From afc1f1db925d1ab121fb37a31092ca0923514c9f Mon Sep 17 00:00:00 2001 From: kira-offgrid Date: Tue, 22 Jul 2025 04:51:06 +0000 Subject: [PATCH] fix: ruby.rails.security.brakeman.check-unscoped-find.check-unscoped-find-app-controllers-api-v1-auth_controller.rb --- app/controllers/api/v1/auth_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/auth_controller.rb b/app/controllers/api/v1/auth_controller.rb index 4f20b934..798cbe06 100644 --- a/app/controllers/api/v1/auth_controller.rb +++ b/app/controllers/api/v1/auth_controller.rb @@ -129,7 +129,7 @@ module Api access_token.revoke # Update device last seen - user = User.find(access_token.resource_owner_id) + user = current_user.users.find(access_token.resource_owner_id) device = user.mobile_devices.find_by(device_id: params[:device][:device_id]) device&.update_last_seen!