Don't look for personal access tokens in the DB when the parameter/header is not passed.

2016-06-01 14:09:17 +05:30 · 2016-06-01 14:09:17 +05:30 · 6d44433176
commit 6d44433176
parent 05b319b0b4
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -374,7 +374,7 @@ class ApplicationController < ActionController::Base

  def get_user_from_personal_access_token
    token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
-    personal_access_token = PersonalAccessToken.active.find_by_token(token_string)
+    personal_access_token = PersonalAccessToken.active.find_by_token(token_string) if token_string
    personal_access_token.user if personal_access_token
  end
 end