From 9d822b6e8b269ff68e5d90b3acb3385b0d362ef6 Mon Sep 17 00:00:00 2001
From: Duncan Sommerville <duncan.sommerville@gmail.com>
Date: Wed, 13 May 2015 17:58:02 -0400
Subject: [PATCH] Only use API authentication (not session) when validating
 termination requests

---
 .../application/controllers/ProvisioningController.php       | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/airtime_mvc/application/controllers/ProvisioningController.php b/airtime_mvc/application/controllers/ProvisioningController.php
index cda59e0db..06ee7a2ab 100644
--- a/airtime_mvc/application/controllers/ProvisioningController.php
+++ b/airtime_mvc/application/controllers/ProvisioningController.php
@@ -57,13 +57,16 @@ class ProvisioningController extends Zend_Controller_Action
 
     /**
      * Delete the Airtime Pro station's files from Amazon S3
+     *
+     * FIXME: When we deploy this next time, we should ensure that
+     *        this function can only be accessed with POST requests!
      */
     public function terminateAction()
     {
         $this->view->layout()->disableLayout();
         $this->_helper->viewRenderer->setNoRender(true);
 
-        if (!RestAuth::verifyAuth(true, true, $this)) {
+        if (!RestAuth::verifyAuth(true, false, $this)) {
             return;
         }