Skip to content
This repository
Browse code

`has_secure_password` is not invalid when assigning empty Strings.

Closes #9535.

With 692b3b6 the `password=` setter does no longer set blank passwords.
This triggered validation errors when assigning empty Strings to `password`
and `password_confirmation`.

This patch only sets the confirmation if it is not `blank?`.
  • Loading branch information...
commit 8c1687bbf8dd518d64fc7180b33c1cb57f29a69a 1 parent b501ee4
Yves Senn senny authored
10 activemodel/CHANGELOG.md
Source Rendered
... ... @@ -1,5 +1,15 @@
1 1 ## Rails 4.0.0 (unreleased) ##
2 2
  3 +* `has_secure_password` does not fail the confirmation validation
  4 + when assigning empty String to `password` and `password_confirmation`.
  5 +
  6 + Example:
  7 +
  8 + # given User has_secure_password.
  9 + @user.password = ""
  10 + @user.password_confirmation = ""
  11 + @user.valid?(:update) # used to be false
  12 +
3 13 * `validates_confirmation_of` does not override writer methods for
4 14 the confirmation attribute if no reader is defined.
5 15
10 activemodel/lib/active_model/secure_password.rb
@@ -48,6 +48,8 @@ def has_secure_password(options = {})
48 48
49 49 attr_reader :password
50 50
  51 + include InstanceMethodsOnActivation
  52 +
51 53 if options.fetch(:validations, true)
52 54 validates_confirmation_of :password
53 55 validates_presence_of :password, :on => :create
@@ -55,8 +57,6 @@ def has_secure_password(options = {})
55 57 before_create { raise "Password digest missing on new record" if password_digest.blank? }
56 58 end
57 59
58   - include InstanceMethodsOnActivation
59   -
60 60 if respond_to?(:attributes_protected_by_default)
61 61 def self.attributes_protected_by_default #:nodoc:
62 62 super + ['password_digest']
@@ -99,6 +99,12 @@ def password=(unencrypted_password)
99 99 self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)
100 100 end
101 101 end
  102 +
  103 + def password_confirmation=(unencrypted_password)
  104 + unless unencrypted_password.blank?
  105 + @password_confirmation = unencrypted_password
  106 + end
  107 + end
102 108 end
103 109 end
104 110 end
6 activemodel/test/cases/secure_password_test.rb
@@ -88,4 +88,10 @@ class SecurePasswordTest < ActiveModel::TestCase
88 88 @user.password = "secret"
89 89 assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
90 90 end
  91 +
  92 + test "blank password_confirmation does not result in a confirmation error" do
  93 + @user.password = ""
  94 + @user.password_confirmation = ""
  95 + assert @user.valid?(:update), "user should be valid"
  96 + end
91 97 end

1 comment on commit 8c1687b

Steve Klabnik
Collaborator
Please sign in to comment.
Something went wrong with that request. Please try again.