2022-07-25 17:16:46 +00:00
|
|
|
* `has_secure_password` now supports password challenges via a
|
|
|
|
|
`password_challenge` accessor and validation.
|
|
|
|
|
|
|
|
|
|
A password challenge is a safeguard to verify that the current user is
|
|
|
|
|
actually the password owner. It can be used when changing sensitive model
|
|
|
|
|
fields, such as the password itself. It is different than a password
|
|
|
|
|
confirmation, which is used to prevent password typos.
|
|
|
|
|
|
|
|
|
|
When `password_challenge` is set, the validation checks that the value's
|
|
|
|
|
digest matches the *currently persisted* `password_digest` (i.e.
|
|
|
|
|
`password_digest_was`).
|
|
|
|
|
|
|
|
|
|
This allows a password challenge to be done as part of a typical `update`
|
|
|
|
|
call, just like a password confirmation. It also allows a password
|
|
|
|
|
challenge error to be handled in the same way as other validation errors.
|
|
|
|
|
|
|
|
|
|
For example, in the controller, instead of:
|
|
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
|
password_params = params.require(:password).permit(
|
|
|
|
|
:password_challenge,
|
|
|
|
|
:password,
|
|
|
|
|
:password_confirmation,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
password_challenge = password_params.delete(:password_challenge)
|
|
|
|
|
@password_challenge_failed = !current_user.authenticate(password_challenge)
|
|
|
|
|
|
|
|
|
|
if !@password_challenge_failed && current_user.update(password_params)
|
|
|
|
|
# ...
|
|
|
|
|
end
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
You can now write:
|
|
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
|
password_params = params.require(:password).permit(
|
|
|
|
|
:password_challenge,
|
|
|
|
|
:password,
|
|
|
|
|
:password_confirmation,
|
|
|
|
|
).with_defaults(password_challenge: "")
|
|
|
|
|
|
|
|
|
|
if current_user.update(password_params)
|
|
|
|
|
# ...
|
|
|
|
|
end
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
And, in the view, instead of checking `@password_challenge_failed`, you can
|
|
|
|
|
render an error for the `password_challenge` field just as you would for
|
|
|
|
|
other form fields, including utilizing `config.action_view.field_error_proc`.
|
|
|
|
|
|
|
|
|
|
*Jonathan Hefner*
|
|
|
|
|
|
2022-05-19 23:13:09 +00:00
|
|
|
* Support infinite ranges for `LengthValidator`s `:in`/`:within` options
|
|
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
|
validates_length_of :first_name, in: ..30
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
*fatkodima*
|
|
|
|
|
|
2022-05-18 04:57:15 +00:00
|
|
|
* Add support for beginless ranges to inclusivity/exclusivity validators:
|
|
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
|
validates_inclusion_of :birth_date, in: -> { (..Date.today) }
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
*Bo Jeanes*
|
|
|
|
|
|
2022-05-17 17:46:00 +00:00
|
|
|
* Make validators accept lambdas without record argument
|
|
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
|
# Before
|
|
|
|
|
validates_comparison_of :birth_date, less_than_or_equal_to: ->(_record) { Date.today }
|
|
|
|
|
|
|
|
|
|
# After
|
|
|
|
|
validates_comparison_of :birth_date, less_than_or_equal_to: -> { Date.today }
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
*fatkodima*
|
|
|
|
|
|
2022-05-02 16:59:50 +00:00
|
|
|
* Fix casting long strings to `Date`, `Time` or `DateTime`
|
|
|
|
|
|
|
|
|
|
*fatkodima*
|
|
|
|
|
|
2022-02-03 08:17:03 +00:00
|
|
|
* Use different cache namespace for proxy calls
|
2021-11-16 19:56:30 +00:00
|
|
|
|
2022-02-03 08:17:03 +00:00
|
|
|
Models can currently have different attribute bodies for the same method
|
|
|
|
|
names, leading to conflicts. Adding a new namespace `:active_model_proxy`
|
|
|
|
|
fixes the issue.
|
|
|
|
|
|
|
|
|
|
*Chris Salzberg*
|
2021-11-16 19:56:30 +00:00
|
|
|
|
2021-12-07 15:52:30 +00:00
|
|
|
Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/activemodel/CHANGELOG.md) for previous changes.
|
