Skip to content

O
OHR Support
Commit f02ef4b9 authored by Holger Just's avatar Holger Just
Browse files
Options

Improve on broken MySQL handling of login tokens #1234

parent 44248417
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 5 deletions
app/controllers/account_controller.rb
View file @ f02ef4b9
......@@ -37,7 +37,7 @@ class AccountController < ApplicationController
def lost_password
redirect_to(home_url) && return unless Setting.lost_password?
if params[:token]
@token = Token.find_by_action_and_value("recovery", params[:token])
@token = Token.find_by_action_and_value("recovery", params[:token].to_s)
redirect_to(home_url) && return unless @token and !@token.expired?
@user = @token.user
if request.post?
......@@ -53,7 +53,7 @@ class AccountController < ApplicationController
return
else
if request.post?
user = User.find_by_mail(params[:mail])
user = User.find_by_mail(params[:mail].to_s)
# user not found in db
(flash.now[:error] = l(:notice_account_unknown_email); return) unless user
# user uses an external authentification
......@@ -109,7 +109,7 @@ class AccountController < ApplicationController
# Token based account activation
def activate
redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
token = Token.find_by_action_and_value('register', params[:token])
token = Token.find_by_action_and_value('register', params[:token].to_s)
redirect_to(home_url) && return unless token and !token.expired?
user = token.user
redirect_to(home_url) && return unless user.registered?
......
app/controllers/application_controller.rb
View file @ f02ef4b9
......@@ -94,11 +94,11 @@ class ApplicationController < ActionController::Base
user
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
# RSS key authentication does not start a session
User.find_by_rss_key(params[:key])
User.find_by_rss_key(params[:key].to_s)
elsif Setting.rest_api_enabled? && api_request?
if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
# Use API key
User.find_by_api_key(key)
User.find_by_api_key(key.to_s)
else
# HTTP Basic, either username/password or API key/random
authenticate_with_http_basic do |username, password|
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment