Showing error messages on reset password form not possible anymore

[tbk303]

Configuration

• Sorcery Version: 0.13.0
• Ruby Version: 2.5.0
• Framework: rails-5.1.6.1
• Platform: Linux

Expected Behavior

Calling the change_password! method in a controller for resetting the password of the user allowed for a "normal" Rails form redisplay in case of validation errors (e.g. the newly entered password is too short) in version 0.12.0 and earlier.

Actual Behavior

The behavior of that method changed in PR #130 and is now raising exceptions on validation errors. Hence it is not possible anymore to create a proper password reset form for the user which shows validation errors.

Steps to Reproduce

Create a update action in a password resets controller like explained in the wiki before the change mentioned above:

  def update
    @user = User.load_from_reset_password_token params[:id]

    @user.crypted_password_will_change!

    if @user.change_password! reset_params[:password]
      auto_login @user
      redirect_to profile_path, notice: t('.success')
    else
      render :edit
    end
  end

The else part is now impossible to implement properly.

[SofiaSousa]

Got the same issue.

In order to handle this, I'm using a begin .. rescue and returning errors message on rescue.

[tbk303]

I think this has been fixed with #165 in 0.14

[joshbuker]

Sounds like this got resolved when change_password got refactored to follow the save vs save! convention! 🎉