| @@ -458,9 +458,9 class ApplicationController < ActionController::Base | |||||
| 458 | # Returns the API key present in the request |
|
458 | # Returns the API key present in the request | |
| 459 | def api_key_from_request |
|
459 | def api_key_from_request | |
| 460 | if params[:key].present? |
|
460 | if params[:key].present? | |
| 461 | params[:key] |
|
461 | params[:key].to_s | |
| 462 | elsif request.headers["X-Redmine-API-Key"].present? |
|
462 | elsif request.headers["X-Redmine-API-Key"].present? | |
| 463 | request.headers["X-Redmine-API-Key"] |
|
463 | request.headers["X-Redmine-API-Key"].to_s | |
| 464 | end |
|
464 | end | |
| 465 | end |
|
465 | end | |
| 466 |
|
466 | |||
| @@ -130,8 +130,11 class User < Principal | |||||
| 130 |
|
130 | |||
| 131 | # Returns the user that matches provided login and password, or nil |
|
131 | # Returns the user that matches provided login and password, or nil | |
| 132 | def self.try_to_login(login, password) |
|
132 | def self.try_to_login(login, password) | |
|
|
133 | login = login.to_s | |||
|
|
134 | password = password.to_s | |||
|
|
135 | ||||
| 133 | # Make sure no one can sign in with an empty password |
|
136 | # Make sure no one can sign in with an empty password | |
| 134 |
return nil if password. |
|
137 | return nil if password.empty? | |
| 135 | user = find_by_login(login) |
|
138 | user = find_by_login(login) | |
| 136 | if user |
|
139 | if user | |
| 137 | # user is already in local database |
|
140 | # user is already in local database | |
| @@ -164,7 +167,7 class User < Principal | |||||
| 164 |
|
167 | |||
| 165 | # Returns the user who matches the given autologin +key+ or nil |
|
168 | # Returns the user who matches the given autologin +key+ or nil | |
| 166 | def self.try_to_autologin(key) |
|
169 | def self.try_to_autologin(key) | |
| 167 | tokens = Token.find_all_by_action_and_value('autologin', key) |
|
170 | tokens = Token.find_all_by_action_and_value('autologin', key.to_s) | |
| 168 | # Make sure there's only 1 token that matches the key |
|
171 | # Make sure there's only 1 token that matches the key | |
| 169 | if tokens.size == 1 |
|
172 | if tokens.size == 1 | |
| 170 | token = tokens.first |
|
173 | token = tokens.first | |
| @@ -338,12 +341,12 class User < Principal | |||||
| 338 | end |
|
341 | end | |
| 339 |
|
342 | |||
| 340 | def self.find_by_rss_key(key) |
|
343 | def self.find_by_rss_key(key) | |
| 341 | token = Token.find_by_value(key) |
|
344 | token = Token.find_by_action_and_value('feeds', key.to_s) | |
| 342 | token && token.user.active? ? token.user : nil |
|
345 | token && token.user.active? ? token.user : nil | |
| 343 | end |
|
346 | end | |
| 344 |
|
347 | |||
| 345 | def self.find_by_api_key(key) |
|
348 | def self.find_by_api_key(key) | |
| 346 | token = Token.find_by_action_and_value('api', key) |
|
349 | token = Token.find_by_action_and_value('api', key.to_s) | |
| 347 | token && token.user.active? ? token.user : nil |
|
350 | token && token.user.active? ? token.user : nil | |
| 348 | end |
|
351 | end | |
| 349 |
|
352 | |||
General Comments 0
You need to be logged in to leave comments.
Login now