-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Closed
Description
describe "#password" do
it { should validate_presence_of(:password) }
it { should validate_confirmation_of(:password) }
context "with password but without confirmation" do
subject { FactoryGirl.build(:user) }
before {
subject.password = "testpassword"
subject.password_confirmation = nil
}
it "should not be valid" do
should_not be_valid
end
end
end
1) User instance validations #password with password but without confirmation should not be valid
Failure/Error: should_not be_valid
We just came across this when debugging an api call to devise. With the field in the DOM, this will not happen, as password_confirmation will be "".
I cannot really see, how this will be a desired behaviour in any case.
It shouid be fixed in my opinion, also with a patch for older versions.
Also i don't think, it is a major security issue, do you agree?
The fix, i would be proposing is
validates_presence_of :password_confirmation, :if => :password
Metadata
Metadata
Assignees
Labels
No labels