Close a number of holes in the API by making it validate changes

[rails.git] / app / models / user.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index d6cff0f25856e0cc8f65ab12677ac6c75f347ed9..92d47d5ffab5e88117738f94b60fd596510c2d18 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -24,11 +24,11 @@ class User < ActiveRecord::Base
   end
 
   def encrypt_password
-    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) if pass_crypt_confirmation
+    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) unless pass_crypt_confirmation.nil?
   end
 
-  def self.authenticate(email, passwd)
-    find(:first, :conditions => [ "email = ? AND pass_crypt = ? AND active = true", email, Digest::MD5.hexdigest(passwd)])
+  def self.authenticate(email, passwd, active = true)
+    find(:first, :conditions => [ "email = ? AND pass_crypt = ? AND active = ?", email, Digest::MD5.hexdigest(passwd), active])
   end 
 
   def self.authenticate_token(token)