`#change_password!` with an empty string fails silently

Question

`#change_password!` with an empty string fails silently

Spone opened this issue 2 years ago · 2 comments

Configuration

Sorcery Version: 0.16.4
Ruby Version: 3.1.2
Framework: Rails 7.0.4
Platform: Linux

Expected Behavior

When I'm calling @user.change_password!(""), I would expect an exception to be raised, because the password is missing, so it won't be modified.

Actual Behavior

The method does not raise an exception and returns true.

Steps to Reproduce

In Rails console:

Create a User
Call User.last.change_password!("")
No exception is raised and true is returned

Do you consider this a bug? If yes, I can provide a test case in a PR.

Answer 1 · 2023-01-17T20:26:56.000Z

Typically this is caught by validators on the password virtual attribute, but it would make sense to raise an error if it already does nothing rather than setting the password hash to nil.

If you are okay with creating a test case, that would be helpful.

Answer 2 · 2023-01-18T21:35:58.000Z

@joshbuker see #333