From 74f3fff676264591b99a183a73c54db6b722db51 Mon Sep 17 00:00:00 2001
From: Siva Gollapalli <siva@joshsoftware.com>
Date: Thu, 18 Aug 2016 19:37:35 +0530
Subject: [PATCH 1/4] [#4245] Allowing password to nil

---
 lib/devise/models/database_authenticatable.rb | 3 ++-
 test/models/database_authenticatable_test.rb  | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
index 70f6460947..07d25e380d 100644
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -37,11 +37,12 @@ def self.required_fields(klass)
       # the hashed password.
       def password=(new_password)
         @password = new_password
-        self.encrypted_password = password_digest(@password) if @password.present?
+        self.encrypted_password = password_digest(@password)
       end
 
       # Verifies whether a password (ie from sign in) is the user password.
       def valid_password?(password)
+        return false if password.blank?
         Devise::Encryptor.compare(self.class, encrypted_password, password)
       end
 
diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb
index dafd7b81ce..f7496ca4fc 100644
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -266,4 +266,12 @@ def setup
       ]
     end
   end
+
+  test 'rehash encrypt password if password is nil' do
+    user = User.create(email: "HEllO@example.com", password: "12345678")
+    user.password = nil
+    user.save
+    refute user.valid_password?('12345678')
+    refute user.valid_password?(nil)
+  end
 end

From cc1dfcb19324a0694ef22451036ff18b4078dfc8 Mon Sep 17 00:00:00 2001
From: Siva Gollapalli <siva@joshsoftware.com>
Date: Wed, 7 Sep 2016 18:49:57 +0530
Subject: [PATCH 2/4] Set encrypted password to nil if password is nil

---
 lib/devise/models/database_authenticatable.rb             | 3 ++-
 test/models/database_authenticatable_test.rb              | 8 ++++----
 test/rails_app/db/migrate/20100401102949_create_tables.rb | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
index 07d25e380d..794e42e83f 100644
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -37,7 +37,7 @@ def self.required_fields(klass)
       # the hashed password.
       def password=(new_password)
         @password = new_password
-        self.encrypted_password = password_digest(@password)
+        self.encrypted_password = password_digest(@password) 
       end
 
       # Verifies whether a password (ie from sign in) is the user password.
@@ -145,6 +145,7 @@ def send_password_change_notification
       # See https://github.com/plataformatec/devise-encryptable for examples
       # of other hashing engines.
       def password_digest(password)
+        return nil if password.blank?
         Devise::Encryptor.digest(self.class, password)
       end
 
diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb
index f7496ca4fc..05a30f3e46 100644
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -108,9 +108,9 @@ def setup
     assert_nil user.authenticatable_salt
   end
 
-  test 'should not generate a hashed password if password is blank' do
-    assert_blank new_user(password: nil).encrypted_password
-    assert_blank new_user(password: '').encrypted_password
+  test 'should set encrypted password to nil if password is nil' do
+    assert_nil new_user(password: nil).encrypted_password
+    assert_nil new_user(password: '').encrypted_password
   end
 
   test 'should hash password again if password has changed' do
@@ -267,7 +267,7 @@ def setup
     end
   end
 
-  test 'rehash encrypt password if password is nil' do
+  test 'nil password should be invalid if password is set to nil' do
     user = User.create(email: "HEllO@example.com", password: "12345678")
     user.password = nil
     user.save
diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb
index 4eecbc2cd3..1f924caa71 100644
--- a/test/rails_app/db/migrate/20100401102949_create_tables.rb
+++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb
@@ -10,7 +10,7 @@ def self.up
 
       ## Database authenticatable
       t.string :email,              null: false, default: ""
-      t.string :encrypted_password, null: false, default: ""
+      t.string :encrypted_password, default: ""
 
       ## Recoverable
       t.string   :reset_password_token

From f17e1f3c4b8a46645afd170d279f13950c100689 Mon Sep 17 00:00:00 2001
From: Siva Gollapalli <siva@joshsoftware.com>
Date: Thu, 8 Sep 2016 19:43:39 +0530
Subject: [PATCH 3/4] [#4245] Fixing the build

---
 lib/devise/models/database_authenticatable.rb             | 2 +-
 test/models/database_authenticatable_test.rb              | 1 -
 test/models/recoverable_test.rb                           | 2 +-
 test/rails_app/db/migrate/20100401102949_create_tables.rb | 2 +-
 4 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
index 794e42e83f..80d2a04de5 100644
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -48,7 +48,7 @@ def valid_password?(password)
 
       # Set password and password confirmation to nil
       def clean_up_passwords
-        self.password = self.password_confirmation = nil
+        @password = @password_confirmation = nil
       end
 
       # Update record attributes when :current_password matches, otherwise
diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb
index 05a30f3e46..e4692366fe 100644
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -270,7 +270,6 @@ def setup
   test 'nil password should be invalid if password is set to nil' do
     user = User.create(email: "HEllO@example.com", password: "12345678")
     user.password = nil
-    user.save
     refute user.valid_password?('12345678')
     refute user.valid_password?(nil)
   end
diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb
index 55aa8d2a09..322d4b0f60 100644
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@@ -158,7 +158,7 @@ def setup
     user = create_user
     raw  = user.send_reset_password_instructions
 
-    reset_password_user = User.reset_password_by_token(reset_password_token: raw)
+    reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '1234567')
     assert_equal reset_password_user, user
   end
 
diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb
index 1f924caa71..4eecbc2cd3 100644
--- a/test/rails_app/db/migrate/20100401102949_create_tables.rb
+++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb
@@ -10,7 +10,7 @@ def self.up
 
       ## Database authenticatable
       t.string :email,              null: false, default: ""
-      t.string :encrypted_password, default: ""
+      t.string :encrypted_password, null: false, default: ""
 
       ## Recoverable
       t.string   :reset_password_token

From 2eaad6caafbc1b2bee91dc428e176ffa55ddfdc2 Mon Sep 17 00:00:00 2001
From: sivagollapalli <sivagollapalli88@gmail.com>
Date: Wed, 24 Oct 2018 20:41:33 +0530
Subject: [PATCH 4/4] Removed unnecessary code

---
 lib/devise/models/database_authenticatable.rb | 2 +-
 test/models/recoverable_test.rb               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
index 80d2a04de5..c2fab38f9c 100644
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -145,7 +145,7 @@ def send_password_change_notification
       # See https://github.com/plataformatec/devise-encryptable for examples
       # of other hashing engines.
       def password_digest(password)
-        return nil if password.blank?
+        return if password.blank?
         Devise::Encryptor.digest(self.class, password)
       end
 
diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb
index 322d4b0f60..55aa8d2a09 100644
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@@ -158,7 +158,7 @@ def setup
     user = create_user
     raw  = user.send_reset_password_instructions
 
-    reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '1234567')
+    reset_password_user = User.reset_password_by_token(reset_password_token: raw)
     assert_equal reset_password_user, user
   end