Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix an issue with nil tokens

  • Loading branch information...
commit 843b2b0bfe04d723e5260993b86418b8992f1bc3 1 parent 44e0a65
@mike-burns mike-burns authored
View
10 app/controllers/clearance/passwords_controller.rb
@@ -23,15 +23,15 @@ def create
def edit
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
render :template => 'passwords/edit'
end
def update
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
- if @user.update_password(params[:user][:password])
+ if @user.update_password(params[:user][:password].to_s)
sign_in(@user)
redirect_to(url_after_update)
else
@@ -43,7 +43,7 @@ def update
private
def forbid_missing_token
- if params[:token].blank?
+ if params[:token].to_s.blank?
flash_failure_when_forbidden
render :template => 'passwords/new'
end
@@ -51,7 +51,7 @@ def forbid_missing_token
def forbid_non_existent_user
unless Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
flash_failure_when_forbidden
render :template => 'passwords/new'
end
View
5 db/schema.rb
@@ -1,3 +1,4 @@
+# encoding: UTF-8
# This file is auto-generated from the current state of the database. Instead
# of editing this file, please use the migrations feature of Active Record to
# incrementally modify your database, and then regenerate this schema definition.
@@ -18,8 +19,8 @@
t.string "salt", :limit => 128
t.string "confirmation_token", :limit => 128
t.string "remember_token", :limit => 128
- t.datetime "created_at"
- t.datetime "updated_at"
+ t.datetime "created_at", :null => false
+ t.datetime "updated_at", :null => false
end
add_index "users", ["email"], :name => "index_users_on_email"
View
2  gemfiles/3.0.12.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/lib/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
View
2  gemfiles/3.1.4.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/lib/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
View
2  gemfiles/3.2.3.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/lib/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
View
16 spec/controllers/passwords_controller_spec.rb
@@ -153,6 +153,22 @@
it { should respond_with(:success) }
it { should render_template(:edit) }
end
+
+ describe "on PUT to #update with an empty token after the user sets a password" do
+ before do
+ put :update,
+ :user_id => @user.to_param,
+ :token => @user.confirmation_token,
+ :user => { :password => 'good password' }
+ put :update,
+ :user_id => @user.to_param,
+ :token => [nil],
+ :user => { :password => 'new password' }
+ end
+
+ it { should set_the_flash.to(/double check the URL/i).now }
+ it { should render_template(:new) }
+ end
end
describe "given two users and user one signs in" do
Please sign in to comment.
Something went wrong with that request. Please try again.