lib/volt/volt/users.rb in volt-0.8.22 vs lib/volt/volt/users.rb in volt-0.8.23
- old
+ new
@@ -12,11 +12,11 @@
if RUBY_PLATFORM != 'opal'
hash = user_id_signature[(index+1)..-1]
# Make sure the user hash matches
- if BCrypt::Password.new(hash) != "#{Volt.config.app_secret}::#{user._id}"
+ if BCrypt::Password.new(hash) != "#{Volt.config.app_secret}::#{user_id}"
# user id has been tampered with, reject
raise "user id or hash has been tampered with"
end
end
@@ -54,11 +54,9 @@
def logout
$page.cookies.delete(:user_id)
end
-
- private
# Fetches the user_id+signature from the correct spot depending on client
# or server, does not verify it.
def user_id_signature
if Volt.client?
\ No newline at end of file