diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2026-07-17 18:20:25 +0200 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2026-07-17 18:20:25 +0200 |
| commit | 5221c5400e193a64ab607d7de7c0450f5f15cd55 (patch) | |
| tree | f745cc4f474b05301e1b1face6a9417d1fdb41bc | |
| parent | 27e89a8e931d4f2c3fd9aa45adae506af6733d0d (diff) | |
Allow updating migrated users without supplying a password
password_required? treated a blank crypted_password as "needs a
password", but after bcrypt migration crypted_password is nil by
design -- every subsequent save of a migrated or new user failed
validation. The predicate now requires a password only when both
the legacy and the bcrypt credential are absent, or when one is
actually being set.
| -rw-r--r-- | lib/authentication.rb | 2 | ||||
| -rw-r--r-- | test/models/user_test.rb | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/lib/authentication.rb b/lib/authentication.rb index 56df391..4d8a5ae 100644 --- a/lib/authentication.rb +++ b/lib/authentication.rb | |||
| @@ -98,7 +98,7 @@ module Authentication | |||
| 98 | end | 98 | end |
| 99 | 99 | ||
| 100 | def password_required? | 100 | def password_required? |
| 101 | crypted_password.blank? || !password.blank? | 101 | (crypted_password.blank? && password_digest.blank?) || !password.blank? |
| 102 | end | 102 | end |
| 103 | end # instance methods | 103 | end # instance methods |
| 104 | end | 104 | end |
diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 514bdea..feccce2 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb | |||
| @@ -118,6 +118,14 @@ class UserTest < ActiveSupport::TestCase | |||
| 118 | # Second login should now use password_digest. | 118 | # Second login should now use password_digest. |
| 119 | assert_equal user, User.authenticate("quentin", "monkey") | 119 | assert_equal user, User.authenticate("quentin", "monkey") |
| 120 | end | 120 | end |
| 121 | |||
| 122 | def test_migrated_user_can_be_updated_without_password | ||
| 123 | user = users(:quentin) | ||
| 124 | assert_equal user, User.authenticate("quentin", "monkey") | ||
| 125 | user.reload | ||
| 126 | |||
| 127 | assert user.update(:email => "quentin@example.org") | ||
| 128 | end | ||
| 121 | 129 | ||
| 122 | protected | 130 | protected |
| 123 | def create_user(options = {}) | 131 | def create_user(options = {}) |
