Merge pull request rails#49146 from kamipo/generating_token_only_once

kamipo · web-flow · commit cf10924421a4 · 2023-09-05T19:24:26.000+09:00
Generate secure token only once regardless of `on: :initialize` or `on: :create`
diff --git a/activerecord/lib/active_record/secure_token.rb b/activerecord/lib/active_record/secure_token.rb
@@ -52,7 +52,9 @@ def has_secure_token(attribute = :token, length: MINIMUM_TOKEN_LENGTH, on: Activ
         require "active_support/core_ext/securerandom"
         define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token(length: length) }
         set_callback on, on == :initialize ? :after : :before do
-          send("#{attribute}=", self.class.generate_unique_secure_token(length: length)) if has_attribute?(attribute) && !send("#{attribute}?")
+          if new_record? && !query_attribute(attribute)
+            write_attribute(attribute, self.class.generate_unique_secure_token(length: length))
+          end
         end
       end
 
diff --git a/activerecord/test/cases/secure_token_test.rb b/activerecord/test/cases/secure_token_test.rb
@@ -31,6 +31,22 @@ def test_generating_token_on_initialize_does_not_affect_reading_from_the_column
     assert_equal token, model.find(user.id).token
   end
 
+  def test_generating_token_on_initialize_happens_only_once
+    model = Class.new(ActiveRecord::Base) do
+      self.table_name = "users"
+      has_secure_token on: :initialize
+    end
+
+    token = "    "
+
+    user = model.new
+    user.update!(token: token)
+
+    assert_equal token, user.token
+    assert_equal token, user.reload.token
+    assert_equal token, model.find(user.id).token
+  end
+
   def test_generating_token_on_initialize_is_skipped_if_column_was_not_selected
     model = Class.new(ActiveRecord::Base) do
       self.table_name = "users"
