diff options
author | Rémy Coutable <remy@rymai.me> | 2017-03-22 15:59:03 +0100 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2017-03-22 17:06:19 +0100 |
commit | 8b6041bce31750aeffbaca70950c36188b6639d1 (patch) | |
tree | ca556a6c76eb003343bcc7c5c73c642f375d164b /app/controllers/application_controller.rb | |
parent | c62314ab6419f2f61b1acb5287de51cf2d459791 (diff) | |
download | gitlab-ce-8b6041bce31750aeffbaca70950c36188b6639d1.tar.gz |
Don't try to find a user by personal_access_token if the token is nil
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b7ce081a5cd..6a6e335d314 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -64,8 +64,11 @@ class ApplicationController < ActionController::Base # This filter handles both private tokens and personal access tokens def authenticate_user_from_private_token! - token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence - user = User.find_by_authentication_token(token_string) || User.find_by_personal_access_token(token_string) + token = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence + + return unless token.present? + + user = User.find_by_authentication_token(token) || User.find_by_personal_access_token(token) if user && can?(user, :log_in) # Notice we are passing store false, so the user is not |