authpwn_rails 0.15.2 → 0.15.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/authpwn_rails.gemspec +1 -1
  4. data/lib/authpwn_rails/session_controller.rb +4 -7
  5. data/test/session_controller_api_test.rb +11 -0
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2fbda7d8809e12cfb311d5538e09f4e82ada94ee
4
- data.tar.gz: b901e46b029479f4d20c5426b378d4ccf5867c3f
3
+ metadata.gz: c6719080b86f274594a57d3736066da719c014a2
4
+ data.tar.gz: a29c73989fafec440e2a5f0ff7136fffa0c61ddd
5
5
  SHA512:
6
- metadata.gz: 6853c521836ea31383f6a326ed6ab938d76bbc2cc4d98152e0901c303627961115edee8a85cee1da05d0bf618451e5f11e9de86301fca6127208278de1c7bcb4
7
- data.tar.gz: 3b3b0d57b2ff140f9b194a2f21635e60e05154d85e66fe48b0a2225002637cd342d3b2234f6e13662186380ae8b2d3e6f48fc17c2f2feb175013a00ccad7b1fb
6
+ metadata.gz: f39686f3fe9d96375aacf85f10192d0e0bb3a76bad5059a820229c40dc76f3d9cd34e61a8cbac4689f3808423e0266906ca5884e1363eedc82ac69ce0f80e561
7
+ data.tar.gz: f781ce4ed9fc990e028818c140efc71fd5ae1f7ee7655e4819c55803793e63a06e68bac7dd66ebf67a2a9cd014a535f7a095b963ce6e911585e085214ec7466e
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.15.2
1
+ 0.15.3
data/authpwn_rails.gemspec CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "authpwn_rails"
8
- s.version = "0.15.2"
8
+ s.version = "0.15.3"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Victor Costan"]
data/lib/authpwn_rails/session_controller.rb CHANGED
@@ -195,15 +195,13 @@ module SessionController
195
195
  if @credential
196
196
  # An old password is set, must verify it.
197
197
  if @credential.check_password params[:old_password]
198
- success = @credential.update_attributes(
199
- change_password_params[:credential])
198
+ success = @credential.update_attributes change_password_params
200
199
  else
201
200
  success = false
202
201
  flash[:alert] = 'Incorrect old password. Please try again.'
203
202
  end
204
203
  else
205
- @credential = Credentials::Password.new(
206
- change_password_params[:credential])
204
+ @credential = Credentials::Password.new change_password_params
207
205
  @credential.user = current_user
208
206
  success = @credential.save
209
207
  end
@@ -225,13 +223,12 @@ module SessionController
225
223
 
226
224
  # Parameters used to change the user's password.
227
225
  def change_password_params
228
- params.permit :format, :old_password,
229
- credential: [ :password, :password_confirmation ]
226
+ params.require(:credential).permit :password, :password_confirmation
230
227
  end
231
228
  else
232
229
  # Rails 3.
233
230
  def change_password_params
234
- params
231
+ params[:credential]
235
232
  end
236
233
  end
237
234
 
data/test/session_controller_api_test.rb CHANGED
@@ -381,6 +381,17 @@ class SessionControllerApiTest < ActionController::TestCase
381
381
  'hacks'), 'password not changed'
382
382
  end
383
383
 
384
+ test "change_password works with correct input and extra form input" do
385
+ set_session_current_user @user
386
+ post :change_password, old_password: 'password',
387
+ credential: { password: 'hacks', password_confirmation: 'hacks'},
388
+ utf8: "\u2713", commit: 'Change password'
389
+ assert_redirected_to session_url
390
+ assert_equal @password_credential, assigns(:credential)
391
+ assert_equal @user, User.authenticate_signin(@email_credential.email,
392
+ 'hacks'), 'password not changed'
393
+ end
394
+
384
395
  test "change_password rejects bad old password" do
385
396
  set_session_current_user @user
386
397
  post :change_password, old_password: '_password',
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authpwn_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.15.2
4
+ version: 0.15.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Victor Costan