team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix user password field to not accidentally re-encrypt itself on save

Browse Source 
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
This commit is contained in:
Joseph Mastey
2017-09-27 18:57:40 -05:00
parent b7db890f51
commit 8b2f93516d
2 changed files with 4 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/users_controller.rb
+1 -3
View File
@@ -29,10 +29,8 @@ class UsersController < ApplicationController
if user
user.skip_user_id_assign = true
user.skip_hash_password = true
user.update_attributes(user_params_without_password)
if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
user.skip_hash_password = false
if params[:user][:password].present? && (params[:user][:password] == params[:user][:password_confirmation])
user.password = params[:user][:password]
end
message = true if user.save!