From: Jean-Philippe Lang Date: Sun, 10 Jun 2012 13:39:42 +0000 (+0000) Subject: Merged r9798 to r9801 from trunk. X-Git-Tag: 2.0.3~14 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=67057ea3e954cdc774321617d865f91c4ae2352e;p=redmine.git Merged r9798 to r9801 from trunk. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/2.0-stable@9802 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c54bb4421..61f357cd0 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -445,9 +445,9 @@ class ApplicationController < ActionController::Base # Returns the API key present in the request def api_key_from_request if params[:key].present? - params[:key] + params[:key].to_s elsif request.headers["X-Redmine-API-Key"].present? - request.headers["X-Redmine-API-Key"] + request.headers["X-Redmine-API-Key"].to_s end end diff --git a/app/models/user.rb b/app/models/user.rb index 904420315..d0d1df834 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -130,8 +130,11 @@ class User < Principal # Returns the user that matches provided login and password, or nil def self.try_to_login(login, password) + login = login.to_s + password = password.to_s + # Make sure no one can sign in with an empty password - return nil if password.to_s.empty? + return nil if password.empty? user = find_by_login(login) if user # user is already in local database @@ -164,7 +167,7 @@ class User < Principal # Returns the user who matches the given autologin +key+ or nil def self.try_to_autologin(key) - tokens = Token.find_all_by_action_and_value('autologin', key) + tokens = Token.find_all_by_action_and_value('autologin', key.to_s) # Make sure there's only 1 token that matches the key if tokens.size == 1 token = tokens.first @@ -338,12 +341,12 @@ class User < Principal end def self.find_by_rss_key(key) - token = Token.find_by_value(key) + token = Token.find_by_action_and_value('feeds', key.to_s) token && token.user.active? ? token.user : nil end def self.find_by_api_key(key) - token = Token.find_by_action_and_value('api', key) + token = Token.find_by_action_and_value('api', key.to_s) token && token.user.active? ? token.user : nil end