Merge branch 'fix_pat_auth-11-3' into 'security-11-3'

[11.3] Fix Token lookup for Git over HTTP and registry authentication

See merge request gitlab/gitlabhq!2578

3 files changed, 3 insertions, 3 deletions

diff --git a/app/finders/personal_access_tokens_finder.rb b/app/finders/personal_access_tokens_finder.rb
index d975f354a88..5d5c633d634 100644
--- a/app/finders/personal_access_tokens_finder.rb
+++ b/app/finders/personal_access_tokens_finder.rb
@@ -1,7 +1,7 @@
 class PersonalAccessTokensFinder
   attr_accessor :params
 
-  delegate :build, :find, :find_by, to: :execute
+  delegate :build, :find, :find_by, :find_by_token, to: :execute
 
   def initialize(params = {})
     @params = params
diff --git a/app/models/user.rb b/app/models/user.rb
index 7c8c994352e..448f10643a0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -455,7 +455,7 @@ class User < ActiveRecord::Base
     def find_by_personal_access_token(token_string)
       return unless token_string
 
-      PersonalAccessTokensFinder.new(state: 'active').find_by(token: token_string)&.user
+      PersonalAccessTokensFinder.new(state: 'active').find_by_token(token_string)&.user
     end
 
     # Returns a user for the given SSH key.
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 111e18b2076..e09a03ecd45 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -150,7 +150,7 @@ module Gitlab
       def personal_access_token_check(password)
         return unless password.present?
 
-        token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password)
+        token = PersonalAccessTokensFinder.new(state: 'active').find_by_token(password)
 
         if token && valid_scoped_token?(token, available_scopes)
           Gitlab::Auth::Result.new(token.user, nil, :personal_access_token, abilities_for_scopes(token.scopes))