Avoid getting the hashed_password when not necessary #41

New Issue

Open

opened 2021-06-14 23:06:58 +02:00 by Sceptique · 0 comments

Sceptique commented 2021-06-14 23:06:58 +02:00

Owner

Copy Link

1. don't select the password

auth.rb:L30

      @current_user = LifePex::User.where(id: user_id_decoded(cookies)).first

We should not select the hashed_password by default

2. drop the password after use

login/register should not need user.password after use. drop the field

## 1. don't select the password auth.rb:L30 ``` @current_user = LifePex::User.where(id: user_id_decoded(cookies)).first ``` We should not select the hashed_password by default ## 2. drop the password after use login/register should not need user.password after use. drop the field

Sceptique added the

security

label 2021-06-14 23:06:58 +02:00

Sceptique added this to the To sort project 2021-06-16 19:45:52 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

develop

master

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.0

v2.2.1

v2.2.0

v2.1.0

v2.0.0

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.1

v0.16.0

v0.15.2

v0.15.1

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.3

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.0

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels

bug

Something is not working

discussion

Requires thinking &| talking

doc

Need to write something

feature

New feature

help wanted

Need some help

security

Privacy and trust

No Label

security

Milestone

No items

No Milestone

Projects

Clear projects

No project To sort

Assignees

Clear assignees

Sceptique

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Sceptique/LifePex#41

No description provided.