diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 7fbf343edbd..af6def25e7f 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -2,10 +2,6 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController def index @active_personal_access_tokens = current_user.personal_access_tokens.active.order(:expires_at) @inactive_personal_access_tokens = current_user.personal_access_tokens.inactive - - # Prefer this to `@user.personal_access_tokens.new`, because it - # litters the view's call to `@user.personal_access_tokens` with - # this stub personal access token. @personal_access_token = PersonalAccessToken.new(user: @user) end diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb index fff3f76fb93..c7c3932ba40 100644 --- a/app/models/personal_access_token.rb +++ b/app/models/personal_access_token.rb @@ -1,8 +1,8 @@ class PersonalAccessToken < ActiveRecord::Base belongs_to :user - scope :active, -> { where(revoked: false).where("expires_at >= :current OR expires_at IS NULL", current: Time.current) } - scope :inactive, -> { where("revoked = true OR expires_at < :current", current: Time.current) } + scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") } + scope :inactive, -> { where("revoked = true OR expires_at < NOW()") } def self.generate(params) personal_access_token = self.new(params) diff --git a/lib/api/helpers/authentication.rb b/lib/api/helpers/authentication.rb index 4109c97ed04..4330c580276 100644 --- a/lib/api/helpers/authentication.rb +++ b/lib/api/helpers/authentication.rb @@ -42,7 +42,7 @@ module API identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER] # Regex for integers - if !!(identifier =~ /^[0-9]+$/) + if !!(identifier =~ /\A[0-9]+\z/) identifier.to_i else identifier