Drop obsolete Devise::Models::Authenticatable#inspect method#5816
Drop obsolete Devise::Models::Authenticatable#inspect method#5816OutlawAndy wants to merge 1 commit intoheartcombo:mainfrom
Conversation
|
This would be great, thanks! |
carlosantoniodasilva
left a comment
carlosantoniodasilva
left a comment
There was a problem hiding this comment.
I think this makes sense, but I want to mention that there'll be a slight change in the behavior of #inspect because it relies on serializable_hash which uses UNSAFE_ATTRIBUTES_FOR_SERIALIZATION, and that means any of those attributes that don't match filter_parameters values will now show up in #inspect.
Either way, I agree it's something worth delegating back to Rails, mentioning it in the changelog.
Would it make sense to ensure Devise includes things like password and token in the Rails params filter automatically? (even though it's normally part of the rails new setup.)
|
@carlosantoniodasilva Do you suggest that I push I'll also need to update the failing test. As you stated, this changes the behavior from removing keys to masking values. Also, should I add an entry to the changelog or is that something you will do when a new version is released? Thank you for the quick response and attention to this! |
No, not all of UNSAFE_ATTRIBUTES, I was just thinking of making sure "password", "token", "salt" (which are the real sensitive ones) are there... but they are on the default list generated by Rails, so it's probably fine.
This is fine I think.
I can handle the changelog, no problem, it can get annoying with conflicts. I also realized that Rails as of 7.2 allows further customization of which attributes get inspected, so maybe that's something we can leverage here: https://api.rubyonrails.org/classes/ActiveRecord/Core.html#method-c-attributes_for_inspect |
3 participants
Rails has handled parameter filtering for a number of years now. So this PR just follows through on the suggestion made in this comment
Fix #5274
Thank you!