diff --git a/.gitignore b/.gitignore
index 9b6a5c1593..28e31a613e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,6 @@ restart.sh
 settings.py.mysql
 settings.py.sqlite
 secret_key.py
+run-seahub.sh
+setenv.sh
+.DS_Store
diff --git a/api/urls.py b/api/urls.py
index b026215589..90d7e60eef 100644
--- a/api/urls.py
+++ b/api/urls.py
@@ -4,14 +4,15 @@ from views import *
 
 
 urlpatterns = patterns('',
+    url(r'^ping/$', Ping.as_view()),
+    url(r'login/$', api_login),
     url(r'^$', ReposView.as_view()),
-    url(r'^/$', ReposView.as_view()),
     url(r'^repo/list/$', ReposView.as_view(), name='repos'),
     url(r'^repo/(?P<repo_id>[^/]+)/$', RepoView.as_view(), name='repo'),
 
     url(r'^dir/(?P<repo_id>[^/]+)/root/$', RepoDirPathView.as_view()),
     url(r'^dir/(?P<repo_id>[^/]+)/$', RepoDirPathView.as_view(), name='repo-dir-path'),
-    url(r'^dir/(?P<repo_id>[^/]+)/(?P<dir_id>[^/]+)/$', RepoDirIdView.as_view(), name='repo-dirr-id'),
+    url(r'^dir/(?P<repo_id>[^/]+)/(?P<dir_id>[^/]+)/$', RepoDirIdView.as_view(), name='repo-dir-id'),
     url(r'^file/(?P<repo_id>[^/]+)/(?P<file_id>[^/]+)/$', RepoFileView.as_view(), name='repo-file'),
 )
 
diff --git a/api/views.py b/api/views.py
index b2c1e61d61..70a50900d9 100644
--- a/api/views.py
+++ b/api/views.py
@@ -27,6 +27,9 @@ from djangorestframework.mixins import ResponseMixin
 from djangorestframework.response import Response
 from django.core.urlresolvers import reverse
 
+from auth.forms import AuthenticationForm
+from auth import login as auth_login
+from django.views.decorators.csrf import csrf_exempt
 
 
 json_content_type = 'application/json; charset=utf-8'
@@ -97,6 +100,30 @@ def get_dir_entrys_by_id(reqquest, dir_id):
     return HttpResponse(json.dumps(dentrys), status=200,
                         content_type=json_content_type)
 
+@csrf_exempt
+def api_login(request):
+    if request.method == "POST" :
+        form = AuthenticationForm(data=request.POST)
+    else:
+        return api_error(request, 400, "method not supported")
+
+    if form.is_valid():
+        auth_login(request, form.get_user())
+        print ">>",request.session.session_key
+        return HttpResponse(json.dumps(request.session.session_key), status=200,
+            content_type=json_content_type)
+    else:
+        return HttpResponse(json.dumps("failed"), status=401,
+            content_type=json_content_type)
+
+class Ping(ResponseMixin, View):
+    renderers = (JSONRenderer,)
+
+    @api_login_required
+    def get(self, request):
+        response = Response(200, "pong")
+        return self.render(response)
+
 class ReposView(ResponseMixin, View):
     renderers = (JSONRenderer,)
 
@@ -137,6 +164,7 @@ class ReposView(ResponseMixin, View):
         response = Response(200, repos_json)
         return self.render(response)
 
+
 class RepoView(ResponseMixin, View):
     renderers = (JSONRenderer,)
 
@@ -169,7 +197,7 @@ class RepoView(ResponseMixin, View):
                 if ret == 1:
                     password_set = True
             except SearpcError, e:
-                    return api_error(request, '403', e.msg)
+                return api_error(request, '403', e.msg)
 
         # query repo infomation
         repo_size = seafserv_threaded_rpc.server_repo_size(repo_id)
diff --git a/thirdpart/auth/decorators.py b/thirdpart/auth/decorators.py
index 373abe7b09..3b0e61058b 100644
--- a/thirdpart/auth/decorators.py
+++ b/thirdpart/auth/decorators.py
@@ -4,10 +4,10 @@ except ImportError:
     from django.utils.functional import update_wrapper, wraps  # Python 2.4 fallback.
 
 from auth import REDIRECT_FIELD_NAME
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponse
 from django.utils.decorators import available_attrs
 from django.utils.http import urlquote
-
+import simplejson as json
 
 def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
     """
@@ -44,38 +44,31 @@ def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME):
     return actual_decorator
 
 
-def api_user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
+def api_user_passes_test(test_func):
     """
     Decorator for views that checks that the user passes the given test,
     redirecting to the log-in page if necessary. The test should be a callable
     that takes the user object and returns True if the user passes.
     """
-    if not login_url:
-        from django.conf import settings
-        login_url = settings.LOGIN_URL
-
     def decorator(view_func):
         def _wrapped_view(obj, request, *args, **kwargs):
             if test_func(request.user):
                 return view_func(obj, request, *args, **kwargs)
-            path = urlquote(request.get_full_path())
-            tup = login_url, redirect_field_name, path
             json_content_type = 'application/json; charset=utf-8'
 
-            return HttpResponse(json.dumps('%s?%s=%s' % tup), status=401,
-                        content_type=json_content_type)
+            return HttpResponse(json.dumps('login required'), status=401,
+                                content_type=json_content_type)
         return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
     return decorator
 
 
-def api_login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME):
+def api_login_required(function=None):
     """
     Decorator for views that checks that the user is logged in, redirecting
     to the log-in page if necessary.
     """
     actual_decorator = api_user_passes_test(
-        lambda u: u.is_authenticated(),
-        redirect_field_name=redirect_field_name
+        lambda u: u.is_authenticated()
     )
     if function:
         return actual_decorator(function)