From 6ade508f39bf617219ef61089e8ea7b0ac651d79 Mon Sep 17 00:00:00 2001
From: Guo Xiang Tan <tgx_world@hotmail.com>
Date: Tue, 12 Dec 2017 16:40:35 +0800
Subject: [PATCH] FIX: Prevent 'rack.input' missing error.

---
 lib/auth/default_current_user_provider.rb                  | 2 +-
 spec/components/auth/default_current_user_provider_spec.rb | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index ecbd7bce1b9..105ae538390 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -39,7 +39,7 @@ class Auth::DefaultCurrentUserProvider
     request = @request
 
     user_api_key = @env[USER_API_KEY]
-    api_key = request[API_KEY]
+    api_key = @env.blank? ? nil : request[API_KEY]
 
     auth_token = request.cookies[TOKEN_COOKIE] unless user_api_key || api_key
 
diff --git a/spec/components/auth/default_current_user_provider_spec.rb b/spec/components/auth/default_current_user_provider_spec.rb
index d8c1ce2fb01..bc99f89a9fd 100644
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@@ -16,6 +16,11 @@ describe Auth::DefaultCurrentUserProvider do
     TestProvider.new(env)
   end
 
+  it "can be used to pretend that a user doesn't exist" do
+    provider = TestProvider.new({})
+    expect(provider.current_user).to eq(nil)
+  end
+
   context "server api" do
 
     it "raises errors for incorrect api_key" do