Skip to content

Commit

Permalink
fix logins controller strong params
Browse files Browse the repository at this point in the history
  • Loading branch information
@mtnstar
mtnstar committed Sep 21, 2017
1 parent 3dbb753 commit d32cf67
Showing 1 changed file with 15 additions and 7 deletions.
22 changes: 15 additions & 7 deletions app/controllers/logins_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def authenticate
return redirect_to login_login_path
end

unless create_session(authenticator.user, params[:password])
unless create_session(authenticator.user, login_params[:password])
return redirect_to recryptrequests_new_ldap_password_path
end

Expand All @@ -43,7 +43,7 @@ def show_update_password

def update_password
if password_params_valid?
current_user.update_password(params[:old_password], params[:new_password1])
current_user.update_password(update_password_params[:old_password], update_password_params[:new_password1])
flash[:notice] = t('flashes.logins.new_password_set')
redirect_to teams_path
else
Expand All @@ -53,7 +53,7 @@ def update_password

# POST /login/changelocale
def changelocale
locale = params[:new_locale]
locale = params.permit(:new_locale)[:new_locale]
if locale.present?
current_user.update_attribute(:preferred_locale, locale)
end
Expand All @@ -69,7 +69,7 @@ def last_login_message
end

def check_password_strength
strength = PasswordStrength.test(params[:username], params[:password])
strength = PasswordStrength.test(login_params[:username], login_params[:password])

if strength.weak? || !strength.valid?
flash[:alert] = t('flashes.logins.weak_password')
Expand Down Expand Up @@ -118,20 +118,28 @@ def redirect_if_logged_in
end

def password_params_valid?
unless current_user.authenticate(params[:old_password])
unless current_user.authenticate(update_password_params[:old_password])
flash[:error] = t('flashes.logins.wrong_password')
return false
end

if params[:new_password1] != params[:new_password2]
if update_password_params[:new_password1] != update_password_params[:new_password2]
flash[:error] = t('flashes.logins.new_passwords.not_equal')
return false
end
true
end

def authenticator
Authentication::UserAuthenticator.new(params)
Authentication::UserAuthenticator.new(login_params)
end

def login_params
params.permit(:username, :password)
end

def update_password_params
params.permit(:old_password, :new_password1, :new_password2)
end

end

0 comments on commit d32cf67

Please sign in to comment.