Handle nil tokens

thoughtbot · Jun 1, 2012 · 1ac9705 · 1ac9705
1 parent e8dabf9
commit 1ac9705
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 7 deletions.
diff --git a/app/controllers/clearance/passwords_controller.rb b/app/controllers/clearance/passwords_controller.rb
@@ -23,13 +23,13 @@ def create
 
   def edit
     @user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
-                   params[:user_id], params[:token])
+                   params[:user_id], params[:token].to_s)
     render :template => 'passwords/edit'
   end
 
   def update
     @user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
-                   params[:user_id], params[:token])
+                   params[:user_id], params[:token].to_s)
 
     if @user.update_password(params[:user][:password])
       sign_in(@user)
@@ -43,15 +43,15 @@ def update
   private
 
   def forbid_missing_token
-    if params[:token].blank?
+    if params[:token].to_s.blank?
       flash_failure_when_forbidden
       render :template => 'passwords/new'
     end
   end
 
   def forbid_non_existent_user
     unless Clearance.configuration.user_model.find_by_id_and_confirmation_token(
-                  params[:user_id], params[:token])
+                  params[:user_id], params[:token].to_s)
       flash_failure_when_forbidden
       render :template => 'passwords/new'
     end

diff --git a/gemfiles/3.0.12.gemfile.lock b/gemfiles/3.0.12.gemfile.lock
@@ -1,5 +1,5 @@
 PATH
-  remote: /home/mike/thoughtbot/clearance
+  remote: /home/mike/clearance
   specs:
     clearance (0.16.2)
       diesel (~> 0.1.5)

diff --git a/gemfiles/3.1.4.gemfile.lock b/gemfiles/3.1.4.gemfile.lock
@@ -1,5 +1,5 @@
 PATH
-  remote: /home/mike/thoughtbot/clearance
+  remote: /home/mike/clearance
   specs:
     clearance (0.16.2)
       diesel (~> 0.1.5)

diff --git a/gemfiles/3.2.3.gemfile.lock b/gemfiles/3.2.3.gemfile.lock
@@ -1,5 +1,5 @@
 PATH
-  remote: /home/mike/thoughtbot/clearance
+  remote: /home/mike/clearance
   specs:
     clearance (0.16.2)
       diesel (~> 0.1.5)

diff --git a/spec/controllers/passwords_controller_spec.rb b/spec/controllers/passwords_controller_spec.rb
@@ -153,6 +153,22 @@
       it { should respond_with(:success) }
       it { should render_template(:edit) }
     end
+
+    describe "on PUT to #update with an empty token after the user sets a password" do
+      before do
+        put :update,
+            :user_id => @user.to_param,
+            :token   => @user.confirmation_token,
+            :user    => { :password => 'good password' }
+        put :update,
+            :user_id => @user.to_param,
+            :token   => [nil],
+            :user    => { :password => 'new password' }
+      end
+
+      it { should set_the_flash.to(/double check the URL/i).now }
+      it { should render_template(:new) }
+    end
   end
 
   describe "given two users and user one signs in" do