diff options
| author | Wojciech Wnętrzak <w.wnetrzak@gmail.com> | 2015-02-12 22:05:43 +0100 |
|---|---|---|
| committer | Wojciech Wnętrzak <w.wnetrzak@gmail.com> | 2015-02-12 22:05:45 +0100 |
| commit | 0817bb06f72bac456a7225645caf18ae9dc8c040 (patch) | |
| tree | d5582f834b4f74aa99aa2d66e1657458545eff1d /activerecord | |
| parent | b03b09dc8660e26ed23a851ebda2bcbcb47d7d0a (diff) | |
| download | rails-0817bb06f72bac456a7225645caf18ae9dc8c040.tar.gz rails-0817bb06f72bac456a7225645caf18ae9dc8c040.tar.bz2 rails-0817bb06f72bac456a7225645caf18ae9dc8c040.zip | |
Do not overwrite secret token value when already present.
```
user = User.create(token: "custom-secure-token")
user.token # => "custom-secure-token"
```
Diffstat (limited to 'activerecord')
| -rw-r--r-- | activerecord/CHANGELOG.md | 7 | ||||
| -rw-r--r-- | activerecord/lib/active_record/secure_token.rb | 3 | ||||
| -rw-r--r-- | activerecord/test/cases/secure_token_test.rb | 7 |
3 files changed, 15 insertions, 2 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index e1cace7d88..68184897e0 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,10 @@ +* `has_secure_token` does not overwrite value when already present. + + user = User.create(token: "custom-secure-token") + user.token # => "custom-secure-token" + + *Wojciech Wnętrzak* + * Use SQL COUNT and LIMIT 1 queries for `none?` and `one?` methods if no block or limit is given, instead of loading the entire collection to memory. This applies to relations (e.g. `User.all`) as well as associations (e.g. `account.users`) diff --git a/activerecord/lib/active_record/secure_token.rb b/activerecord/lib/active_record/secure_token.rb index 07031b6371..0990f815a7 100644 --- a/activerecord/lib/active_record/secure_token.rb +++ b/activerecord/lib/active_record/secure_token.rb @@ -27,7 +27,7 @@ module ActiveRecord # Load securerandom only when has_secure_token is used. require 'active_support/core_ext/securerandom' define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token } - before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) } + before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) unless self.send("#{attribute}?")} end def generate_unique_secure_token @@ -36,4 +36,3 @@ module ActiveRecord end end end - diff --git a/activerecord/test/cases/secure_token_test.rb b/activerecord/test/cases/secure_token_test.rb index 3f7455d12d..e731443fc2 100644 --- a/activerecord/test/cases/secure_token_test.rb +++ b/activerecord/test/cases/secure_token_test.rb @@ -22,4 +22,11 @@ class SecureTokenTest < ActiveRecord::TestCase assert_not_equal @user.token, old_token assert_not_equal @user.auth_token, old_auth_token end + + def test_token_value_not_overwritten_when_present + @user.token = "custom-secure-token" + @user.save + + assert_equal @user.token, "custom-secure-token" + end end |