Recent changes in Rails 5.1 and audited gem cause our method of auditing passwords to break. This PR refactors password auditing, so that instead of recording a change to attribute `password_changed`, we will now record the string `[redacted]` instead of any actual password. The change is done currently in our audit extensions, which mean that it will now apply to all resources that have a `password` attribute instead of just those that have defined the workaround. The next step will be to move this to the audited gem in a more generalized method that can be defined in the model when initializing audited, so that the workaround can be removed.
Fixes #22208, #21920 - Refactor password auditing (#5162)
Recent changes in Rails 5.1 and audited gem cause our method of auditing
passwords to break. This PR refactors password auditing, so that instead
of recording a change to attribute `password_changed`, we will now
record the string `[redacted]` instead of any actual password.
The change is done currently in our audit extensions, which mean that it
will now apply to all resources that have a `password` attribute instead
of just those that have defined the workaround.
The next step will be to move this to the audited gem in a more
generalized method that can be defined in the model when initializing
audited, so that the workaround can be removed.