-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[#4245] Allowing password to nil #4261
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -37,11 +37,12 @@ def self.required_fields(klass) | |
# the hashed password. | ||
def password=(new_password) | ||
@password = new_password | ||
self.encrypted_password = password_digest(@password) if @password.present? | ||
self.encrypted_password = password_digest(@password) | ||
end | ||
|
||
# Verifies whether a password (ie from sign in) is the user password. | ||
def valid_password?(password) | ||
return false if password.blank? | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I believe we can remove this condition since it's already present inside There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No, There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, but since we're returning |
||
Devise::Encryptor.compare(self.class, encrypted_password, password) | ||
end | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
password_digest
won't returnnil
for nil values:Maybe we should set it explicity to
nil
(that should probably fix the broken tests in our test suite).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lucasmazza Yes, I know that. Since we have put
NOT NULL constraint
forencrypted_password
on migration. So, I am generating password digest fornil
values as well.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shouldn't -
nil
values should set theencrypted_password
asnil
otherwise the validations won't be aware that the provided value isnil
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sivagollapalli @lucasmazza this change breaks things outside of devise that end up calling
password=
, likeactiveadmin
. The code here settingencrypted_password
to anil
value while keeping theNOT NULL
validation in the database doesn't make any sense, one or the other needs to change as well. see #5033