Commit 6d444331 authored by Timothy Andrew's avatar Timothy Andrew

Don't look for personal access tokens in the DB when the parameter/header is not passed.

parent 05b319b0
......@@ -374,7 +374,7 @@ class ApplicationController < ActionController::Base
def get_user_from_personal_access_token
token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
personal_access_token = PersonalAccessToken.active.find_by_token(token_string)
personal_access_token = PersonalAccessToken.active.find_by_token(token_string) if token_string
personal_access_token.user if personal_access_token
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment