From 0817bb06f72bac456a7225645caf18ae9dc8c040 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wojciech=20Wn=C4=99trzak?= <w.wnetrzak@gmail.com>
Date: Thu, 12 Feb 2015 22:05:43 +0100
Subject: Do not overwrite secret token value when already present.

```
user = User.create(token: "custom-secure-token")
user.token # => "custom-secure-token"
```
---
 activerecord/CHANGELOG.md                      | 7 +++++++
 activerecord/lib/active_record/secure_token.rb | 3 +--
 activerecord/test/cases/secure_token_test.rb   | 7 +++++++
 3 files changed, 15 insertions(+), 2 deletions(-)

(limited to 'activerecord')

diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index e1cace7d88..68184897e0 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,10 @@
+*   `has_secure_token` does not overwrite value when already present.
+
+        user = User.create(token: "custom-secure-token")
+        user.token # => "custom-secure-token"
+
+    *Wojciech Wnętrzak*
+
 *   Use SQL COUNT and LIMIT 1 queries for `none?` and `one?` methods if no block or limit is given,
     instead of loading the entire collection to memory.
     This applies to relations (e.g. `User.all`) as well as associations (e.g. `account.users`)
diff --git a/activerecord/lib/active_record/secure_token.rb b/activerecord/lib/active_record/secure_token.rb
index 07031b6371..0990f815a7 100644
--- a/activerecord/lib/active_record/secure_token.rb
+++ b/activerecord/lib/active_record/secure_token.rb
@@ -27,7 +27,7 @@ module ActiveRecord
         # Load securerandom only when has_secure_token is used.
         require 'active_support/core_ext/securerandom'
         define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token }
-        before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) }
+        before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) unless self.send("#{attribute}?")}
       end
 
       def generate_unique_secure_token
@@ -36,4 +36,3 @@ module ActiveRecord
     end
   end
 end
-
diff --git a/activerecord/test/cases/secure_token_test.rb b/activerecord/test/cases/secure_token_test.rb
index 3f7455d12d..e731443fc2 100644
--- a/activerecord/test/cases/secure_token_test.rb
+++ b/activerecord/test/cases/secure_token_test.rb
@@ -22,4 +22,11 @@ class SecureTokenTest < ActiveRecord::TestCase
     assert_not_equal @user.token, old_token
     assert_not_equal @user.auth_token, old_auth_token
   end
+
+  def test_token_value_not_overwritten_when_present
+    @user.token = "custom-secure-token"
+    @user.save
+
+    assert_equal @user.token, "custom-secure-token"
+  end
 end
-- 
cgit v1.2.3