Permalink
Browse files

rolling back change. doesn't fully cover edge case reported, opens up…

… a security hole for people who forget to use attr_accessible, can be handled by a rake task
  • Loading branch information...
1 parent 8eca763 commit eea979ddfac48ddf7c839973d0f9e6eee89d1227 @croaky croaky committed Feb 21, 2010
Showing with 1 addition and 11 deletions.
  1. +1 −1 lib/clearance/user.rb
  2. +0 −10 test/models/user_test.rb
View
@@ -143,7 +143,7 @@ def generate_hash(string)
end
def initialize_salt
- if salt.blank?
+ if new_record?
self.salt = generate_hash("--#{Time.now.utc}--#{password}--#{rand}--")
end
end
View
@@ -28,16 +28,6 @@ class UserTest < ActiveSupport::TestCase
assert_not_nil Factory(:user).salt
end
- should "initialize salt for old user records without salt" do
- user = Factory(:user)
- sql = "update users set salt = NULL where id = #{user.id}"
- ActiveRecord::Base.connection.update(sql)
- assert_nil user.reload.salt
-
- user.save
- assert_not_nil user.salt
- end
-
should "initialize confirmation token" do
assert_not_nil Factory(:user).confirmation_token
end

0 comments on commit eea979d

Please sign in to comment.