projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
14455: Update loofah & nokogiri on workbench & api for security reasons.
[arvados.git] / services / api / app / controllers / user_sessions_controller.rb
diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index 20633153e758c70f5b91d0b66466a06e6393b2da..020dfa53b83a6ba645a79a1696b84968144cc0cd 100644 (file)
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -70,7 +70,7 @@ class UserSessionsController < ApplicationController
       end
 
       while (uuid = user.redirect_to_user_uuid)
-        user = User.where(uuid: uuid).first
+        user = User.unscoped.where(uuid: uuid).first
         if !user
           raise Exception.new("identity_url #{omniauth['info']['identity_url']} redirects to nonexistent uuid #{uuid}")
         end
@@ -159,7 +159,7 @@ class UserSessionsController < ApplicationController
     else
       callback_url += '?'
     end
-    callback_url += 'api_token=' + api_client_auth.api_token
+    callback_url += 'api_token=' + api_client_auth.token
     redirect_to callback_url
   end