search

abevoelker / devise-passwordless

Devise passwordless logins using emailed magic links
MIT License
201 stars 37 forks source link

fix validatable with `password_required?` #32

Closed SethHorsley closed 1 year ago

SethHorsley commented 1 year ago

password_required? now uses the same logic devise uses to check if password should be required which also does the validation checks.

Before the current_user.update_with_password(password_params) would not validate if the confirm was different from the password etc...

Also fixes:

App #⁠1: All users have a saved password; any user may login via email OR password (i.e. accept both methods)
App #⁠2: Only some users have a saved password; those users must login via password; everyone else logs in via email
abevoelker commented 1 year ago

I rebased this patch on master (https://github.com/abevoelker/devise-passwordless/tree/iseth/master) but it doesn't work with users that only use the :magic_link_authenticatable strategy. Here's a CI test run example: https://github.com/abevoelker/devise-passwordless/actions/runs/6177687801

You can test the CI/integration specs locally using https://github.com/nektos/act with:

act -j test
abevoelker commented 1 year ago

I decided to take a different approach in resolving the original issue, but thank you for your suggestion! Closing now as resolved on master but feel free to re-open if any concerns linger.