Permalink
Browse files

Fix regression in has_secure_password.

If the confirmation was blank, but the password wasn't, it would still save.
  • Loading branch information...
1 parent bf2542b commit 4e7605115d8ca0517b11148f53a2a93550f864d1 @pnc pnc committed with steveklabnik May 20, 2013
View
@@ -1,3 +1,10 @@
+## unreleased ##
+
+* Fix regression in has_secure_password. When a password is set, but a
+ confirmation is an empty string, it would incorrectly save.
+
+ *Steve Klabnik* and *Phillip Calvin*
+
## Rails 4.0.0.rc1 (April 29, 2013) ##
* Add `ActiveModel::Errors#full_messages_for`, to return all the error messages
@@ -56,8 +56,9 @@ def has_secure_password(options = {})
include InstanceMethodsOnActivation
if options.fetch(:validations, true)
- validates_confirmation_of :password
+ validates_confirmation_of :password, if: lambda { |m| m.password.present? }
validates_presence_of :password, :on => :create
+ validates_presence_of :password_confirmation, if: lambda { |m| m.password.present? }
before_create { raise "Password digest missing on new record" if password_digest.blank? }
end
@@ -106,9 +107,7 @@ def password=(unencrypted_password)
end
def password_confirmation=(unencrypted_password)
- unless unencrypted_password.blank?
- @password_confirmation = unencrypted_password
- end
+ @password_confirmation = unencrypted_password
end
end
end
@@ -94,4 +94,13 @@ class SecurePasswordTest < ActiveModel::TestCase
@user.password_confirmation = ""
assert @user.valid?(:update), "user should be valid"
end
+
+ test "will not save if confirmation is blank but password is not" do
+ @user.password = "password"
+ @user.password_confirmation = ""
+ assert_not @user.valid?(:create)
+
+ @user.password_confirmation = "password"
+ assert @user.valid?(:create)
+ end
end

0 comments on commit 4e76051

Please sign in to comment.