Fix #3462 - Require authentication for search API (#4155)

This makes it consistent with /api/v1/accounts/search and
previous behaviour has been an oversight.

diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb
index 1353682eaf68fb3204f05d38ee4066926f4d1fe7..bc5b8e5d4075f79618341b2d1b5e20520fd71d6d 100644 (file)
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@@ -3,6 +3,9 @@
 class Api::V1::SearchController < Api::BaseController
   RESULTS_LIMIT = 5
 
+  before_action -> { doorkeeper_authorize! :read }
+  before_action :require_user!
+
   respond_to :json
 
   def index