impress/config/environments
Emi Matchu 7f4c34ff6a Oops, stop requiring a new password whenever AuthUser is changed
Ah right, I went and checked the Devise source code, and the default
implementation for `password_required?` is a bit trickier than I
expected:

```ruby
def password_required?
  !persisted? || !password.nil? || !password_confirmation.nil?
end
```

Looks like `super` does a good enough job here, though! (I'm actually
kinda surprised, I wasn't sure how Ruby's `super` rules worked, and
this isn't a subclass thing—or maybe it is, maybe the `devise` method
adds a mixin? Idk! But it does what I expect, so, great!)

So now, we require the password if 1) Devise doesn't see a UI reason
not to, *and* 2) the user isn't using OmniAuth (i.e. NeoPass).

This had caused a bug where it was impossible to use the Settings page
*without* changing your password! (The form says it's okay to leave it
blank, which stopped being true! But now it's fixed!)
2024-03-14 19:20:33 -07:00
..
development.rb Refactor to use OpenID Connect OmniAuth gem instead of plain OAuth2 2024-03-14 18:11:40 -07:00
production.rb Oops, stop requiring a new password whenever AuthUser is changed 2024-03-14 19:20:33 -07:00
remote_development.rb handle contribution for now-unused swf 2010-11-15 16:44:57 -05:00
test.rb Refactor to use OpenID Connect OmniAuth gem instead of plain OAuth2 2024-03-14 18:11:40 -07:00