Change the root param while creating personal access tokens.

- Can't use `personal_access_token` anymore, because the contents of that param are assumed to be a token string, and authenticated against.
author: Timothy Andrew <mail@timothyandrew.net> 2016-04-20 11:57:45 +0530
committer: Timothy Andrew <mail@timothyandrew.net> 2016-04-28 22:28:36 +0530
commit: 17f2fc10e6765d328b9c34a45815e183cca50466 (patch)
tree: 6984bd73d83c936f16378f892013f17f4382932c /app/controllers/profiles
parent: 611f3ad2683a1103ef3c2af244a10ac9f3ae6734 (diff)
download: gitlab-ce-17f2fc10e6765d328b9c34a45815e183cca50466.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb
index 5a6026f58cb..7fbf343edbd 100644
--- a/app/controllers/profiles/personal_access_tokens_controller.rb
+++ b/app/controllers/profiles/personal_access_tokens_controller.rb
@@ -32,6 +32,8 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
   private
 
   def personal_access_token_params
-    params.require(:personal_access_token).permit(:name, :expires_at)
+    # We aren't using `personal_access_token` as the root param because the authentication
+    # system expects to find a token string there - it's off-limits to us.
+    params.require(:personal_access_token_params).permit(:name, :expires_at)
   end
 end
author	Timothy Andrew <mail@timothyandrew.net>	2016-04-20 11:57:45 +0530
committer	Timothy Andrew <mail@timothyandrew.net>	2016-04-28 22:28:36 +0530
commit	17f2fc10e6765d328b9c34a45815e183cca50466 (patch)
tree	6984bd73d83c936f16378f892013f17f4382932c /app/controllers/profiles
parent	611f3ad2683a1103ef3c2af244a10ac9f3ae6734 (diff)
download	gitlab-ce-17f2fc10e6765d328b9c34a45815e183cca50466.tar.gz