Skip to content
Browse files

bcrypt will encrypt anything, so validate_presence_of would not catch…

… nil / blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this
  • Loading branch information...
1 parent 9951af0 commit 3e237522366e4b5b5811f9436a58de99d8b12542 @tenderlove tenderlove committed Apr 14, 2011
Showing with 15 additions and 1 deletion.
  1. +3 −1 activemodel/lib/active_model/secure_password.rb
  2. +12 −0 activemodel/test/cases/secure_password_test.rb
View
4 activemodel/lib/active_model/secure_password.rb
@@ -58,7 +58,9 @@ def authenticate(unencrypted_password)
# Encrypts the password into the password_digest attribute.
def password=(unencrypted_password)
@password = unencrypted_password
- self.password_digest = BCrypt::Password.create(unencrypted_password)
+ unless unencrypted_password.blank?
+ self.password_digest = BCrypt::Password.create(unencrypted_password)
+ end
end
end
end
View
12 activemodel/test/cases/secure_password_test.rb
@@ -9,6 +9,18 @@ class SecurePasswordTest < ActiveModel::TestCase
@user = User.new
end
+ test "blank password" do
+ user = User.new
+ user.password = ''
+ assert !user.valid?, 'user should be invalid'
+ end
+
+ test "nil password" do
+ user = User.new
+ user.password = nil
+ assert !user.valid?, 'user should be invalid'
+ end
+
test "password must be present" do
assert !@user.valid?
assert_equal 1, @user.errors.size

0 comments on commit 3e23752

Please sign in to comment.
Something went wrong with that request. Please try again.