Merge pull request #18918 from morgoth/do-not-overwrite-value-of-secret-token-when-present

Do not overwrite secret token value when already present.
author: Yves Senn <yves.senn@gmail.com> 2015-02-13 08:40:53 +0100
committer: Yves Senn <yves.senn@gmail.com> 2015-02-13 08:40:53 +0100
commit: d0326bbae53b4ef6686e02d4e675e8fb74afeb53 (patch)
tree: 4abd7ffef91df952c0e3a4817668b4701fb8cd8d
parent: 9e30346b3a225c8b717ed7cf95ba17aacd211c26 (diff)
parent: 0817bb06f72bac456a7225645caf18ae9dc8c040 (diff)
download: rails-d0326bbae53b4ef6686e02d4e675e8fb74afeb53.tar.gz
rails-d0326bbae53b4ef6686e02d4e675e8fb74afeb53.tar.bz2
rails-d0326bbae53b4ef6686e02d4e675e8fb74afeb53.zip
3 files changed, 15 insertions, 2 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index e1cace7d88..68184897e0 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,10 @@
+*   `has_secure_token` does not overwrite value when already present.
+
+        user = User.create(token: "custom-secure-token")
+        user.token # => "custom-secure-token"
+
+    *Wojciech Wnętrzak*
+
 *   Use SQL COUNT and LIMIT 1 queries for `none?` and `one?` methods if no block or limit is given,
     instead of loading the entire collection to memory.
     This applies to relations (e.g. `User.all`) as well as associations (e.g. `account.users`)
diff --git a/activerecord/lib/active_record/secure_token.rb b/activerecord/lib/active_record/secure_token.rb
index 07031b6371..0990f815a7 100644
--- a/activerecord/lib/active_record/secure_token.rb
+++ b/activerecord/lib/active_record/secure_token.rb
@@ -27,7 +27,7 @@ module ActiveRecord
         # Load securerandom only when has_secure_token is used.
         require 'active_support/core_ext/securerandom'
         define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token }
-        before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) }
+        before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) unless self.send("#{attribute}?")}
       end
 
       def generate_unique_secure_token
@@ -36,4 +36,3 @@ module ActiveRecord
     end
   end
 end
-
diff --git a/activerecord/test/cases/secure_token_test.rb b/activerecord/test/cases/secure_token_test.rb
index 3f7455d12d..e731443fc2 100644
--- a/activerecord/test/cases/secure_token_test.rb
+++ b/activerecord/test/cases/secure_token_test.rb
@@ -22,4 +22,11 @@ class SecureTokenTest < ActiveRecord::TestCase
     assert_not_equal @user.token, old_token
     assert_not_equal @user.auth_token, old_auth_token
   end
+
+  def test_token_value_not_overwritten_when_present
+    @user.token = "custom-secure-token"
+    @user.save
+
+    assert_equal @user.token, "custom-secure-token"
+  end
 end
author	Yves Senn <yves.senn@gmail.com>	2015-02-13 08:40:53 +0100
committer	Yves Senn <yves.senn@gmail.com>	2015-02-13 08:40:53 +0100
commit	d0326bbae53b4ef6686e02d4e675e8fb74afeb53 (patch)
tree	4abd7ffef91df952c0e3a4817668b4701fb8cd8d
parent	9e30346b3a225c8b717ed7cf95ba17aacd211c26 (diff)
parent	0817bb06f72bac456a7225645caf18ae9dc8c040 (diff)
download	rails-d0326bbae53b4ef6686e02d4e675e8fb74afeb53.tar.gz rails-d0326bbae53b4ef6686e02d4e675e8fb74afeb53.tar.bz2 rails-d0326bbae53b4ef6686e02d4e675e8fb74afeb53.zip