Skip to content

Commit

Permalink
Missing condition
Browse files Browse the repository at this point in the history
  • Loading branch information
brunto committed Nov 14, 2023
1 parent c8493bb commit f27b40b
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions app/controllers/saml_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,14 @@ def consume
email = response.name_id
session[:nameid] = response.name_id
user = User.find_by("LOWER(email) = ?", email.strip.downcase)
unless user
if user
user.unlock_access!
else
password = [*'0'..'9', *'a'..'z', *'A'..'Z', *'!'..'?'].sample(16).join
user = User.create!(email:, password:, password_confirmation: password)

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information High

This stores sensitive data returned by
an assignment to password
as clear text.

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information High

This stores sensitive data returned by
an assignment to password
as clear text.
user.is_user = true
user.save
user.unlock_access!
user.save
end
sign_in(:user, user)

Expand Down

0 comments on commit f27b40b

Please # to comment.