-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
:database_authenticatable issue with clean_passwords #4245
Comments
@kaelumania sounds reasonable, can you please send a Pull Request for that? Thanks! 😄 |
@lucasmazza Should we need reset |
@sivagollapalli no, we don't need to remove the constraint - from @kaelumania's report the goal is to ensure that both attributes are properly in sync, and not let a null password be persisted by the default. |
@lucasmazza So, the above test case should return |
@sivagollapalli yes, I think you are right. We use devise |
Closed via #4261 |
Within the :database_authenticatable there is an issue at Line 40
Whenever the passwords are cleaned (set to
nil
), e.g. in the RegistrationsController the encrypted_password remains dirty, which can have heavy security affecting side-effects.I propose to set the encrypted_password also to
nil
or to revert to its original value. Here is a little test scenario:The text was updated successfully, but these errors were encountered: