]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/application_controller.rb
Really remove login.live.com from CSP allow list
[rails.git] / app / controllers / application_controller.rb
index a30816a8ede740eaf3adf8f8be7165db0d23a193..488e6a8189cbb41c5b389f34cb9c8b48c8777783 100644 (file)
@@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
 
   def authorize_web
     if session[:user]
-      self.current_user = User.where(:id => session[:user], :status => %w[active confirmed suspended]).first
+      self.current_user = User.find_by(:id => session[:user], :status => %w[active confirmed suspended])
 
       if session[:fingerprint] &&
          session[:fingerprint] != current_user.fingerprint
@@ -44,8 +44,6 @@ class ApplicationController < ActionController::Base
           redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
         end
       end
-    elsif session[:token]
-      session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
     end
 
     session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
@@ -199,7 +197,7 @@ class ApplicationController < ActionController::Base
   ##
   # wrap a web page in a timeout
   def web_timeout(&block)
-    Timeout.timeout(Settings.web_timeout, Timeout::Error, &block)
+    Timeout.timeout(Settings.web_timeout, &block)
   rescue ActionView::Template::Error => e
     e = e.cause