Avoid getting the hashed_password when not necessary #41

Open
opened 2021-06-14 23:06:58 +02:00 by Sceptique · 0 comments
Owner

1. don't select the password

auth.rb:L30

      @current_user = LifePex::User.where(id: user_id_decoded(cookies)).first

We should not select the hashed_password by default

2. drop the password after use

login/register should not need user.password after use. drop the field

## 1. don't select the password auth.rb:L30 ``` @current_user = LifePex::User.where(id: user_id_decoded(cookies)).first ``` We should not select the hashed_password by default ## 2. drop the password after use login/register should not need user.password after use. drop the field
Sceptique added the
security
label 2021-06-14 23:06:58 +02:00
Sceptique added this to the To sort project 2021-06-16 19:45:52 +02:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Sceptique/LifePex#41
No description provided.