1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

Check if the record is persisted in update_tracked_fields!

In some cases, invalid records could be created during the signup
process because we were calling `save(validate: false)` inside the
`update_tracked_fields!` method. See
https://github.com/plataformatec/devise/issues/4673 for more
information.
This was fixed on https://github.com/plataformatec/devise/pull/4674 by
calling `save` directly, but it caused some trouble and confusion since
it changed Devise's behavior significantly.
We talked about on https://github.com/plataformatec/devise/issues/4790
and it doesn't even make sense to call `save` on an object that isn't
persisted yet, so I've added a guard clause to the
`update_tracked_fields!` method.

Fixes https://github.com/plataformatec/devise/issues/4790
This commit is contained in:
Leonardo Tegon 2018-03-05 18:45:49 -03:00 committed by Leonardo Tegon
parent 8ab7963e50
commit d870c0dced
2 changed files with 7 additions and 2 deletions

View file

@ -13,7 +13,7 @@ PATH
devise (4.4.1) devise (4.4.1)
bcrypt (~> 3.0) bcrypt (~> 3.0)
orm_adapter (~> 0.1) orm_adapter (~> 0.1)
railties (>= 4.1.0, < 5.2) railties (>= 4.1.0, < 6.0)
responders responders
warden (~> 1.2.3) warden (~> 1.2.3)

View file

@ -31,8 +31,13 @@ module Devise
end end
def update_tracked_fields!(request) def update_tracked_fields!(request)
# We have to check if the user is already persisted before running
# `save` here because invalid users can be saved if we don't.
# See https://github.com/plataformatec/devise/issues/4673 for more details.
return if new_record?
update_tracked_fields(request) update_tracked_fields(request)
save save(validate: false)
end end
end end
end end