Commit 17f2fc10 authored by Timothy Andrew's avatar Timothy Andrew

Change the root param while creating personal access tokens.

- Can't use `personal_access_token` anymore, because the contents
  of that param are assumed to be a token string, and authenticated
  against.
parent 611f3ad2
...@@ -32,6 +32,8 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController ...@@ -32,6 +32,8 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
private private
def personal_access_token_params def personal_access_token_params
params.require(:personal_access_token).permit(:name, :expires_at) # We aren't using `personal_access_token` as the root param because the authentication
# system expects to find a token string there - it's off-limits to us.
params.require(:personal_access_token_params).permit(:name, :expires_at)
end end
end end
...@@ -12,7 +12,8 @@ ...@@ -12,7 +12,8 @@
Add a Personal Access Token Add a Personal Access Token
%p.profile-settings-content %p.profile-settings-content
Pick a name for the application, and we'll give you a unique token. Pick a name for the application, and we'll give you a unique token.
= form_for [:profile, @personal_access_token], method: :post, html: { class: 'js-requires-input' } do |f| = form_for [:profile, @personal_access_token], as: "personal_access_token_params",
method: :post, html: { class: 'js-requires-input' } do |f|
.form-group .form-group
= f.label :name, class: 'label-light' = f.label :name, class: 'label-light'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment