raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-03 22:06:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove reference to params[:token] in PaymentsController

Browse Source 
There seemingly shouldn't be any case where this controller actually receives a token param. There's only one place that creates urls that direct to this controller (Stripe authorization emails), and they do not attach any kind of token to the URL.

If the user is not logged in here (or doesn't have an access_token in their session), they get asked to log in.

Note to future devs: see previous commit for additional context.
This commit is contained in:
Matt-Yorkley
2021-12-16 13:41:04 +00:00
parent 9f49a84e7f
commit ec3dadfe68
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/payments_controller.rb
View File

@@ -19,7 +19,7 @@ class PaymentsController < BaseController
private
def require_logged_in
return if session[:access_token] || params[:token] || spree_current_user
return if session[:access_token] || spree_current_user
flash[:error] = I18n.t("spree.orders.edit.login_to_view_order")
redirect_to main_app.root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")