projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
14455: Update loofah & nokogiri on workbench & api for security reasons.
[arvados.git]
/
services
/
api
/
app
/
controllers
/
user_sessions_controller.rb
diff --git
a/services/api/app/controllers/user_sessions_controller.rb
b/services/api/app/controllers/user_sessions_controller.rb
index 20633153e758c70f5b91d0b66466a06e6393b2da..020dfa53b83a6ba645a79a1696b84968144cc0cd 100644
(file)
--- a/
services/api/app/controllers/user_sessions_controller.rb
+++ b/
services/api/app/controllers/user_sessions_controller.rb
@@
-70,7
+70,7
@@
class UserSessionsController < ApplicationController
end
while (uuid = user.redirect_to_user_uuid)
end
while (uuid = user.redirect_to_user_uuid)
- user = User.where(uuid: uuid).first
+ user = User.
unscoped.
where(uuid: uuid).first
if !user
raise Exception.new("identity_url #{omniauth['info']['identity_url']} redirects to nonexistent uuid #{uuid}")
end
if !user
raise Exception.new("identity_url #{omniauth['info']['identity_url']} redirects to nonexistent uuid #{uuid}")
end
@@
-159,7
+159,7
@@
class UserSessionsController < ApplicationController
else
callback_url += '?'
end
else
callback_url += '?'
end
- callback_url += 'api_token=' + api_client_auth.
api_
token
+ callback_url += 'api_token=' + api_client_auth.token
redirect_to callback_url
end
redirect_to callback_url
end