diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2016-04-20 11:57:45 +0530 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2016-04-28 22:28:36 +0530 |
commit | 17f2fc10e6765d328b9c34a45815e183cca50466 (patch) | |
tree | 6984bd73d83c936f16378f892013f17f4382932c /app/controllers/profiles | |
parent | 611f3ad2683a1103ef3c2af244a10ac9f3ae6734 (diff) | |
download | gitlab-ce-17f2fc10e6765d328b9c34a45815e183cca50466.tar.gz |
Change the root param while creating personal access tokens.
- Can't use `personal_access_token` anymore, because the contents
of that param are assumed to be a token string, and authenticated
against.
Diffstat (limited to 'app/controllers/profiles')
-rw-r--r-- | app/controllers/profiles/personal_access_tokens_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 5a6026f58cb..7fbf343edbd 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -32,6 +32,8 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController private def personal_access_token_params - params.require(:personal_access_token).permit(:name, :expires_at) + # We aren't using `personal_access_token` as the root param because the authentication + # system expects to find a token string there - it's off-limits to us. + params.require(:personal_access_token_params).permit(:name, :expires_at) end end |