diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 15:11:45 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 15:11:45 +0300 |
| commit | 98ba075c327c20f84bb465907ff1d954538e0e39 (patch) | |
| tree | 57d51d81209c14dc8cb4307aedeed2b40ed99949 /app/controllers/profiles | |
| parent | 3a21c904dda9aa9c701675ccc6d1c15b20a745b3 (diff) | |
| download | gitlab-ce-98ba075c327c20f84bb465907ff1d954538e0e39.tar.gz | |
User model to strong params. Comment other attr_accessible to let tests run
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app/controllers/profiles')
| -rw-r--r-- | app/controllers/profiles/passwords_controller.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index df6954554ea..60617e4f8ae 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -11,8 +11,8 @@ class Profiles::PasswordsController < ApplicationController end def create - new_password = params[:user][:password] - new_password_confirmation = params[:user][:password_confirmation] + new_password = user_params[:password] + new_password_confirmation = user_params[:password_confirmation] result = @user.update_attributes( password: new_password, @@ -31,11 +31,11 @@ class Profiles::PasswordsController < ApplicationController end def update - password_attributes = params[:user].select do |key, value| + password_attributes = user_params.select do |key, value| %w(password password_confirmation).include?(key.to_s) end - unless @user.valid_password?(params[:user][:current_password]) + unless @user.valid_password?(user_params[:current_password]) redirect_to edit_profile_password_path, alert: 'You must provide a valid current password' return end @@ -74,4 +74,8 @@ class Profiles::PasswordsController < ApplicationController def authorize_change_password! return render_404 if @user.ldap_user? end + + def user_params + params.require(:user).permit(:password, :password_confirmation) + end end |