deblan/journalduhacker
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

login: if user password hash is not at current rounds, re-encrypt it

Browse source
This commit is contained in:
joshua stein 2015-10-11 12:53:07 -05:00
parent 80f7d5b095
commit 677da599f2
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/login_controller.rb
View file

@ -26,6 +26,11 @@ class LoginController < ApplicationController
user.try(:authenticate, params[:password].to_s)
session[:u] = user.session_token
if !user.password_digest.to_s.match(/^\$2a\$#{BCrypt::Engine::DEFAULT_COST}\$/)
user.password = user.password_confirmation = params[:password].to_s
user.save!
end
if (rd = session[:redirect_to]).present?
session.delete(:redirect_to)
return redirect_to rd