authpwn_rails 0.15.2 → 0.15.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/authpwn_rails.gemspec +1 -1
- data/lib/authpwn_rails/session_controller.rb +4 -7
- data/test/session_controller_api_test.rb +11 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c6719080b86f274594a57d3736066da719c014a2
|
|
4
|
+
data.tar.gz: a29c73989fafec440e2a5f0ff7136fffa0c61ddd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f39686f3fe9d96375aacf85f10192d0e0bb3a76bad5059a820229c40dc76f3d9cd34e61a8cbac4689f3808423e0266906ca5884e1363eedc82ac69ce0f80e561
|
|
7
|
+
data.tar.gz: f781ce4ed9fc990e028818c140efc71fd5ae1f7ee7655e4819c55803793e63a06e68bac7dd66ebf67a2a9cd014a535f7a095b963ce6e911585e085214ec7466e
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.15.
|
|
1
|
+
0.15.3
|
data/authpwn_rails.gemspec
CHANGED
|
@@ -195,15 +195,13 @@ module SessionController
|
|
|
195
195
|
if @credential
|
|
196
196
|
# An old password is set, must verify it.
|
|
197
197
|
if @credential.check_password params[:old_password]
|
|
198
|
-
success = @credential.update_attributes
|
|
199
|
-
change_password_params[:credential])
|
|
198
|
+
success = @credential.update_attributes change_password_params
|
|
200
199
|
else
|
|
201
200
|
success = false
|
|
202
201
|
flash[:alert] = 'Incorrect old password. Please try again.'
|
|
203
202
|
end
|
|
204
203
|
else
|
|
205
|
-
@credential = Credentials::Password.new
|
|
206
|
-
change_password_params[:credential])
|
|
204
|
+
@credential = Credentials::Password.new change_password_params
|
|
207
205
|
@credential.user = current_user
|
|
208
206
|
success = @credential.save
|
|
209
207
|
end
|
|
@@ -225,13 +223,12 @@ module SessionController
|
|
|
225
223
|
|
|
226
224
|
# Parameters used to change the user's password.
|
|
227
225
|
def change_password_params
|
|
228
|
-
params.permit :
|
|
229
|
-
credential: [ :password, :password_confirmation ]
|
|
226
|
+
params.require(:credential).permit :password, :password_confirmation
|
|
230
227
|
end
|
|
231
228
|
else
|
|
232
229
|
# Rails 3.
|
|
233
230
|
def change_password_params
|
|
234
|
-
params
|
|
231
|
+
params[:credential]
|
|
235
232
|
end
|
|
236
233
|
end
|
|
237
234
|
|
|
@@ -381,6 +381,17 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
381
381
|
'hacks'), 'password not changed'
|
|
382
382
|
end
|
|
383
383
|
|
|
384
|
+
test "change_password works with correct input and extra form input" do
|
|
385
|
+
set_session_current_user @user
|
|
386
|
+
post :change_password, old_password: 'password',
|
|
387
|
+
credential: { password: 'hacks', password_confirmation: 'hacks'},
|
|
388
|
+
utf8: "\u2713", commit: 'Change password'
|
|
389
|
+
assert_redirected_to session_url
|
|
390
|
+
assert_equal @password_credential, assigns(:credential)
|
|
391
|
+
assert_equal @user, User.authenticate_signin(@email_credential.email,
|
|
392
|
+
'hacks'), 'password not changed'
|
|
393
|
+
end
|
|
394
|
+
|
|
384
395
|
test "change_password rejects bad old password" do
|
|
385
396
|
set_session_current_user @user
|
|
386
397
|
post :change_password, old_password: '_password',
|