diff options
-rw-r--r-- | app/controllers/profiles/personal_access_tokens_controller.rb | 4 | ||||
-rw-r--r-- | app/views/profiles/personal_access_tokens/index.html.haml | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 5a6026f58cb..7fbf343edbd 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -32,6 +32,8 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController private def personal_access_token_params - params.require(:personal_access_token).permit(:name, :expires_at) + # We aren't using `personal_access_token` as the root param because the authentication + # system expects to find a token string there - it's off-limits to us. + params.require(:personal_access_token_params).permit(:name, :expires_at) end end diff --git a/app/views/profiles/personal_access_tokens/index.html.haml b/app/views/profiles/personal_access_tokens/index.html.haml index 77726d34fbc..72e67df4337 100644 --- a/app/views/profiles/personal_access_tokens/index.html.haml +++ b/app/views/profiles/personal_access_tokens/index.html.haml @@ -12,7 +12,8 @@ Add a Personal Access Token %p.profile-settings-content Pick a name for the application, and we'll give you a unique token. - = form_for [:profile, @personal_access_token], method: :post, html: { class: 'js-requires-input' } do |f| + = form_for [:profile, @personal_access_token], as: "personal_access_token_params", + method: :post, html: { class: 'js-requires-input' } do |f| .form-group = f.label :name, class: 'label-light' |