From a187c759b7d96be951e1667080c6e24e2288f166 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sat, 9 Jun 2007 22:56:18 +0000
Subject: [PATCH 1/1] Validate passwords properly when creating an account.
 Fixes #419.

---
 app/controllers/user_controller.rb |  1 +
 app/models/user.rb                 | 10 ++++------
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 0c10980ef..f12cb1051 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -74,6 +74,7 @@ class UserController < ApplicationController
       if user
         pass = User.make_token(8)
         user.pass_crypt = pass
+        user.pass_crypt_confirmation = pass
         user.save
         Notifier::deliver_reset_password(user, pass)
         flash[:notice] = "Your password has been changed and is on its way to your mailbox :-)"
diff --git a/app/models/user.rb b/app/models/user.rb
index ae0dbac54..7b57b8710 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -14,18 +14,16 @@ class User < ActiveRecord::Base
   validates_length_of :display_name, :minimum => 3, :allow_nil => true
   validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
 
+  before_save :encrypt_password
+
   def set_defaults
     self.creation_time = Time.now
     self.timeout = Time.now
     self.token = User.make_token()
   end
 
-  def pass_crypt=(str) 
-    write_attribute("pass_crypt", Digest::MD5.hexdigest(str)) 
-  end
-
-  def pass_crypt_confirmation=(str) 
-    write_attribute("pass_crypt_confirm", Digest::MD5.hexdigest(str)) 
+  def encrypt_password
+    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) if pass_crypt_confirmation
   end
 
   def self.authenticate(email, passwd)
-- 
2.43.2