FIX: Do not allow revoking the token of current session. (#6472)

* FIX: Do not allow revoking the token of current session. * DEV: Add getter of current auth_token from Guardian.
2025-09-09 19:03:09 +08:00 · 2018-10-12 02:40:48 +03:00 · 2018-10-12 02:40:48 +03:00 · 048cdfbcfa
commit 048cdfbcfa
parent e68ecf1f1d
5 changed files with 28 additions and 16 deletions
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@ -381,6 +381,13 @@ class Guardian
      (components - Theme.components_for(parent)).empty?
  end

+  def auth_token
+    return nil if !request&.cookies[Auth::DefaultCurrentUserProvider::TOKEN_COOKIE]
+
+    cookie = request.cookies[Auth::DefaultCurrentUserProvider::TOKEN_COOKIE]
+    UserAuthToken.hash_token(cookie)
+  end
+
  private

  def is_my_own?(obj)