Skip to content

Commit

Permalink
Update saml_controller.rb
Browse files Browse the repository at this point in the history
  • Loading branch information
kevin-atnos authored Nov 7, 2023
1 parent 4868abe commit 4f1f712
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/controllers/saml_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def consume
if response.is_valid?
email = response.name_id
session[:nameid] = response.name_id
user = User.find_by_email(email)
user = User.find_by("LOWER(email) = ?", email.strip.downcase)
unless user
password = [*'0'..'9', *'a'..'z', *'A'..'Z', *'!'..'?'].sample(16).join
user = User.create!(email:, password:, password_confirmation: password)

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information High

This stores sensitive data returned by
an assignment to password
as clear text.

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information High

This stores sensitive data returned by
an assignment to password
as clear text.
Expand Down

0 comments on commit 4f1f712

Please # to comment.