Permalink
Browse files

Fix an issue with nil tokens

  • Loading branch information...
1 parent 44e0a65 commit 843b2b0bfe04d723e5260993b86418b8992f1bc3 @mike-burns mike-burns committed May 31, 2012
@@ -23,15 +23,15 @@ def create
def edit
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
render :template => 'passwords/edit'
end
def update
@user = Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
- if @user.update_password(params[:user][:password])
+ if @user.update_password(params[:user][:password].to_s)
sign_in(@user)
redirect_to(url_after_update)
else
@@ -43,15 +43,15 @@ def update
private
def forbid_missing_token
- if params[:token].blank?
+ if params[:token].to_s.blank?
flash_failure_when_forbidden
render :template => 'passwords/new'
end
end
def forbid_non_existent_user
unless Clearance.configuration.user_model.find_by_id_and_confirmation_token(
- params[:user_id], params[:token])
+ params[:user_id], params[:token].to_s)
flash_failure_when_forbidden
render :template => 'passwords/new'
end
View
@@ -1,3 +1,4 @@
+# encoding: UTF-8
# This file is auto-generated from the current state of the database. Instead
# of editing this file, please use the migrations feature of Active Record to
# incrementally modify your database, and then regenerate this schema definition.
@@ -18,8 +19,8 @@
t.string "salt", :limit => 128
t.string "confirmation_token", :limit => 128
t.string "remember_token", :limit => 128
- t.datetime "created_at"
- t.datetime "updated_at"
+ t.datetime "created_at", :null => false
+ t.datetime "updated_at", :null => false
end
add_index "users", ["email"], :name => "index_users_on_email"
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/lib/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/lib/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
@@ -1,5 +1,5 @@
PATH
- remote: /home/mike/lib/clearance
+ remote: /home/mike/clearance
specs:
clearance (0.16.2)
diesel (~> 0.1.5)
@@ -153,6 +153,22 @@
it { should respond_with(:success) }
it { should render_template(:edit) }
end
+
+ describe "on PUT to #update with an empty token after the user sets a password" do
+ before do
+ put :update,
+ :user_id => @user.to_param,
+ :token => @user.confirmation_token,
+ :user => { :password => 'good password' }
+ put :update,
+ :user_id => @user.to_param,
+ :token => [nil],
+ :user => { :password => 'new password' }
+ end
+
+ it { should set_the_flash.to(/double check the URL/i).now }
+ it { should render_template(:new) }
+ end
end
describe "given two users and user one signs in" do

0 comments on commit 843b2b0

Please sign in to comment.