diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-04 09:59:35 +0200 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-04 09:59:35 +0200 |
| commit | 3faa7653d0efc76c42d5b5cb6dcb93b3a69718a9 (patch) | |
| tree | 99b928e92851a83c9631bcf9d0cf9e2ce43b52fc /app/controllers/profiles_controller.rb | |
| parent | be1523c1ba9fa439a2525a1b18179a419ecb6b2d (diff) | |
| download | gitlab-ce-3faa7653d0efc76c42d5b5cb6dcb93b3a69718a9.tar.gz | |
Handle invalid params when trying update_username
Using strong params to require the presence of a username when calling
`update_username`. Otherwise we'd raise a `NoMethodError` validating
the paths on disk.
Diffstat (limited to 'app/controllers/profiles_controller.rb')
| -rw-r--r-- | app/controllers/profiles_controller.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index dbf61a17724..3d27ae18b17 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -51,7 +51,7 @@ class ProfilesController < Profiles::ApplicationController end def update_username - result = Users::UpdateService.new(current_user, user: @user, username: user_params[:username]).execute + result = Users::UpdateService.new(current_user, user: @user, username: username_param).execute options = if result[:status] == :success { notice: "Username successfully changed" } @@ -72,6 +72,10 @@ class ProfilesController < Profiles::ApplicationController return render_404 unless @user.can_change_username? end + def username_param + @username_param ||= user_params.require(:username) + end + def user_params @user_params ||= params.require(:user).permit( :avatar, |