Set stronger secret password for managers

And avoid depending on Devise for this.
2026-01-11 18:26:50 +00:00 · 2025-12-12 15:17:57 +11:00
parent d7603755bf
commit 0dabca583f
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/concerns/manager_invitations.rb
+++ b/app/controllers/concerns/manager_invitations.rb
@@ -4,7 +4,7 @@ module ManagerInvitations
  extend ActiveSupport::Concern

  def create_new_manager(email, enterprise)
-    password = Devise.friendly_token
+    password = SecureRandom.base58(64)
    new_user = Spree::User.create(email:, unconfirmed_email: email, password:)
    new_user.reset_password_token = Devise.friendly_token
    # Same time as used in Devise's lib/devise/models/recoverable.rb.