Commit 525c4153 by liyijie

Add error processing when password is not generate by gem

parent 6ab2284b
...@@ -68,7 +68,7 @@ module RailsApiAuthentication ...@@ -68,7 +68,7 @@ module RailsApiAuthentication
user = self.find_by(@auth_key => name) user = self.find_by(@auth_key => name)
raise(UserError.new(401, '-1', 'Unauthorized')) if user.nil? raise(UserError.new(401, '-1', 'Unauthorized')) if user.nil?
salted = user.password.split(':') salted = user.password.split(':')
raise(UserError.new(401, '-1', 'Unauthorized')) unless salt(password, salted[1]) == salted[0] raise(UserError.new(401, '-1', 'Unauthorized')) unless salted[1].present? && salt(password, salted[1]) == salted[0]
AuthToken.create(self, oauth_params(params).merge({ oid: user.id }) ) AuthToken.create(self, oauth_params(params).merge({ oid: user.id }) )
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment