Validate passwords properly when creating an account. Fixes #419.

2007-06-09 22:56:18 +00:00 · 2007-06-09 22:56:18 +00:00 · a187c759b7
commit a187c759b7
parent d95c17e4f7
2 changed files with 5 additions and 6 deletions
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -74,6 +74,7 @@ class UserController < ApplicationController
      if user
        pass = User.make_token(8)
        user.pass_crypt = pass
+        user.pass_crypt_confirmation = pass
        user.save
        Notifier::deliver_reset_password(user, pass)
        flash[:notice] = "Your password has been changed and is on its way to your mailbox :-)"
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -14,18 +14,16 @@ class User < ActiveRecord::Base
  validates_length_of :display_name, :minimum => 3, :allow_nil => true
  validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i

+  before_save :encrypt_password
+
  def set_defaults
    self.creation_time = Time.now
    self.timeout = Time.now
    self.token = User.make_token()
  end

-  def pass_crypt=(str) 
-    write_attribute("pass_crypt", Digest::MD5.hexdigest(str)) 
-  end
-
-  def pass_crypt_confirmation=(str) 
-    write_attribute("pass_crypt_confirm", Digest::MD5.hexdigest(str)) 
+  def encrypt_password
+    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) if pass_crypt_confirmation
  end

  def self.authenticate(email, passwd)