From 430b6bb442ed555241c4977b25cedc9931e982d0 Mon Sep 17 00:00:00 2001
From: Holger Just <hjust@meine-er.de>
Date: Tue, 12 Feb 2013 12:02:35 +0100
Subject: [PATCH] Improve on broken MySQL handling of login tokens #1234

---
 app/controllers/account_controller.rb     | 6 +++---
 app/controllers/application_controller.rb | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index b97c91ad..4f0faa0d 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -37,7 +37,7 @@ class AccountController < ApplicationController
   def lost_password
     redirect_to(home_url) && return unless Setting.lost_password?
     if params[:token]
-      @token = Token.find_by_action_and_value("recovery", params[:token])
+      @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
       redirect_to(home_url) && return unless @token and !@token.expired?
       @user = @token.user
       if request.post?
@@ -53,7 +53,7 @@ class AccountController < ApplicationController
       return
     else
       if request.post?
-        user = User.find_by_mail(params[:mail])
+        user = User.find_by_mail(params[:mail].to_s)
         # user not found in db
         (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
         # user uses an external authentification
@@ -109,7 +109,7 @@ class AccountController < ApplicationController
   # Token based account activation
   def activate
     redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
-    token = Token.find_by_action_and_value('register', params[:token])
+    token = Token.find_by_action_and_value('register', params[:token].to_s)
     redirect_to(home_url) && return unless token and !token.expired?
     user = token.user
     redirect_to(home_url) && return unless user.registered?
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7b2e6eea..abdc46a8 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -82,11 +82,11 @@ class ApplicationController < ActionController::Base
       user
     elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
       # RSS key authentication does not start a session
-      User.find_by_rss_key(params[:key])
+      User.find_by_rss_key(params[:key].to_s)
     elsif Setting.rest_api_enabled? && api_request?
       if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
         # Use API key
-        User.find_by_api_key(key)
+        User.find_by_api_key(key.to_s)
       else
         # HTTP Basic, either username/password or API key/random
         authenticate_with_http_basic do |username, password|