Improve on broken MySQL handling of login tokens #1234

This commit is contained in:
Holger Just 2013-02-12 12:02:35 +01:00
parent 3f9007b909
commit 430b6bb442
2 changed files with 5 additions and 5 deletions

View File

@ -37,7 +37,7 @@ class AccountController < ApplicationController
def lost_password
redirect_to(home_url) && return unless Setting.lost_password?
if params[:token]
@token = Token.find_by_action_and_value("recovery", params[:token])
@token = Token.find_by_action_and_value("recovery", params[:token].to_s)
redirect_to(home_url) && return unless @token and !@token.expired?
@user = @token.user
if request.post?
@ -53,7 +53,7 @@ class AccountController < ApplicationController
return
else
if request.post?
user = User.find_by_mail(params[:mail])
user = User.find_by_mail(params[:mail].to_s)
# user not found in db
(flash.now[:error] = l(:notice_account_unknown_email); return) unless user
# user uses an external authentification
@ -109,7 +109,7 @@ class AccountController < ApplicationController
# Token based account activation
def activate
redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
token = Token.find_by_action_and_value('register', params[:token])
token = Token.find_by_action_and_value('register', params[:token].to_s)
redirect_to(home_url) && return unless token and !token.expired?
user = token.user
redirect_to(home_url) && return unless user.registered?

View File

@ -82,11 +82,11 @@ class ApplicationController < ActionController::Base
user
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
# RSS key authentication does not start a session
User.find_by_rss_key(params[:key])
User.find_by_rss_key(params[:key].to_s)
elsif Setting.rest_api_enabled? && api_request?
if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
# Use API key
User.find_by_api_key(key)
User.find_by_api_key(key.to_s)
else
# HTTP Basic, either username/password or API key/random
authenticate_with_http_basic do |username, password|