Generation of SHA1 moved from after_create to after_save callback.
Accepting a size change would (or could) reset the SHA1 to nil, so we need to trigger a re-generation. Also, we put a guard on the callback to not (re-)generate a SHA1 only if the status is OK.