Foodsoft/foodsoft
1
1
Fork 0
Code Issues 36 Pull requests 5 Projects 1 Releases Wiki Activity

Handle nil values correctly in User.authenticateUser

Browse source
This commit is contained in:
Patrick Gansterer 2019-11-11 11:07:52 +01:00
parent 241d504a76
commit 1d9856ff93
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/user.rb
View file

@ -203,7 +203,7 @@ class User < ApplicationRecord
def self.authenticate(login, password) def self.authenticate(login, password)
user = find_by_nick(login) || find_by_email(login) user = find_by_nick(login) || find_by_email(login)
if user && user.has_password(password) if user && password && user.has_password(password)
user user
else else
nil nil

6
spec/models/user_spec.rb
View file

@ -32,6 +32,12 @@ describe User do
it 'can not authenticate with incorrect password' do it 'can not authenticate with incorrect password' do
expect(User.authenticate(user.nick, 'foobar')).to be_nil expect(User.authenticate(user.nick, 'foobar')).to be_nil
end end
it 'can not authenticate with nil nick' do
expect(User.authenticate(nil, 'blahblah')).to be_nil
end
it 'can not authenticate with nil password' do
expect(User.authenticate(user.nick, nil)).to be_nil
end
it 'can not set a password without matching confirmation' do it 'can not set a password without matching confirmation' do
user.password = 'abcdefghij' user.password = 'abcdefghij'
user.password_confirmation = 'foobarxyz' user.password_confirmation = 'foobarxyz'