minimalist_authentication 3.2.0 → 3.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba64bc8499dedd0f4fe8dfca813cc0c21e2d32759bd3b3b4dd8aac3c0e77605a
-  data.tar.gz: 566e4b373c274fd7843469d4d225560baf877aabde97658b1aa5a66f3c97f65e
+  metadata.gz: 4b81e23298baa784d92be34aa1b6b372f585c5ea8bba51d953a85ee39ec44db5
+  data.tar.gz: 2cad820418a3869931fad968063d3f97e7302686b1fd534daf3a1c9f0d5dda15
 SHA512:
-  metadata.gz: 149c5f1eb8a13319ba9d4848a7851107433d96081ed9a1bf01e43cba0366cb1e873aaa47c10eefed29aba9b973bf53076ecefd6d7b6835bb1a9300a4db8813fc
-  data.tar.gz: 51aae04db4c7bcdf4a26009fc1278aa716aea12d95624fe74ffd21fb9d52e0c901ec78d15751df92c2ce2882544a54b80f623e72a53703e1a67b88072662aed9
+  metadata.gz: 3b5cd0f9f672f3084884b5385d333705d21d9835738e0b79ba8bc10853bc8bf5cbec88451ff07db26844a601fc69e685fe3f5e3961c5dbcd3616033d9cfe781a
+  data.tar.gz: 183194ef85c0ed224f9550c95779ecc5d37b6437ea0b05cd2e2cc32c43785d6718639bc1e4b74997df0fedf93432366e7240bc1e1d6b440008210ce64f277134

data/app/controllers/passwords_controller.rb

@@ -14,7 +14,7 @@ class PasswordsController < ApplicationController
 
   # Update user's password
   def update
-    if user.update(password_params.merge(password_required: true))
+    if user.update(password_params)
       redirect_to new_session_path, notice: t(".notice")
     else
       render :edit, status: :unprocessable_entity

data/app/validators/password_exclusivity_validator.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class PasswordExclusivityValidator < ActiveModel::EachValidator
+  # Ensure password does not match username or email.
+  def validate_each(record, attribute, value)
+    %w[username email].each do |field|
+      record.errors.add(attribute, "can not match #{field}") if value.casecmp?(record.try(field))
+    end
+  end
+end

data/lib/minimalist_authentication/user.rb

@@ -15,9 +15,6 @@ module MinimalistAuthentication
         password_salt.last(10)
       end
 
-      # Force validations for a blank password.
-      attribute :password_required, :boolean, default: false
-
       # Email validations
       validates(
         :email,
@@ -29,10 +26,13 @@ module MinimalistAuthentication
 
       # Password validations
       # Adds validations for minimum password length and exclusivity.
-      # has_secure_password adds validations for presence, maximum length, confirmation,
-      # and password_challenge.
-      validates :password, length: { minimum: :password_minimum }, if: :validate_password?
-      validate :password_exclusivity, if: :password?
+      # has_secure_password includes validations for presence, maximum length, confirmation, and password_challenge.
+      validates(
+        :password,
+        password_exclusivity: true,
+        length:               { minimum: :password_minimum },
+        allow_blank:          true
+      )
 
       # Active scope
       scope :active, ->(state = true) { where(active: state) }
@@ -74,15 +74,9 @@ module MinimalistAuthentication
       active?
     end
 
-    # Remove the has_secure_password password blank error if password is not required.
+    # Remove the has_secure_password password blank error if user is inactive.
     def errors
-      super.tap { |errors| errors.delete(:password, :blank) unless validate_password? }
-    end
-
-    # Returns true if the user is not active.
-    def inactive?
-      MinimalistAuthentication.deprecator.warn("Calling #inactive? is deprecated.")
-      !active?
+      super.tap { |errors| errors.delete(:password, :blank) if inactive? }
     end
 
     # Returns true if password matches the hashed_password, otherwise returns false.
@@ -98,37 +92,23 @@ module MinimalistAuthentication
       email == GUEST_USER_EMAIL
     end
 
+    # Returns true if the user is not active.
+    def inactive?
+      !active?
+    end
+
     # Sets #last_logged_in_at to the current time without updating the updated_at timestamp.
     def logged_in
       update_column(:last_logged_in_at, Time.current)
     end
 
-    # Checks for password presence
-    def password?
-      password.present?
-    end
-
     private
 
-    # Ensure password does not match username or email.
-    def password_exclusivity
-      %w[username email].each do |field|
-        errors.add(:password, "can not match #{field}") if password.casecmp?(try(field))
-      end
-    end
-
     # Return true if the user matches the owner of the provided token.
     def token_owner?(purpose, token)
       self.class.find_by_token_for(purpose, token) == self
     end
 
-    # Require password for active users that either do no have a password hash
-    # stored OR are attempting to set a new password. Set **password_required**
-    # to true to force validations even when the password field is blank.
-    def validate_password?
-      active? && (password_digest.blank? || password? || password_required?)
-    end
-
     # Validate email for all users.
     # Applications can turn off email validation by setting the validate_email
     # configuration attribute to false.

data/lib/minimalist_authentication/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MinimalistAuthentication
-  VERSION = "3.2.0"
+  VERSION = "3.2.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: minimalist_authentication
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.2.1
 platform: ruby
 authors:
 - Aaron Baldwin
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-21 00:00:00.000000000 Z
+date: 2024-11-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -63,6 +63,7 @@ files:
 - app/helpers/minimalist_authentication/application_helper.rb
 - app/mailers/application_mailer.rb
 - app/mailers/minimalist_authentication_mailer.rb
+- app/validators/password_exclusivity_validator.rb
 - app/views/email_verifications/new.html.erb
 - app/views/email_verifications/show.html.erb
 - app/views/emails/edit.html.erb