FEATURE: Hash user API keys in the database (#9344)

The 'key' column will be dropped in a future commit.
2025-05-22 22:43:33 +08:00 · 2020-04-07 16:42:52 +03:00
parent 34df9f7908
commit 0653750fbf
6 changed files with 62 additions and 8 deletions
--- a/app/controllers/user_api_keys_controller.rb
+++ b/app/controllers/user_api_keys_controller.rb
@ -71,7 +71,6 @@ class UserApiKeysController < ApplicationController
      client_id: params[:client_id],
      user_id: current_user.id,
      push_url: params[:push_url],
-      key: SecureRandom.hex,
      scopes: scopes
    )

@ -146,7 +145,7 @@ class UserApiKeysController < ApplicationController
    revoke_key = find_key if params[:id]

    if current_key = request.env['HTTP_USER_API_KEY']
-      request_key = UserApiKey.find_by(key: current_key)
+      request_key = UserApiKey.with_key(current_key).first
      revoke_key ||= request_key
      if request_key && request_key.id != revoke_key.id && !request_key.scopes.include?("write")
        raise Discourse::InvalidAccess