BigW Consortium Gitlab

Make sure private_token for API is a string

parent dfade97e
...@@ -6,19 +6,23 @@ module API ...@@ -6,19 +6,23 @@ module API
SUDO_PARAM = :sudo SUDO_PARAM = :sudo
def current_user def current_user
@current_user ||= User.find_by_authentication_token(params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]) private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
@current_user ||= User.find_by_authentication_token(private_token)
identifier = sudo_identifier() identifier = sudo_identifier()
# If the sudo is the current user do nothing # If the sudo is the current user do nothing
if (identifier && !(@current_user.id == identifier || @current_user.username == identifier)) if (identifier && !(@current_user.id == identifier || @current_user.username == identifier))
render_api_error!('403 Forbidden: Must be admin to use sudo', 403) unless @current_user.is_admin? render_api_error!('403 Forbidden: Must be admin to use sudo', 403) unless @current_user.is_admin?
@current_user = User.by_username_or_id(identifier) @current_user = User.by_username_or_id(identifier)
not_found!("No user id or username for: #{identifier}") if @current_user.nil? not_found!("No user id or username for: #{identifier}") if @current_user.nil?
end end
@current_user @current_user
end end
def sudo_identifier() def sudo_identifier()
identifier ||= params[SUDO_PARAM] ||= env[SUDO_HEADER] identifier ||= params[SUDO_PARAM] ||= env[SUDO_HEADER]
# Regex for integers # Regex for integers
if (!!(identifier =~ /^[0-9]+$/)) if (!!(identifier =~ /^[0-9]+$/))
identifier.to_i identifier.to_i
...@@ -29,6 +33,7 @@ module API ...@@ -29,6 +33,7 @@ module API
def set_current_user_for_thread def set_current_user_for_thread
Thread.current[:current_user] = current_user Thread.current[:current_user] = current_user
begin begin
yield yield
ensure ensure
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment