search

michaelbanfield / devise-pwned_password

Devise extension that checks user passwords against the PwnedPasswords dataset
https://rubygems.org/gems/devise-pwned_password
MIT License
156 stars 29 forks source link

Fail after upgrade to devise 4.9.1 #40

Closed alec-c4 closed 1 year ago

alec-c4 commented 1 year ago

After upgrade from 4.9.0 to 4.9.1 I've got following error

Exiting
/Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/devise-pwned_password-0.1.9/lib/devise/pwned_password/model.rb:18:in `block in <module:PwnedPassword>': undefined method `activerecord51?' for Devise:Module (NoMethodError)

          if: Devise.activerecord51? ? :will_save_change_to_encrypted_password? : :encrypted_password_changed?
                    ^^^^^^^^^^^^^^^^
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/activesupport-7.0.4.3/lib/active_support/concern.rb:136:in `class_eval'
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/activesupport-7.0.4.3/lib/active_support/concern.rb:136:in `append_features'
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/devise-4.9.1/lib/devise/models.rb:106:in `include'
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/devise-4.9.1/lib/devise/models.rb:106:in `block (2 levels) in devise'
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/devise-4.9.1/lib/devise/models.rb:90:in `each'
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/devise-4.9.1/lib/devise/models.rb:90:in `block in devise'
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/devise-4.9.1/lib/devise/models.rb:117:in `devise_modules_hook!'
    from /Users/alec/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/devise-4.9.1/lib/devise/models.rb:86:in `devise'
ErikPelli commented 1 year ago

The method activerecord51? shouldn't have been used, according to this issue, it needs to be changed.

olivier-thatch commented 1 year ago

@michaelbanfield Is this gem still being maintained? This issue is becoming a concern. For now, devise-pwned_password still works with the latest version of devise because they re-added the activerecord51? method with a deprecation warning (cf. changelog), but the method will be removed in the future so this still needs to be addressed.

michaelbanfield commented 1 year ago

Thanks for the PR! Pushed in https://rubygems.org/gems/devise-pwned_password/versions/0.1.10