mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Check if the record is persisted in update_tracked_fields!
In some cases, invalid records could be created during the signup process because we were calling `save(validate: false)` inside the `update_tracked_fields!` method. See https://github.com/plataformatec/devise/issues/4673 for more information. This was fixed on https://github.com/plataformatec/devise/pull/4674 by calling `save` directly, but it caused some trouble and confusion since it changed Devise's behavior significantly. We talked about on https://github.com/plataformatec/devise/issues/4790 and it doesn't even make sense to call `save` on an object that isn't persisted yet, so I've added a guard clause to the `update_tracked_fields!` method. Fixes https://github.com/plataformatec/devise/issues/4790
This commit is contained in:
parent
8ab7963e50
commit
d870c0dced
2 changed files with 7 additions and 2 deletions
|
@ -13,7 +13,7 @@ PATH
|
||||||
devise (4.4.1)
|
devise (4.4.1)
|
||||||
bcrypt (~> 3.0)
|
bcrypt (~> 3.0)
|
||||||
orm_adapter (~> 0.1)
|
orm_adapter (~> 0.1)
|
||||||
railties (>= 4.1.0, < 5.2)
|
railties (>= 4.1.0, < 6.0)
|
||||||
responders
|
responders
|
||||||
warden (~> 1.2.3)
|
warden (~> 1.2.3)
|
||||||
|
|
||||||
|
|
|
@ -31,8 +31,13 @@ module Devise
|
||||||
end
|
end
|
||||||
|
|
||||||
def update_tracked_fields!(request)
|
def update_tracked_fields!(request)
|
||||||
|
# We have to check if the user is already persisted before running
|
||||||
|
# `save` here because invalid users can be saved if we don't.
|
||||||
|
# See https://github.com/plataformatec/devise/issues/4673 for more details.
|
||||||
|
return if new_record?
|
||||||
|
|
||||||
update_tracked_fields(request)
|
update_tracked_fields(request)
|
||||||
save
|
save(validate: false)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue