From 6d444331764fec1910d15b300d89b6246a1f83ea Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Wed, 1 Jun 2016 14:09:17 +0530
Subject: [PATCH] Don't look for personal access tokens in the DB when the
 parameter/header is not passed.

---
 app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9dbaba00ff5..17bd980b454 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -374,7 +374,7 @@ class ApplicationController < ActionController::Base
 
   def get_user_from_personal_access_token
     token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
-    personal_access_token = PersonalAccessToken.active.find_by_token(token_string)
+    personal_access_token = PersonalAccessToken.active.find_by_token(token_string) if token_string
     personal_access_token.user if personal_access_token
   end
 end