Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Handle nil tokens

  • Loading branch information...
commit 1ac970504221c629fe418d98c43391ca6c772590 1 parent e8dabf9
@mike-burns mike-burns authored
View
8 app/controllers/clearance/passwords_controller.rb
@@ -23,13 +23,13 @@ def create
def edit
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
render :template => 'passwords/edit'
end
def update
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
if @user.update_password(params[:user][:password])
sign_in(@user)
@@ -43,7 +43,7 @@ def update
private
def forbid_missing_token
- if params[:token].blank?
+ if params[:token].to_s.blank?
flash_failure_when_forbidden
render :template => 'passwords/new'
end
@@ -51,7 +51,7 @@ def forbid_missing_token
def forbid_non_existent_user
unless Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
flash_failure_when_forbidden
render :template => 'passwords/new'
end
View
2  gemfiles/3.0.12.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/thoughtbot/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
View
2  gemfiles/3.1.4.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/thoughtbot/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
View
2  gemfiles/3.2.3.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/thoughtbot/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
View
16 spec/controllers/passwords_controller_spec.rb
@@ -153,6 +153,22 @@
it { should respond_with(:success) }
it { should render_template(:edit) }
end
+
+ describe "on PUT to #update with an empty token after the user sets a password" do
+ before do
+ put :update,
+ :user_id => @user.to_param,
+ :token => @user.confirmation_token,
+ :user => { :password => 'good password' }
+ put :update,
+ :user_id => @user.to_param,
+ :token => [nil],
+ :user => { :password => 'new password' }
+ end
+
+ it { should set_the_flash.to(/double check the URL/i).now }
+ it { should render_template(:new) }
+ end
end
describe "given two users and user one signs in" do
Please sign in to comment.
Something went wrong with that request. Please try again.