Remove legacy salt in password setter

moritzhoeppner · moritzhoeppner · commit b0b4a7a296bf · 2025-03-19T10:26:27.000+01:00
diff --git a/lib/devise-argon2/model.rb b/lib/devise-argon2/model.rb
@@ -38,6 +38,11 @@ def valid_password?(password)
         is_valid
       end
 
+      def password=(new_password)
+        self.password_salt = nil if migrate_hash_from_devise_argon2_v1?
+        super
+      end
+
       protected
 
       def password_digest(password)
diff --git a/spec/devise-argon2_spec.rb b/spec/devise-argon2_spec.rb
@@ -302,4 +302,38 @@ def work_factors(hash)
       )
     end
   end
+
+  describe 'password reset' do
+    NEW_PASSWORD = 'new password'
+
+    shared_examples 'ways of resetting the password' do
+      it 'can be done via password_reset' do
+        user.reset_password(NEW_PASSWORD, NEW_PASSWORD)
+        expect(user.valid_password?(NEW_PASSWORD)).to be true
+      end
+
+      it 'can be done via password=' do
+        user.password = NEW_PASSWORD
+        expect(user.valid_password?(NEW_PASSWORD)).to be true
+      end
+    end
+
+    context 'encrypted_password is hashed with the current version of devise-argon2' do
+      
+    end
+
+    context 'encrypted_password is hashed with version 1 of devise-argon2' do
+      let(:user) { OldUser.new(password: CORRECT_PASSWORD) }
+
+      before do
+        Devise.argon2_options.merge!({ migrate_from_devise_argon2_v1: true })
+        user.password_salt = 'devise-argon2 v1 salt'
+        user.encrypted_password = ::Argon2::Password.create(
+          "#{CORRECT_PASSWORD}#{user.password_salt}#{Devise.pepper}"
+        )
+      end
+
+      include_examples 'ways of resetting the password'
+    end
+  end
 end
