Improve on broken MySQL handling of login tokens #1234
This commit is contained in:
parent
3f9007b909
commit
430b6bb442
|
@ -37,7 +37,7 @@ class AccountController < ApplicationController
|
||||||
def lost_password
|
def lost_password
|
||||||
redirect_to(home_url) && return unless Setting.lost_password?
|
redirect_to(home_url) && return unless Setting.lost_password?
|
||||||
if params[:token]
|
if params[:token]
|
||||||
@token = Token.find_by_action_and_value("recovery", params[:token])
|
@token = Token.find_by_action_and_value("recovery", params[:token].to_s)
|
||||||
redirect_to(home_url) && return unless @token and !@token.expired?
|
redirect_to(home_url) && return unless @token and !@token.expired?
|
||||||
@user = @token.user
|
@user = @token.user
|
||||||
if request.post?
|
if request.post?
|
||||||
|
@ -53,7 +53,7 @@ class AccountController < ApplicationController
|
||||||
return
|
return
|
||||||
else
|
else
|
||||||
if request.post?
|
if request.post?
|
||||||
user = User.find_by_mail(params[:mail])
|
user = User.find_by_mail(params[:mail].to_s)
|
||||||
# user not found in db
|
# user not found in db
|
||||||
(flash.now[:error] = l(:notice_account_unknown_email); return) unless user
|
(flash.now[:error] = l(:notice_account_unknown_email); return) unless user
|
||||||
# user uses an external authentification
|
# user uses an external authentification
|
||||||
|
@ -109,7 +109,7 @@ class AccountController < ApplicationController
|
||||||
# Token based account activation
|
# Token based account activation
|
||||||
def activate
|
def activate
|
||||||
redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
|
redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
|
||||||
token = Token.find_by_action_and_value('register', params[:token])
|
token = Token.find_by_action_and_value('register', params[:token].to_s)
|
||||||
redirect_to(home_url) && return unless token and !token.expired?
|
redirect_to(home_url) && return unless token and !token.expired?
|
||||||
user = token.user
|
user = token.user
|
||||||
redirect_to(home_url) && return unless user.registered?
|
redirect_to(home_url) && return unless user.registered?
|
||||||
|
|
|
@ -82,11 +82,11 @@ class ApplicationController < ActionController::Base
|
||||||
user
|
user
|
||||||
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
|
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
|
||||||
# RSS key authentication does not start a session
|
# RSS key authentication does not start a session
|
||||||
User.find_by_rss_key(params[:key])
|
User.find_by_rss_key(params[:key].to_s)
|
||||||
elsif Setting.rest_api_enabled? && api_request?
|
elsif Setting.rest_api_enabled? && api_request?
|
||||||
if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
|
if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
|
||||||
# Use API key
|
# Use API key
|
||||||
User.find_by_api_key(key)
|
User.find_by_api_key(key.to_s)
|
||||||
else
|
else
|
||||||
# HTTP Basic, either username/password or API key/random
|
# HTTP Basic, either username/password or API key/random
|
||||||
authenticate_with_http_basic do |username, password|
|
authenticate_with_http_basic do |username, password|
|
||||||
|
|
Loading…
Reference in New Issue