broken tests due to audited 4.6 release
Most likely related to changes in rails 5.1 change tracking
ImageTest::audits for password change.test_0002_audit of password change should be saved
UserTest::audits for password change.test_0001_audit of password change should be saved only once, second time audited changes should not contain password_changed
UserTest::audits for password change.test_0002_audit of password change should be saved
Refs #22208 - pin audited to 4.5
4.6.0 versions causes test failures on models trying to prevent saved
passwords from being saved in the audit log. This is due to hacks we
added to core along with changes in rails 5.1 change tracking.
This should be fixed to work correctly in the code, but pinning for now
to prevent CI breakage.
Recent changes in Rails 5.1 and audited gem cause our method of auditing
passwords to break. This PR refactors password auditing, so that instead
of recording a change to attribute `password_changed`, we will now
record the string `[redacted]` instead of any actual password.
The change is done currently in our audit extensions, which mean that it
will now apply to all resources that have a `password` attribute instead
of just those that have defined the workaround.
The next step will be to move this to the audited gem in a more
generalized method that can be defined in the model when initializing
audited, so that the workaround can be removed.