From: Tom Hughes Date: Thu, 16 Nov 2023 00:54:56 +0000 (+0000) Subject: Hash passwords as soon as a new user is created X-Git-Tag: live~953 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/aaed886890216b0e45a92b49fec7aad49e281e74 Hash passwords as soon as a new user is created --- diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 6f25cfeb3..e3407c6dc 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -61,7 +61,7 @@ Metrics/BlockNesting: # Offense count: 26 # Configuration parameters: CountComments, CountAsOne. Metrics/ClassLength: - Max: 285 + Max: 286 # Offense count: 59 # Configuration parameters: AllowedMethods, AllowedPatterns. diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0b8cab6dd..36c9f4e22 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -104,11 +104,11 @@ class UsersController < ApplicationController render :action => "new" elsif current_user.auth_provider.present? # Verify external authenticator before moving on - session[:new_user] = current_user.attributes.slice("email", "display_name", "pass_crypt", "pass_crypt_confirmation") + session[:new_user] = current_user.attributes.slice("email", "display_name", "pass_crypt") redirect_to auth_url(current_user.auth_provider, current_user.auth_uid), :status => :temporary_redirect else # Save the user record - session[:new_user] = current_user.attributes.slice("email", "display_name", "pass_crypt", "pass_crypt_confirmation") + session[:new_user] = current_user.attributes.slice("email", "display_name", "pass_crypt") redirect_to :action => :terms end end diff --git a/app/models/user.rb b/app/models/user.rb index 3d74b3933..7571dd9dc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -115,6 +115,7 @@ class User < ApplicationRecord alias_attribute :created_at, :creation_time + after_initialize :encrypt_password before_save :encrypt_password before_save :update_tile after_save :spam_check