Validate passwords properly when creating an account. Fixes #419.

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 0c10980efa7059886f73550309d0934f2b509acd..f12cb1051dfded38933a49e5fc6d95edc3c2b5ce 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -74,6 +74,7 @@ class UserController < ApplicationController
       if user
         pass = User.make_token(8)
         user.pass_crypt = pass
+        user.pass_crypt_confirmation = pass
         user.save
         Notifier::deliver_reset_password(user, pass)
         flash[:notice] = "Your password has been changed and is on its way to your mailbox :-)"

diff --git a/app/models/user.rb b/app/models/user.rb
index ae0dbac54b76236eea78345d59063c637b365250..7b57b87108eae1f5ad752504e2fc3cbb39d7befe 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -14,18 +14,16 @@ class User < ActiveRecord::Base
   validates_length_of :display_name, :minimum => 3, :allow_nil => true
   validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
 
+  before_save :encrypt_password
+
   def set_defaults
     self.creation_time = Time.now
     self.timeout = Time.now
     self.token = User.make_token()
   end
 
-  def pass_crypt=(str) 
-    write_attribute("pass_crypt", Digest::MD5.hexdigest(str)) 
-  end
-
-  def pass_crypt_confirmation=(str) 
-    write_attribute("pass_crypt_confirm", Digest::MD5.hexdigest(str)) 
+  def encrypt_password
+    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) if pass_crypt_confirmation
   end
 
   def self.authenticate(email, passwd)