Merge pull request #5051 from plataformatec/mf-revert-update-encrypted-password-to-nil-if-password-is-nil

Reverts both "[#4245] Allow password to nil (#4261)" and "Add more tests (#4970)"
2026-01-10 08:08:00 -05:00 · 2019-03-26 11:37:27 -03:00
parent 2a6d608bd8 f9d13f015a
commit 55e726e4a7
2 changed files with 5 additions and 23 deletions
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -60,7 +60,7 @@ module Devise
      # the hashed password.
      def password=(new_password)
        @password = new_password
-        self.encrypted_password = password_digest(@password) 
+        self.encrypted_password = password_digest(@password) if @password.present?
      end

      # Verifies whether a password (ie from sign in) is the user password.
@@ -70,7 +70,7 @@ module Devise

      # Set password and password confirmation to nil
      def clean_up_passwords
-        @password = @password_confirmation = nil
+        self.password = self.password_confirmation = nil
      end

      # Update record attributes when :current_password matches, otherwise
@@ -198,7 +198,6 @@ module Devise
      # See https://github.com/plataformatec/devise-encryptable for examples
      # of other hashing engines.
      def password_digest(password)
-        return if password.blank?
        Devise::Encryptor.digest(self.class, password)
      end

--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -117,9 +117,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
    assert_nil user.authenticatable_salt
  end

-  test 'should set encrypted password to nil if password is nil' do
-    assert_nil new_user(password: nil).encrypted_password
-    assert_nil new_user(password: '').encrypted_password
+  test 'should not generate a hashed password if password is blank' do
+    assert_blank new_user(password: nil).encrypted_password
+    assert_blank new_user(password: '').encrypted_password
  end

  test 'should hash password again if password has changed' do
@@ -148,16 +148,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
    refute user.valid_password?('654321')
  end

-  test 'should be invalid if the password is nil' do
-    user = new_user(password: nil)
-    refute user.valid_password?(nil)
-  end
-
-  test 'should be invalid if the password is blank' do
-    user = new_user(password: '')
-    refute user.valid_password?('')
-  end
-
  test 'should respond to current password' do
    assert new_user.respond_to?(:current_password)
  end
@@ -317,11 +307,4 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
      ]
    end
  end
-
-  test 'nil password should be invalid if password is set to nil' do
-    user = User.create(email: "HEllO@example.com", password: "12345678")
-    user.password = nil
-    refute user.valid_password?('12345678')
-    refute user.valid_password?(nil)
-  end
 end