Ensure authenticatable_salt can be nil.

2022-11-09 12:18:31 -05:00 · 2010-11-11 22:51:19 +01:00 · 2010-11-11 22:51:19 +01:00 · 67a49f3b75
commit 67a49f3b75
parent 14d772972d
4 changed files with 24 additions and 2 deletions
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@ -68,7 +68,7 @@ module Devise

      # A reliable way to expose the salt regardless of the implementation.
      def authenticatable_salt
-        self.encrypted_password[0,29]
+        self.encrypted_password[0,29] if self.encrypted_password
      end

    protected
--- a/lib/devise/models/rememberable.rb
+++ b/lib/devise/models/rememberable.rb
@ -76,7 +76,15 @@ module Devise
      end

      def rememberable_value
-        respond_to?(:remember_token) ? self.remember_token : self.authenticatable_salt
+        if respond_to?(:remember_token)
+          remember_token
+        elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt)
+          salt
+        else
+          raise "The #{self.class.name} class does not respond to remember_token and " <<
+            "authenticatable_salt returns nil. In order to use rememberable, you must " <<
+            "add a remember_token field to your model or ensure a password is always set."
+        end
      end

      def cookie_options
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@ -13,6 +13,12 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
    assert_present user.encrypted_password
  end

+  test 'allow authenticatable_salt to work even with nil encrypted password' do
+    user = User.new
+    user.encrypted_password = nil
+    assert_nil user.authenticatable_salt
+  end
+
  test 'should not generate encrypted password if password is blank' do
    assert_blank new_user(:password => nil).encrypted_password
    assert_blank new_user(:password => '').encrypted_password
--- a/test/models/rememberable_test.rb
+++ b/test/models/rememberable_test.rb
@ -268,4 +268,12 @@ class WithSaltRememberableTest < ActiveSupport::TestCase
    user.remember_me!
    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
  end
+
+  test 'raises a RuntimeError if authenticatable_salt is nil' do
+    user = User.new
+    user.encrypted_password = nil
+    assert_raise RuntimeError do
+      user.rememberable_value
+    end
+  end
 end