Permalink
Browse files

Handle nil tokens

  • Loading branch information...
mike-burns committed Jun 1, 2012
1 parent e8dabf9 commit 1ac970504221c629fe418d98c43391ca6c772590
@@ -23,13 +23,13 @@ def create
def edit
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
render :template => 'passwords/edit'
end
def update
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
if @user.update_password(params[:user][:password])
sign_in(@user)
@@ -43,15 +43,15 @@ def update
private
def forbid_missing_token
- if params[:token].blank?
+ if params[:token].to_s.blank?
flash_failure_when_forbidden
render :template => 'passwords/new'
end
end
def forbid_non_existent_user
unless Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
flash_failure_when_forbidden
render :template => 'passwords/new'
end
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/thoughtbot/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/thoughtbot/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/thoughtbot/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
@@ -153,6 +153,22 @@
it { should respond_with(:success) }
it { should render_template(:edit) }
end
+
+ describe "on PUT to #update with an empty token after the user sets a password" do
+ before do
+ put :update,
+ :user_id => @user.to_param,
+ :token => @user.confirmation_token,
+ :user => { :password => 'good password' }
+ put :update,
+ :user_id => @user.to_param,
+ :token => [nil],
+ :user => { :password => 'new password' }
+ end
+
+ it { should set_the_flash.to(/double check the URL/i).now }
+ it { should render_template(:new) }
+ end
end
describe "given two users and user one signs in" do

0 comments on commit 1ac9705

Please sign in to comment.