Don't try to find a user by personal_access_token if the token is nil

Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2017-03-22 15:59:03 +0100
committer: Rémy Coutable <remy@rymai.me> 2017-03-22 17:06:19 +0100
commit: 8b6041bce31750aeffbaca70950c36188b6639d1 (patch)
tree: ca556a6c76eb003343bcc7c5c73c642f375d164b /app/controllers/application_controller.rb
parent: c62314ab6419f2f61b1acb5287de51cf2d459791 (diff)
download: gitlab-ce-8b6041bce31750aeffbaca70950c36188b6639d1.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b7ce081a5cd..6a6e335d314 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -64,8 +64,11 @@ class ApplicationController < ActionController::Base
 
   # This filter handles both private tokens and personal access tokens
   def authenticate_user_from_private_token!
-    token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
-    user = User.find_by_authentication_token(token_string) || User.find_by_personal_access_token(token_string)
+    token = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
+
+    return unless token.present?
+
+    user = User.find_by_authentication_token(token) || User.find_by_personal_access_token(token)
 
     if user && can?(user, :log_in)
       # Notice we are passing store false, so the user is not
author	Rémy Coutable <remy@rymai.me>	2017-03-22 15:59:03 +0100
committer	Rémy Coutable <remy@rymai.me>	2017-03-22 17:06:19 +0100
commit	8b6041bce31750aeffbaca70950c36188b6639d1 (patch)
tree	ca556a6c76eb003343bcc7c5c73c642f375d164b /app/controllers/application_controller.rb
parent	c62314ab6419f2f61b1acb5287de51cf2d459791 (diff)
download	gitlab-ce-8b6041bce31750aeffbaca70950c36188b6639d1.tar.gz