Merge pull request #271 from jmmastey/dont-reencrypt-password

fix user password field to not accidentally re-encrypt itself on save

app/controllers/users_controller.rb

@@ -29,10 +29,8 @@ class UsersController < ApplicationController
 
     if user
       user.skip_user_id_assign = true
-      user.skip_hash_password = true
       user.update_attributes(user_params_without_password)
-      if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
+      if params[:user][:password].present? && (params[:user][:password] == params[:user][:password_confirmation])
-        user.skip_hash_password = false
         user.password = params[:user][:password]
       end
       message = true if user.save!

app/models/user.rb

@@ -11,7 +11,6 @@ class User < ApplicationRecord
   validates_uniqueness_of :email
   validates_format_of :email, :with => /.+@.+\..+/i
   attr_accessor :skip_user_id_assign
-  attr_accessor :skip_hash_password
   before_save :assign_user_id, :on => :create
   before_save :hash_password
   has_one :retirement, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
@@ -70,12 +69,10 @@ class User < ApplicationRecord
   end
 
   def hash_password
-    unless @skip_hash_password == true
+    if password.present? && password_changed?
-      if password.present?
       self.password = Digest::MD5.hexdigest(password)
     end
   end
-  end
 
   def generate_token(column)
     begin