Commit 9d79d6e152858605afeddeeb10f43a5efbdf0376
1 parent
dfade97e
Exists in
master
and in
4 other branches
Make sure private_token for API is a string
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
1 changed file
with
6 additions
and
1 deletions
Show diff stats
lib/api/helpers.rb
| @@ -6,19 +6,23 @@ module API | @@ -6,19 +6,23 @@ module API | ||
| 6 | SUDO_PARAM = :sudo | 6 | SUDO_PARAM = :sudo |
| 7 | 7 | ||
| 8 | def current_user | 8 | def current_user |
| 9 | - @current_user ||= User.find_by_authentication_token(params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]) | 9 | + private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s |
| 10 | + @current_user ||= User.find_by_authentication_token(private_token) | ||
| 10 | identifier = sudo_identifier() | 11 | identifier = sudo_identifier() |
| 12 | + | ||
| 11 | # If the sudo is the current user do nothing | 13 | # If the sudo is the current user do nothing |
| 12 | if (identifier && !(@current_user.id == identifier || @current_user.username == identifier)) | 14 | if (identifier && !(@current_user.id == identifier || @current_user.username == identifier)) |
| 13 | render_api_error!('403 Forbidden: Must be admin to use sudo', 403) unless @current_user.is_admin? | 15 | render_api_error!('403 Forbidden: Must be admin to use sudo', 403) unless @current_user.is_admin? |
| 14 | @current_user = User.by_username_or_id(identifier) | 16 | @current_user = User.by_username_or_id(identifier) |
| 15 | not_found!("No user id or username for: #{identifier}") if @current_user.nil? | 17 | not_found!("No user id or username for: #{identifier}") if @current_user.nil? |
| 16 | end | 18 | end |
| 19 | + | ||
| 17 | @current_user | 20 | @current_user |
| 18 | end | 21 | end |
| 19 | 22 | ||
| 20 | def sudo_identifier() | 23 | def sudo_identifier() |
| 21 | identifier ||= params[SUDO_PARAM] ||= env[SUDO_HEADER] | 24 | identifier ||= params[SUDO_PARAM] ||= env[SUDO_HEADER] |
| 25 | + | ||
| 22 | # Regex for integers | 26 | # Regex for integers |
| 23 | if (!!(identifier =~ /^[0-9]+$/)) | 27 | if (!!(identifier =~ /^[0-9]+$/)) |
| 24 | identifier.to_i | 28 | identifier.to_i |
| @@ -29,6 +33,7 @@ module API | @@ -29,6 +33,7 @@ module API | ||
| 29 | 33 | ||
| 30 | def set_current_user_for_thread | 34 | def set_current_user_for_thread |
| 31 | Thread.current[:current_user] = current_user | 35 | Thread.current[:current_user] = current_user |
| 36 | + | ||
| 32 | begin | 37 | begin |
| 33 | yield | 38 | yield |
| 34 | ensure | 39 | ensure |