diff options
author | Imre Farkas <ifarkas@gitlab.com> | 2018-10-29 19:06:45 +0300 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-29 19:06:45 +0300 |
commit | b9652d8e4dc8544766c9371057be72cc26fe3a4b (patch) | |
tree | dd4c8407af4ef5d98a20f30069d3a348773dfbfa /lib/gitlab/auth | |
parent | b5ca4ea15dee21b131b336d4189a75a283c8d1f1 (diff) |
[master] Persist only SHA digest of PersonalAccessToken#token
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/user_auth_finders.rb | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb index 5df6db6f366..c304adc64db 100644 --- a/lib/gitlab/auth/user_auth_finders.rb +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -73,7 +73,6 @@ module Gitlab end end - # rubocop: disable CodeReuse/ActiveRecord def find_personal_access_token token = current_request.params[PRIVATE_TOKEN_PARAM].presence || @@ -82,9 +81,8 @@ module Gitlab return unless token # Expiration, revocation and scopes are verified in `validate_access_token!` - PersonalAccessToken.find_by(token: token) || raise(UnauthorizedError) + PersonalAccessToken.find_by_token(token) || raise(UnauthorizedError) end - # rubocop: enable CodeReuse/ActiveRecord def find_oauth_access_token token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods) |