From 83aa0a7aab4cbee48228ab54b0be32b8282dc8f4 Mon Sep 17 00:00:00 2001
From: Bilal <bilal@saburly.com>
Date: Wed, 29 Jul 2020 18:45:11 +0200
Subject: [PATCH] prevent nil token

---
 .env.sample                             | 3 +++
 app/controllers/api/users_controller.rb | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.env.sample b/.env.sample
index 92c84ee..c849ec4 100644
--- a/.env.sample
+++ b/.env.sample
@@ -27,3 +27,6 @@ MUX_TOKEN_ID=
 MUX_TOKEN_SECRET=
 MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app
 MUX_TEST_MODE_DISABLED=
+
+# Required for
+CUSTOM_API_TOKEN=
\ No newline at end of file
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
index 34be00a..87dca55 100644
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -20,7 +20,7 @@ class Api::UsersController < Api::ApiController
   end
 
   def verify_custom_token
-    if token != ENV['CUSTOM_API_TOKEN']
+    if token.nil? || token.empty? || token != ENV['CUSTOM_API_TOKEN']
       unauthorized_entity(:user)
     end
   end