Commit 9d79d6e152858605afeddeeb10f43a5efbdf0376
1 parent
dfade97e
Exists in
master
and in
4 other branches
Make sure private_token for API is a string
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
1 changed file
with
6 additions
and
1 deletions
Show diff stats
lib/api/helpers.rb
| ... | ... | @@ -6,19 +6,23 @@ module API |
| 6 | 6 | SUDO_PARAM = :sudo |
| 7 | 7 | |
| 8 | 8 | def current_user |
| 9 | - @current_user ||= User.find_by_authentication_token(params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]) | |
| 9 | + private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s | |
| 10 | + @current_user ||= User.find_by_authentication_token(private_token) | |
| 10 | 11 | identifier = sudo_identifier() |
| 12 | + | |
| 11 | 13 | # If the sudo is the current user do nothing |
| 12 | 14 | if (identifier && !(@current_user.id == identifier || @current_user.username == identifier)) |
| 13 | 15 | render_api_error!('403 Forbidden: Must be admin to use sudo', 403) unless @current_user.is_admin? |
| 14 | 16 | @current_user = User.by_username_or_id(identifier) |
| 15 | 17 | not_found!("No user id or username for: #{identifier}") if @current_user.nil? |
| 16 | 18 | end |
| 19 | + | |
| 17 | 20 | @current_user |
| 18 | 21 | end |
| 19 | 22 | |
| 20 | 23 | def sudo_identifier() |
| 21 | 24 | identifier ||= params[SUDO_PARAM] ||= env[SUDO_HEADER] |
| 25 | + | |
| 22 | 26 | # Regex for integers |
| 23 | 27 | if (!!(identifier =~ /^[0-9]+$/)) |
| 24 | 28 | identifier.to_i |
| ... | ... | @@ -29,6 +33,7 @@ module API |
| 29 | 33 | |
| 30 | 34 | def set_current_user_for_thread |
| 31 | 35 | Thread.current[:current_user] = current_user |
| 36 | + | |
| 32 | 37 | begin |
| 33 | 38 | yield |
| 34 | 39 | ensure | ... | ... |