diff options
| author | Vinnie Okada <vokada@mrvinn.com> | 2015-03-14 10:49:11 -0600 |
|---|---|---|
| committer | Vinnie Okada <vokada@mrvinn.com> | 2015-03-14 10:49:11 -0600 |
| commit | ad0ca0499ac81c68e9e8011d2e194b16c759c1d6 (patch) | |
| tree | b3a39a2ef6cc4cfbdeab37fff87ed66dd4dcf9dc /lib/api | |
| parent | 13e9f4f33420bf0bae0b61b98dd3c2301d6f6223 (diff) | |
| parent | 19e0dafbef47ca04f19d38b72b817beeb09e8510 (diff) | |
| download | gitlab-ce-ad0ca0499ac81c68e9e8011d2e194b16c759c1d6.tar.gz | |
Merge branch 'master' into fix-restricted-visibility
Conflicts:
db/schema.rb
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/helpers.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index f46dc8b456e..a6e77002a01 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -83,7 +83,10 @@ module API end def authenticate_by_gitlab_shell_token! - unauthorized! unless secret_token == params['secret_token'].try(:chomp) + input = params['secret_token'].try(:chomp) + unless Devise.secure_compare(secret_token, input) + unauthorized! + end end def authenticated_as_admin! |