diff options
| author | Imre Farkas <ifarkas@gitlab.com> | 2018-10-26 16:47:03 +0200 |
|---|---|---|
| committer | Imre Farkas <ifarkas@gitlab.com> | 2018-11-05 11:36:45 +0100 |
| commit | 8d900ade3832b3e2812f067ace19bad7fd286d54 (patch) | |
| tree | e81f35ae24282ec1c2843ed786e4b2803ac958f6 /lib/api | |
| parent | ef220c4d5baaaec54d4e9f46a4a777c29e2c0363 (diff) | |
| download | gitlab-ce-8d900ade3832b3e2812f067ace19bad7fd286d54.tar.gz | |
Remove PersonalAccessTokensFinder#find_by methoduse_tokenauthenticatable_method_for_token_lookup
find_by_token is overriden by TokenAuthenticatable which can be easily
missed or confused with #find_by(:token) defined by ActiveRecord. First
step for safer usage is to remove #find_by.
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/users.rb | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 47382b09207..2a56506f3a5 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -512,11 +512,9 @@ module API PersonalAccessTokensFinder.new({ user: user, impersonation: true }.merge(options)) end - # rubocop: disable CodeReuse/ActiveRecord def find_impersonation_token - finder.find_by(id: declared_params[:impersonation_token_id]) || not_found!('Impersonation Token') + finder.find_by_id(declared_params[:impersonation_token_id]) || not_found!('Impersonation Token') end - # rubocop: enable CodeReuse/ActiveRecord end before { authenticated_as_admin! } |