From 085501427cdba87cf31fa4c2be52c4569ac6692c Mon Sep 17 00:00:00 2001
From: JoramWilander <jwawilander@gmail.com>
Date: Tue, 12 Apr 2016 13:59:46 -0400
Subject: [PATCH] Attaching device ID and system console now work properly

---
 api/context.go | 2 +-
 api/user.go    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/context.go b/api/context.go
index 9d8498c68dc3..58d70f968eac 100644
--- a/api/context.go
+++ b/api/context.go
@@ -161,7 +161,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			}
 
 			if len(token) != 0 {
-				if (h.requireSystemAdmin || h.requireUser) && !h.trustRequester {
+				if (h.requireSystemAdmin || h.requireUser) && !h.trustRequester && h.isApi {
 					if r.Header.Get(model.HEADER_REQUESTED_WITH) != model.HEADER_REQUESTED_WITH_XML {
 						c.Err = model.NewLocAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token)
 						token = ""
diff --git a/api/user.go b/api/user.go
index ac2fde45f5cd..90e6c6705dfb 100644
--- a/api/user.go
+++ b/api/user.go
@@ -50,7 +50,7 @@ func InitUser(r *mux.Router) {
 	sr.Handle("/logout", ApiUserRequired(logout)).Methods("POST")
 	sr.Handle("/login_ldap", ApiAppHandler(loginLdap)).Methods("POST")
 	sr.Handle("/revoke_session", ApiUserRequired(revokeSession)).Methods("POST")
-	sr.Handle("/attach_device", ApiUserRequired(attachDeviceId)).Methods("POST")
+	sr.Handle("/attach_device", ApiUserRequiredTrustRequester(attachDeviceId)).Methods("POST")
 	sr.Handle("/switch_to_sso", ApiAppHandler(switchToSSO)).Methods("POST")
 	sr.Handle("/switch_to_email", ApiUserRequired(switchToEmail)).Methods("POST")