summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2026-07-17 18:20:25 +0200
committererdgeist <erdgeist@erdgeist.org>2026-07-17 18:20:25 +0200
commit5221c5400e193a64ab607d7de7c0450f5f15cd55 (patch)
treef745cc4f474b05301e1b1face6a9417d1fdb41bc
parent27e89a8e931d4f2c3fd9aa45adae506af6733d0d (diff)
Allow updating migrated users without supplying a password
password_required? treated a blank crypted_password as "needs a password", but after bcrypt migration crypted_password is nil by design -- every subsequent save of a migrated or new user failed validation. The predicate now requires a password only when both the legacy and the bcrypt credential are absent, or when one is actually being set.
-rw-r--r--lib/authentication.rb2
-rw-r--r--test/models/user_test.rb8
2 files changed, 9 insertions, 1 deletions
diff --git a/lib/authentication.rb b/lib/authentication.rb
index 56df391..4d8a5ae 100644
--- a/lib/authentication.rb
+++ b/lib/authentication.rb
@@ -98,7 +98,7 @@ module Authentication
98 end 98 end
99 99
100 def password_required? 100 def password_required?
101 crypted_password.blank? || !password.blank? 101 (crypted_password.blank? && password_digest.blank?) || !password.blank?
102 end 102 end
103 end # instance methods 103 end # instance methods
104 end 104 end
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index 514bdea..feccce2 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -118,6 +118,14 @@ class UserTest < ActiveSupport::TestCase
118 # Second login should now use password_digest. 118 # Second login should now use password_digest.
119 assert_equal user, User.authenticate("quentin", "monkey") 119 assert_equal user, User.authenticate("quentin", "monkey")
120 end 120 end
121
122 def test_migrated_user_can_be_updated_without_password
123 user = users(:quentin)
124 assert_equal user, User.authenticate("quentin", "monkey")
125 user.reload
126
127 assert user.update(:email => "quentin@example.org")
128 end
121 129
122protected 130protected
123 def create_user(options = {}) 131 def create_user(options = {})