Sceptique/LifePex
Sceptique/LifePex
1
1
Fork 1
Code Issues 23 Pull Requests Projects 2 Releases 1 Wiki Activity

Avoid getting the hashed_password when not necessary #41

New Issue
Open
opened 2021-06-14 23:06:58 +02:00 by Sceptique · 0 comments
Sceptique commented 2021-06-14 23:06:58 +02:00
Owner
Copy Link

1. don't select the password

auth.rb:L30

      @current_user = LifePex::User.where(id: user_id_decoded(cookies)).first

We should not select the hashed_password by default

2. drop the password after use

login/register should not need user.password after use. drop the field

## 1. don't select the password auth.rb:L30 ``` @current_user = LifePex::User.where(id: user_id_decoded(cookies)).first ``` We should not select the hashed_password by default ## 2. drop the password after use login/register should not need user.password after use. drop the field
Sceptique added the
security
 label 2021-06-14 23:06:58 +02:00
Sceptique added this to the To sort project 2021-06-16 19:45:52 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something is not working

  
discussion

Requires thinking &| talking

  
doc

Need to write something

  
feature

New feature

  
help wanted

Need some help

  
security

Privacy and trust

No Label
bug
discussion
doc
feature
help wanted
security
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
To sort
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Sceptique/LifePex#41
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?