11453: Do not generate local tokens for remote users.

author Tom Clegg <tclegg@veritasgenetics.com>

Mon, 30 Oct 2017 20:56:32 +0000 (16:56 -0400)

committer Tom Clegg <tclegg@veritasgenetics.com>

Mon, 30 Oct 2017 20:56:32 +0000 (16:56 -0400)
author Tom Clegg <tclegg@veritasgenetics.com>
Mon, 30 Oct 2017 20:56:32 +0000 (16:56 -0400)
committer Tom Clegg <tclegg@veritasgenetics.com>
Mon, 30 Oct 2017 20:56:32 +0000 (16:56 -0400)
diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb

index 5a90f4f8ead61df1bfa5ae791dd0c4354bcebb51..5de85bc98bcbcb1a0051c3ecee355e82292b5a27 100644 (file)
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -24,7 +24,11 @@ class UserSessionsController < ApplicationController
        return redirect_to login_failure_url
      end
  
-    user = User.find_by_identity_url(omniauth['info']['identity_url'])
+    # Only local users can create sessions, hence uuid_like_pattern
+    # here.
+    user = User.where('identity_url = ? and uuid like ?',
+                      omniauth['info']['identity_url'],
+                      User.uuid_like_pattern).first
      if not user
        # Check for permission to log in to an existing User record with
        # a different identity_url
author	Tom Clegg <tclegg@veritasgenetics.com>
	Mon, 30 Oct 2017 20:56:32 +0000 (16:56 -0400)
committer	Tom Clegg <tclegg@veritasgenetics.com>
	Mon, 30 Oct 2017 20:56:32 +0000 (16:56 -0400)