Move sign_in_after_change_password? to protected

carlosantoniodasilva · carlosantoniodasilva · commit 04c41081890a · 2026-02-18T09:43:18.000-03:00
While not much practical change, it hopefully shows better the intention
that it's a method users can override if they need, similar to a few
other methods in controllers.

Also move `update_needs_confirmation?` down to private, as this one in
particular I don't think we intended to allow overriding, as it has no
practical behavior change other than the flash message.
diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb
@@ -69,7 +69,7 @@ def assert_reset_token_passed
       end
     end
 
-    # Check if the user should be signed in automatically after resetting the password
+    # Check if the user should be signed in automatically after resetting the password.
     def sign_in_after_reset_password?
       resource_class.sign_in_after_reset_password
     end
diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb
@@ -82,12 +82,6 @@ def cancel
 
   protected
 
-  def update_needs_confirmation?(resource, previous)
-    resource.respond_to?(:pending_reconfirmation?) &&
-      resource.pending_reconfirmation? &&
-      previous != resource.unconfirmed_email
-  end
-
   # By default we want to require a password checks on update.
   # You can overwrite this method in your own RegistrationsController.
   def update_resource(resource, params)
@@ -133,6 +127,13 @@ def authenticate_scope!
     self.resource = send(:"current_#{resource_name}")
   end
 
+  # Check if the user should be signed in automatically after updating the password.
+  def sign_in_after_change_password?
+    return true if account_update_params[:password].blank?
+
+    resource_class.sign_in_after_change_password
+  end
+
   def sign_up_params
     devise_parameter_sanitizer.sanitize(:sign_up)
   end
@@ -160,9 +161,9 @@ def set_flash_message_for_update(resource, prev_unconfirmed_email)
     set_flash_message :notice, flash_key
   end
 
-  def sign_in_after_change_password?
-    return true if account_update_params[:password].blank?
-
-    resource_class.sign_in_after_change_password
+  def update_needs_confirmation?(resource, previous)
+    resource.respond_to?(:pending_reconfirmation?) &&
+      resource.pending_reconfirmation? &&
+      previous != resource.unconfirmed_email
   end
 end
