ensl/ensl.org
0
0
Fork 0
mirror of https://github.com/ENSL/ensl.org.git synced 2025-01-30 21:20:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

FIX

Browse source 
in User#authenticate:
* make search by username case sensitive as in prod there already are
  usernames diffing only in case
* use guard clause instead of nesting
This commit is contained in:
Absurdon 2020-04-13 15:34:12 +00:00
parent 88a6c697cc
commit 6f05d47a8d
1 changed files with 31 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/models/user.rb
View file

@ -449,7 +449,9 @@ class User < ActiveRecord::Base
end end
def self.authenticate(login) def self.authenticate(login)
if (user = where("LOWER(username) = LOWER(?)", login[:username]).first) user = where('username = ?', login[:username]).first
return nil unless user
begin begin
case user.password_hash case user.password_hash
when User::PASSWORD_SCRYPT when User::PASSWORD_SCRYPT
@ -480,8 +482,6 @@ class User < ActiveRecord::Base
# return nil # return nil
end end
end end
return nil
end
def self.get(id) def self.get(id)
id ? User.find(id) : "" id ? User.find(id) : ""