github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 06:51:27 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Check if auth token exists before revocation (#9095)

Browse Source
This commit is contained in:
Bianca Nenciu
2020-03-07 15:04:12 +02:00
committed by GitHub
parent f14dd1f82d
commit 20cfa7b810
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users_controller.rb
View File

@ -1347,7 +1347,7 @@ class UsersController < ApplicationController
if params[:token_id]
token = UserAuthToken.find_by(id: params[:token_id], user_id: user.id)
# The user should not be able to revoke the auth token of current session.
raise Discourse::InvalidParameters.new(:token_id) if guardian.auth_token == token.auth_token
raise Discourse::InvalidParameters.new(:token_id) if !token || guardian.auth_token == token.auth_token
UserAuthToken.where(id: params[:token_id], user_id: user.id).each(&:destroy!)
MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]