Permalink
Browse files

A blank password should be allowed.

Otherwise, we must see an error message for the password_digest column
when the user inputs a blank password into a user registration form.

If a developer think this is not secure, he/she should use the
ordinary validation mechanism against the password attribute.
  • Loading branch information...
1 parent d1d5107 commit a4e6953248ef83d452f043bd15cf2fab6dde58a3 @kuroda committed Sep 8, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 activemodel/lib/active_model/secure_password.rb
View
2 activemodel/lib/active_model/secure_password.rb
@@ -65,7 +65,7 @@ def authenticate(unencrypted_password)
# Encrypts the password into the password_digest attribute.
def password=(unencrypted_password)
@password = unencrypted_password
- unless unencrypted_password.blank?
+ unless unencrypted_password
self.password_digest = BCrypt::Password.create(unencrypted_password)
end
end

0 comments on commit a4e6953

Please sign in to comment.