From 5221c5400e193a64ab607d7de7c0450f5f15cd55 Mon Sep 17 00:00:00 2001 From: erdgeist Date: Fri, 17 Jul 2026 18:20:25 +0200 Subject: Allow updating migrated users without supplying a password password_required? treated a blank crypted_password as "needs a password", but after bcrypt migration crypted_password is nil by design -- every subsequent save of a migrated or new user failed validation. The predicate now requires a password only when both the legacy and the bcrypt credential are absent, or when one is actually being set. --- lib/authentication.rb | 2 +- test/models/user_test.rb | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/authentication.rb b/lib/authentication.rb index 56df391..4d8a5ae 100644 --- a/lib/authentication.rb +++ b/lib/authentication.rb @@ -98,7 +98,7 @@ module Authentication end def password_required? - crypted_password.blank? || !password.blank? + (crypted_password.blank? && password_digest.blank?) || !password.blank? end end # instance methods end diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 514bdea..feccce2 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -118,6 +118,14 @@ class UserTest < ActiveSupport::TestCase # Second login should now use password_digest. assert_equal user, User.authenticate("quentin", "monkey") end + + def test_migrated_user_can_be_updated_without_password + user = users(:quentin) + assert_equal user, User.authenticate("quentin", "monkey") + user.reload + + assert user.update(:email => "quentin@example.org") + end protected def create_user(options = {}) -- cgit v1.3