From 86e4c142bd90042ff33a4d217a6f16107e8d9a36 Mon Sep 17 00:00:00 2001
From: Damir Gaynetdinov <gaynetdinov@fiksu.com>
Date: Thu, 25 Jul 2013 10:14:07 +0400
Subject: [PATCH 1/2] Check for api_key existing in params hash first.

---
 fever_api.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fever_api.rb b/fever_api.rb
index 5a76bc767..07a91a5e4 100644
--- a/fever_api.rb
+++ b/fever_api.rb
@@ -21,7 +21,7 @@ class FeverAPI < Sinatra::Base
   end
 
   before do
-    halt 403 unless authenticated?(params[:api_key])
+    halt 403 if !params[:api_key] || !authenticated?(params[:api_key])
   end
 
   def authenticated?(api_key)

From 6befe29f14e7b4fea1b750d5d997ac8c9d105f50 Mon Sep 17 00:00:00 2001
From: Damir Gaynetdinov <gaynetdinov@fiksu.com>
Date: Thu, 25 Jul 2013 21:56:17 +0400
Subject: [PATCH 2/2] Moved check for api_key into authenticated? method.

---
 fever_api.rb | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fever_api.rb b/fever_api.rb
index 07a91a5e4..d08357df2 100644
--- a/fever_api.rb
+++ b/fever_api.rb
@@ -21,12 +21,14 @@ class FeverAPI < Sinatra::Base
   end
 
   before do
-    halt 403 if !params[:api_key] || !authenticated?(params[:api_key])
+    halt 403 unless authenticated?(params[:api_key])
   end
 
   def authenticated?(api_key)
-    user = User.first
-    user.api_key && api_key.downcase == user.api_key.downcase
+    if api_key
+      user = User.first
+      user.api_key && api_key.downcase == user.api_key.downcase
+    end
   end
 
   get "/" do