lib/rodauth/features/disallow_password_reuse.rb in rodauth-2.9.0 vs lib/rodauth/features/disallow_password_reuse.rb in rodauth-2.10.0

@@ -22,26 +22,29 @@
       hash
     end
 
     def add_previous_password_hash(hash) 
       ds = previous_password_ds
-      keep_before = ds.reverse(previous_password_id_column).
-        limit(nil, previous_passwords_to_check).
-        get(previous_password_id_column)
 
-      if keep_before
-        ds.where(Sequel.expr(previous_password_id_column) <= keep_before).
-          delete
+      unless @dont_check_previous_password
+        keep_before = ds.reverse(previous_password_id_column).
+          limit(nil, previous_passwords_to_check).
+          get(previous_password_id_column)
+
+        if keep_before
+          ds.where(Sequel.expr(previous_password_id_column) <= keep_before).
+            delete
+        end
       end
 
       # This should never raise uniqueness violations, as it uses a serial primary key
       ds.insert(previous_password_account_id_column=>account_id, previous_password_hash_column=>hash)
     end
 
     def password_meets_requirements?(password)
       super &&
-        password_doesnt_match_previous_password?(password)
+        (@dont_check_previous_password || password_doesnt_match_previous_password?(password))
     end
 
     private
 
     def password_doesnt_match_previous_password?(password)
@@ -67,9 +70,19 @@
     end
 
     def after_close_account
       super if defined?(super)
       previous_password_ds.delete
+    end
+
+    def before_create_account_route
+      super if defined?(super)
+      @dont_check_previous_password = true
+    end
+
+    def before_verify_account_route
+      super if defined?(super)
+      @dont_check_previous_password = true
     end
 
     def after_create_account
       if account_password_hash_column && !(respond_to?(:verify_account_set_password?) && verify_account_set_password?)
         add_previous_password_hash(password_hash(param(password_param)))