From 9d79d6e152858605afeddeeb10f43a5efbdf0376 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 8 Nov 2013 18:49:38 +0200
Subject: [PATCH] Make sure private_token for API is a string

---
 lib/api/helpers.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index edc662e..b0f8d5a 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -6,19 +6,23 @@ module API
     SUDO_PARAM = :sudo
 
     def current_user
-      @current_user ||= User.find_by_authentication_token(params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER])
+      private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
+      @current_user ||= User.find_by_authentication_token(private_token)
       identifier = sudo_identifier()
+
       # If the sudo is the current user do nothing
       if (identifier && !(@current_user.id == identifier || @current_user.username == identifier))
         render_api_error!('403 Forbidden: Must be admin to use sudo', 403) unless @current_user.is_admin?
         @current_user = User.by_username_or_id(identifier)
         not_found!("No user id or username for: #{identifier}") if @current_user.nil?
       end
+
       @current_user
     end
 
     def sudo_identifier()
       identifier ||= params[SUDO_PARAM] ||= env[SUDO_HEADER]
+
       # Regex for integers
       if (!!(identifier =~ /^[0-9]+$/))
         identifier.to_i
@@ -29,6 +33,7 @@ module API
 
     def set_current_user_for_thread
       Thread.current[:current_user] = current_user
+
       begin
         yield
       ensure
--
libgit2 0.21.2