Authenticator#allow? should return false if the token method returns nil.
Currently it returns true but doesn't set current_user because of the if statement which will allow you to have access to the endpoint even if there isn't a token in the request header.
In application_controller_methods.rb:
Authenticator#allow? should return false if the token method returns nil.
Currently it returns true but doesn't set current_user because of the if statement which will allow you to have access to the endpoint even if there isn't a token in the request header.