Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug fix for password not being required when used with database_authenticatable #56

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Bug fix for password not being required when used with database_authenticatable #56

wants to merge 1 commit into from

Conversation

codyrobbins
Copy link
Contributor

Partial bug fix for password not being required when used in tandem with the database_authenticatable and validatable modules.

This fix properly ensures that the #password_required? and #password methods are not redefined by Devise::Models::MagicLinkAuthenticatable if they already exist in the model. The check for the existing methods via instance_methods.include? must be done in the context of the class the module is being included into and not in the module itself.

See #13 for full context.

@codyrobbins
Bug fix for password not being required when used in tandem with the …
5d95f84 
…`database_authenticatable` and `validatable` modules.

This fix properly ensures that the `#password_required?` and `#password` methods are not redefined by `Devise::Models::MagicLinkAuthenticatable` if they already exist in the model. The check for the existing methods via `instance_methods.include?` must be done in the context of the class the module is being included into and not in the module itself.

See abevoelker#13 for full context.
@codyrobbins codyrobbins mentioned this pull request Apr 16, 2024
Closed
@abevoelker
Copy link
Owner

Thanks for your contribution! 🎉

This is a case where I kind of wish Devise had used vanilla include Devise::Models::blahblah calls for mixing in behavior instead of devise :foo, :bar, .... Because then we could do something like parameterize the include - e.g. include Devise::Models::MagicLinkAuthenticatable for regular behavior, include Devise::Models::MagicLinkAuthenticatable[:skip_password_fields] (something like that) and we could key off that option to skip those method redefinitions. (I like the aesthetic of how the Shrine gem does this type of thing)

But alas we have to support the god call to devise :magic_link_authenticatable because that's how Devise expects itself to be extended with strategies.

I'm still thinking we may want to opt-in to some explicit behavior here because clearly relying on implicit load-order dependent behavior is not working! Let me think on it

What would be ideal-ideal is if we didn't have to think about these two methods at all, since we shouldn't have to care about them, but the :validateable module breaks for truly-passwordless usage and (alas) my request to Devise to fix the method checks in :validateable was never implemented

@abevoelker
Copy link
Owner

(Copying and pasting this to all open issues/PRs:)

Hey all, per #64 I unfortunately won't have much time for the foreseeable future to maintain devise-passwordless to fix the open bugs and work on new features. I'm not abandoning this project, but due to some life issues it's just at the bottom of my priority list for now.

Anyone who wants to step up and be a maintainer to shepherd the project forward would be welcomed! I just ask that you've opened a PR, or written an issue, or can otherwise demonstrate some familiarity/competence with the project. You can reply to #64 or message me privately (through email or socials since GitHub doesn't have DMs) if interested. Thank you ✌️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@codyrobbins @abevoelker