FYI: Model Validation Failure will prevent :request_password_reset email

[Tim Griffin]

Hi all;

I'm just passing along something I discovered that wasn't entirely obvious to me. In trying to recover a password as a test, I was baffled why I was getting the reset email for one account, but not for another. 

It turns out that the :request_password_reset cycle will return without doing anything if you model has any validations on it that fail, and no validation failure is reported or recorded in the log. There was no hint that something was failing. 

In my case, I had a "preauth" field in my User model that was supposed to be between a min and max value:

  validates :preauth, :inclusion => { :in => Yetting.preauth_min..Yetting.preauth_max, :message => proc { I18n.t('preauth_limit', :preauth_min => Yetting.preauth_min, :preauth_max => Yetting.preauth_max) } }

And, the record that failed to issue the password reset email had a preauth field value that did not pass the validation. The field happened to be Null.

Who knew? 

Hopefully, this little nugget will save someone else some lost time. 

Tim

[Ignacio Huerta]

Thanks for sharing Tim!

Do you think this request_password_reset action should work regardless
of the validations?

Regards,
Ignacio

> --
> You received this message because you are subscribed to the Google
> Groups "Hobo Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to hobousers+...@googlegroups.com
> <mailto:hobousers+...@googlegroups.com>.
> To post to this group, send email to hobo...@googlegroups.com
> <mailto:hobo...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/hobousers.
> For more options, visit https://groups.google.com/d/optout.

[Tim Griffin]

I'm inclined to say "yes", I think :request_password_reset should work regardless of validations on the User model.  Certainly in my case, the erroneous field value had nothing to do with password recovery. But, I'm sure the general community would need this to be configurable as a parameter on the :request_password_reset transition, since everyone will have different validations on a User model, and some validations should be capable of blocking a password recovery. 

I definitely experienced angst at not receiving any indication from the Hobo mechanism that something was wrong with the record, so raising an exception would be very helpful. I'll create an issue to address this (and have a crack at injecting something in the right place). 

Tim

You received this message because you are subscribed to a topic in the Google Groups "Hobo Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/hobousers/htADF7za94U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to hobousers+...@googlegroups.com.
To post to this group, send email to hobo...@googlegroups.com.

[Ignacio Huerta]

Issue opened: https://github.com/Hobo/hobo/issues/134

> <mailto:hobousers%2Bunsu...@googlegroups.com>
> > <mailto:hobousers+...@googlegroups.com
> <mailto:hobousers%2Bunsu...@googlegroups.com>>.

> > To post to this group, send email to hobo...@googlegroups.com <mailto:hobo...@googlegroups.com>

> > <mailto:hobo...@googlegroups.com

> <mailto:hobo...@googlegroups.com>>.
> > Visit this group at http://groups.google.com/group/hobousers.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Hobo Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/hobousers/htADF7za94U/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> hobousers+...@googlegroups.com

> <mailto:hobousers%2Bunsu...@googlegroups.com>.