[master] Persist only SHA digest of PersonalAccessToken#token

author: Imre Farkas <ifarkas@gitlab.com> 2018-10-29 19:06:45 +0300
committer: Jan Provaznik <jprovaznik@gitlab.com> 2018-10-29 19:06:45 +0300
commit: b9652d8e4dc8544766c9371057be72cc26fe3a4b (patch)
tree: dd4c8407af4ef5d98a20f30069d3a348773dfbfa /lib/gitlab/auth
parent: b5ca4ea15dee21b131b336d4189a75a283c8d1f1 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb
index 5df6db6f366..c304adc64db 100644
--- a/lib/gitlab/auth/user_auth_finders.rb
+++ b/lib/gitlab/auth/user_auth_finders.rb
@@ -73,7 +73,6 @@ module Gitlab
         end
       end
 
-      # rubocop: disable CodeReuse/ActiveRecord
       def find_personal_access_token
         token =
           current_request.params[PRIVATE_TOKEN_PARAM].presence ||
@@ -82,9 +81,8 @@ module Gitlab
         return unless token
 
         # Expiration, revocation and scopes are verified in `validate_access_token!`
-        PersonalAccessToken.find_by(token: token) || raise(UnauthorizedError)
+        PersonalAccessToken.find_by_token(token) || raise(UnauthorizedError)
       end
-      # rubocop: enable CodeReuse/ActiveRecord
 
       def find_oauth_access_token
         token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods)
author	Imre Farkas <ifarkas@gitlab.com>	2018-10-29 19:06:45 +0300
committer	Jan Provaznik <jprovaznik@gitlab.com>	2018-10-29 19:06:45 +0300
commit	b9652d8e4dc8544766c9371057be72cc26fe3a4b (patch)
tree	dd4c8407af4ef5d98a20f30069d3a348773dfbfa /lib/gitlab/auth
parent	b5ca4ea15dee21b131b336d4189a75a283c8d1f1 (diff)