mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 16:02:46 +08:00
Return 400 instead of 404 for bad token
This commit is contained in:
parent
048cdfbcfa
commit
a1c912b630
|
@ -1122,7 +1122,7 @@ class UsersController < ApplicationController
|
|||
if params[:token_id]
|
||||
token = UserAuthToken.find_by(id: params[:token_id], user_id: user.id)
|
||||
# The user should not be able to revoke the auth token of current session.
|
||||
raise Discourse::NotFound if guardian.auth_token == token.auth_token
|
||||
raise Discourse::InvalidParameters.new(:token_id) if guardian.auth_token == token.auth_token
|
||||
UserAuthToken.where(id: params[:token_id], user_id: user.id).each(&:destroy!)
|
||||
else
|
||||
UserAuthToken.where(user_id: user.id).each(&:destroy!)
|
||||
|
|
|
@ -382,11 +382,10 @@ class Guardian
|
|||
end
|
||||
|
||||
def auth_token
|
||||
return nil if !request&.cookies[Auth::DefaultCurrentUserProvider::TOKEN_COOKIE]
|
||||
|
||||
cookie = request.cookies[Auth::DefaultCurrentUserProvider::TOKEN_COOKIE]
|
||||
if cookie = request&.cookies[Auth::DefaultCurrentUserProvider::TOKEN_COOKIE]
|
||||
UserAuthToken.hash_token(cookie)
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
|
|
|
@ -3287,7 +3287,7 @@ describe UsersController do
|
|||
|
||||
post "/u/#{user.username}/preferences/revoke-auth-token.json", params: { token_id: token.id }
|
||||
|
||||
expect(response.status).to eq(404)
|
||||
expect(response.status).to eq(400)
|
||||
end
|
||||
|
||||
it 'logs user out from everywhere if token_id is not present' do
|
||||
|
|
Loading…
Reference in New Issue
Block a user