cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clear current_user if we reject OAuth 1

Browse source 
This ensures we don't try and do any further validation of the
user which might lead to trying to report additional errors.
This commit is contained in:
Tom Hughes 2024-07-07 19:40:28 +01:00
parent d4344da2be
commit 3e77cae66c
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/controllers/api_controller.rb
View file

@ -112,6 +112,7 @@ class ApiController < ApplicationController
# self.current_user setup by OAuth # self.current_user setup by OAuth
else else
report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden
self.current_user = nil
end end
else else
username, passwd = auth_data # parse from headers username, passwd = auth_data # parse from headers