github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Return 400 instead of 404 for bad token

Browse Source
This commit is contained in:
Sam
2018-10-12 10:51:41 +11:00
parent 048cdfbcfa
commit a1c912b630
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users_controller.rb
View File

@ -1122,7 +1122,7 @@ class UsersController < ApplicationController
if params[:token_id]
token = UserAuthToken.find_by(id: params[:token_id], user_id: user.id)
# The user should not be able to revoke the auth token of current session.
raise Discourse::NotFound if guardian.auth_token == token.auth_token
raise Discourse::InvalidParameters.new(:token_id) if guardian.auth_token == token.auth_token
UserAuthToken.where(id: params[:token_id], user_id: user.id).each(&:destroy!)
else
UserAuthToken.where(user_id: user.id).each(&:destroy!)