Permalink
Browse files

Merge pull request #10694 from steveklabnik/hsp_regression

Fix regression in has_secure_password.
  • Loading branch information...
2 parents 6a6eae2 + 5d93ef8 commit 87f3eb61c641610f758e27c6c25c92b637ad3041 @steveklabnik steveklabnik committed May 30, 2013
View
@@ -1,3 +1,8 @@
+* Fix regression in has_secure_password. When a password is set, but a
+ confirmation is an empty string, it would incorrectly save.
+
+ *Steve Klabnik* and *Phillip Calvin*
+
* Deprecate `Validator#setup`. This should be done manually now in the validator's constructor.
*Nick Sutterer*
@@ -56,8 +56,9 @@ def has_secure_password(options = {})
include InstanceMethodsOnActivation
if options.fetch(:validations, true)
- validates_confirmation_of :password
+ validates_confirmation_of :password, if: lambda { |m| m.password.present? }
validates_presence_of :password, on: :create
+ validates_presence_of :password_confirmation, if: lambda { |m| m.password.present? }
before_create { raise "Password digest missing on new record" if password_digest.blank? }
end
@@ -106,9 +107,7 @@ def password=(unencrypted_password)
end
def password_confirmation=(unencrypted_password)
- unless unencrypted_password.blank?
- @password_confirmation = unencrypted_password
- end
+ @password_confirmation = unencrypted_password
end
end
end
@@ -94,4 +94,13 @@ class SecurePasswordTest < ActiveModel::TestCase
@user.password_confirmation = ""
assert @user.valid?(:update), "user should be valid"
end
+
+ test "will not save if confirmation is blank but password is not" do
+ @user.password = "password"
+ @user.password_confirmation = ""
+ assert_not @user.valid?(:create)
+
+ @user.password_confirmation = "password"
+ assert @user.valid?(:create)
+ end
end

0 comments on commit 87f3eb6

Please sign in to comment.