Carry through name/phone/password updates through report/update creation via token. Only store encrypted password, and override EncodedColumn to prevent double encrypting.

1 files changed, 10 insertions, 0 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm
index 2abe65b1f..501dd2b41 100644
--- a/perllib/FixMyStreet/App/Controller/Report/Update.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm
@@ -231,6 +231,14 @@ sub save_update : Private {
         # Logged in and same user, so can confirm update straight away
         $update->user->update;
         $update->confirm;
+    } else {
+        # User exists and we are not logged in as them.
+        # Store changes in token for when token is validated.
+        $c->stash->{token_data} = {
+            name => $update->user->name,
+            password => $update->user->password,
+        };
+        $update->user->discard_changes();
     }
 
     # If there was a photo add that too
@@ -272,10 +280,12 @@ sub redirect_or_confirm_creation : Private {
     }
 
     # otherwise create a confirm token and email it to them.
+    my $data = $c->stash->{token_data} || {};
     my $token = $c->model("DB::Token")->create(
         {
             scope => 'comment',
             data  => {
+                %$data,
                 id        => $update->id,
                 add_alert => ( $c->req->param('add_alert') ? 1 : 0 ),
             }