lib/rodauth/features/disallow_password_reuse.rb in rodauth-1.19.1 vs lib/rodauth/features/disallow_password_reuse.rb in rodauth-1.20.0

@@ -26,12 +26,14 @@
       ds = previous_password_ds
       keep_before = ds.reverse(previous_password_id_column).
         limit(nil, previous_passwords_to_check).
         get(previous_password_id_column)
 
-      ds.where(Sequel.expr(previous_password_id_column) <= keep_before).
-        delete
+      if keep_before
+        ds.where(Sequel.expr(previous_password_id_column) <= keep_before).
+          delete
+      end
 
       # This should never raise uniqueness violations, as it uses a serial primary key
       ds.insert(previous_password_account_id_column=>account_id, previous_password_hash_column=>hash)
     end
 
@@ -66,10 +68,10 @@
       super if defined?(super)
       previous_password_ds.delete
     end
 
     def after_create_account
-      if account_password_hash_column
+      if account_password_hash_column && !(respond_to?(:verify_account_set_password?) && verify_account_set_password?)
         add_previous_password_hash(password_hash(param(password_param)))
       end
       super if defined?(super)
     end