware/ApiAuthenticate.php @@ -35,9 +35,9 @@ class ApiAuthenticate { // Return if the user is already found to be signed in via session-based auth. // This is to make it easy to browser the API via browser after just logging into the system. - if (signedInUser()) { + if (signedInUser() || session()->isStarted()) { $this->ensureEmailConfirmedIfRequested(); - if (!auth()->user()->can('access-api')) { + if (!user()->can('access-api')) { throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403); } return;