Refactoring generating salt and encrypting password only before saving the record.

2026-01-09 14:58:05 -05:00 · 2009-10-08 20:57:10 -03:00
parent c82cad5887
commit c0b272a49d
4 changed files with 19 additions and 41 deletions
--- a/lib/devise/models/authenticable.rb
+++ b/lib/devise/models/authenticable.rb
@@ -12,21 +12,11 @@ module Devise
      base.class_eval do
        extend ClassMethods

-        attr_reader     :password
-        attr_accessor   :password_confirmation
-        attr_accessible :email, :password, :password_confirmation
-      end
-    end
+        before_save :generate_salt
+        before_save :encrypt_password

-    # Defines the new password, generating a salt and encrypting it.
-    #
-    def password=(new_password)
-      if new_password != @password
-        @password = new_password
-        if @password.present?
-          generate_salt
-          encrypt_password
-        end
+        attr_accessor   :password, :password_confirmation
+        attr_accessible :email, :password, :password_confirmation
      end
    end

@@ -47,7 +37,7 @@ module Devise
      # Encrypt password using SHA1
      #
      def encrypt_password
-        self.encrypted_password = password_digest(password)
+        self.encrypted_password = password_digest(password) unless password.blank?
      end

      # Gererates a default password digest based on salt, pepper and the
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -74,10 +74,6 @@ module Devise
      def send_confirmation_instructions(options={})
        confirmable = find_or_initialize_with_error_by_email(options[:email])
        confirmable.reset_confirmation! unless confirmable.new_record?
-#        unless confirmable.new_record?
-#          confirmable.reset_confirmation!
-#          confirmable.send_confirmation_instructions
-#        end
        confirmable
      end

--- a/lib/devise/models/validatable.rb
+++ b/lib/devise/models/validatable.rb
@@ -27,4 +27,3 @@ module Devise
      end
  end
 end
-
--- a/test/models/authenticable_test.rb
+++ b/test/models/authenticable_test.rb
@@ -29,16 +29,16 @@ class AuthenticableTest < ActiveSupport::TestCase
    assert_not field_accessible?(:encrypted_password)
  end

-  test 'should generate password salt after set the password' do
-    assert_present new_user.password_salt
-    assert_present create_user.password_salt
-  end
-
-  test 'should not generate salt while setting password to nil or blank string' do
+  test 'should not generate salt while setting password' do
+    assert_nil new_user.password_salt
    assert_nil new_user(:password => nil).password_salt
    assert_nil new_user(:password => '').password_salt
  end

+  test 'should generate password salt while saving' do
+    assert_present create_user.password_salt
+  end
+
  test 'should not change password salt when updating' do
    user = create_user
    salt = user.password_salt
@@ -59,34 +59,27 @@ class AuthenticableTest < ActiveSupport::TestCase
  test 'should never generate the same salt for different users' do
    password_salts = []
    10.times do
-      salt = new_user.password_salt
-      assert !password_salts.include?(salt)
+      salt = create_user.password_salt
+      assert_not password_salts.include?(salt)
      password_salts << salt
    end
  end

-  test 'should generate encrypted password after setting a password' do
-    assert_present new_user.encrypted_password
-    assert_present create_user.encrypted_password
-  end
-
-  test 'should not generate encrypted password while setting password to nil or blank string' do
+  test 'should not generate encrypted password while setting password' do
+    assert_nil new_user.encrypted_password
    assert_nil new_user(:password => nil).encrypted_password
    assert_nil new_user(:password => '').encrypted_password
  end

-  test 'should not encrypt password if it didn\'t change' do
-    user = create_user
-    encrypted_password = user.encrypted_password
-    user.expects(:encrypted_password=).never
-    user.password = '123456'
-    assert_equal encrypted_password, user.encrypted_password
+  test 'should generate encrypted password while saving' do
+    assert_present create_user.encrypted_password
  end

  test 'should encrypt password again if password has changed' do
    user = create_user
    encrypted_password = user.encrypted_password
-    user.password = 'new_password'
+    user.password = user.password_confirmation = 'new_password'
+    user.save!
    assert_not_equal encrypted_password, user.encrypted_password
  end