From 1a1f66aafc825c4556800d5d0ca4355d4a9dabc0 Mon Sep 17 00:00:00 2001
From: Mario Celi <mcelicalderon@gmail.com>
Date: Sun, 2 May 2021 18:40:48 -0500
Subject: [PATCH] Fix scope class name when setting resource by token

---
 app/controllers/devise_token_auth/concerns/set_user_by_token.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
index a2221b010..465210bdd 100644
--- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
+++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
@@ -76,7 +76,7 @@ def set_user_by_token(mapping = nil)
 
     # mitigate timing attacks by finding by uid instead of auth token
     user = uid && rc.dta_find_by(uid: uid)
-    scope = rc.to_s.underscore.to_sym
+    scope = rc.to_s.underscore.gsub('/', '_').to_sym
 
     if user && user.valid_token?(@token.token, @token.client)
       # sign_in with bypass: true will be deprecated in the next version of Devise