authlogic icon indicating copy to clipboard operation
authlogic copied to clipboard

Published 20 hours ago verified publisher icon binarylogic

Transitioning password should not set password_changed? true

Open pduey opened this issue 5 years ago • 1 comments

If a password is being transitioned to a new crypto provider, I would expect password_changed? to be falsey, but it is true. This draft PR adds a test to demonstrate it. If you change the definition of transition_password as follows, the test will pass:

def transition_password(attempted_password)
    self.password = attempted_password
+   @password_changed = false
    save(validate: false)
end

In password= @password_changed is set to true, so this just inverts that. Other possible solutions I've thought of:

  1. don't call password= in transition_password, instead call encrypt right there (and whatever else might be required
  2. set a new instance variable @password_transitioned which can be used in conditions like password_changed?

pduey avatar May 28 '20 18:05 pduey

Bump on this @pduey , I'd be interested by this improvement!

florrain avatar Apr 17 '24 15:04 florrain

Thank you for the contribution. I'm closing this due to inactivity. If you want to revive it, please re-open the pull request.

binarylogic avatar Mar 25 '25 16:03 binarylogic