FEATURE: Hash user API keys in the database (#9344)

The 'key' column will be dropped in a future commit.
2025-05-30 07:11:34 +08:00 · 2020-04-07 16:42:52 +03:00
parent 34df9f7908
commit 0653750fbf
6 changed files with 62 additions and 8 deletions
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -260,7 +260,7 @@ class Auth::DefaultCurrentUserProvider
  protected

  def lookup_user_api_user_and_update_key(user_api_key, client_id)
-    if api_key = UserApiKey.where(key: user_api_key, revoked_at: nil).includes(:user).first
+    if api_key = UserApiKey.active.with_key(user_api_key).includes(:user).first
      unless api_key.allow?(@env)
        raise Discourse::InvalidAccess
      end