⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

Drop obsolete Devise::Models::Authenticatable#inspect method #5816

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
OutlawAndy wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Drop obsolete Devise::Models::Authenticatable#inspect method #5816

OutlawAndy wants to merge 1 commit into from
+0 −9

Conversation

@OutlawAndy
Copy link

@OutlawAndy OutlawAndy commented Jan 5, 2026

Rails has handled parameter filtering for a number of years now. So this PR just follows through on the suggestion made in this comment

Fix #5274

Thank you!

@justwiebe
Copy link

justwiebe commented Jan 5, 2026

This would be great, thanks!

carlosantoniodasilva
carlosantoniodasilva reviewed Jan 5, 2026
View reviewed changes
Copy link
Member

@carlosantoniodasilva carlosantoniodasilva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this makes sense, but I want to mention that there'll be a slight change in the behavior of #inspect because it relies on serializable_hash which uses UNSAFE_ATTRIBUTES_FOR_SERIALIZATION, and that means any of those attributes that don't match filter_parameters values will now show up in #inspect.

Either way, I agree it's something worth delegating back to Rails, mentioning it in the changelog.

Would it make sense to ensure Devise includes things like password and token in the Rails params filter automatically? (even though it's normally part of the rails new setup.)

@OutlawAndy
Copy link
Author

OutlawAndy commented Jan 5, 2026

@carlosantoniodasilva Do you suggest that I push Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION into config.filter_parameters in the Devise railtie? Or something else?

I'll also need to update the failing test. As you stated, this changes the behavior from removing keys to masking values.

Also, should I add an entry to the changelog or is that something you will do when a new version is released?

Thank you for the quick response and attention to this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlosantoniodasilva carlosantoniodasilva carlosantoniodasilva left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Models with Devise::Models::Authenticatable have degraded pretty-printing

3 participants

@OutlawAndy @justwiebe @carlosantoniodasilva