async fn update_password_hash_if_unchanged(
conn: &mut PgConnection,
user_id: Uuid,
new_hash: &SecretString,
expected_current_hash: &str,
) -> ModelResult<bool>Expand description
Re-stores new_hash for the user only if the currently stored hash still equals
expected_current_hash (a compare-and-swap). Returns true if the row was updated and false
if the stored hash had already changed (e.g. a concurrent password change) or no active row
matched, in which case nothing is written. Used by the legacy-rehash path so that a concurrent
password change is never clobbered by re-storing a hash derived from the old password.