Ruby Snippet #09

This challenge covers the review of a snippet of code written in Ruby

PRO
Tier
Medium
< 1 Hr.
453

In this challenge, you are provided with a snippet of Ruby code from a Ruby on Rails application. The code demonstrates a method for resetting a user's password. The video walks you through analyzing the code, starting from the routes configuration to the controller method that handles the password reset.

One key issue identified in the video is the way user emails are handled. When looking up users by email, there can be issues with fuzzy matching, especially with Unicode characters. This can lead to sending password reset instructions to potentially incorrect email addresses. To mitigate this, the video suggests using the user’s email from the database rather than the email provided in the parameters.

Want to learn more? Get started with PentesterLab Pro! GOPRO