Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

`has_secure_password` is not invalid when assigning empty Strings.

Closes #9535.

With 692b3b6 the `password=` setter does no longer set blank passwords.
This triggered validation errors when assigning empty Strings to `password`
and `password_confirmation`.

This patch only sets the confirmation if it is not `blank?`.
  • Loading branch information...
commit 8c1687bbf8dd518d64fc7180b33c1cb57f29a69a 1 parent b501ee4
@senny senny authored
View
10 activemodel/CHANGELOG.md
@@ -1,5 +1,15 @@
## Rails 4.0.0 (unreleased) ##
+* `has_secure_password` does not fail the confirmation validation
+ when assigning empty String to `password` and `password_confirmation`.
+
+ Example:
+
+ # given User has_secure_password.
+ @user.password = ""
+ @user.password_confirmation = ""
+ @user.valid?(:update) # used to be false
+
* `validates_confirmation_of` does not override writer methods for
the confirmation attribute if no reader is defined.
View
10 activemodel/lib/active_model/secure_password.rb
@@ -48,6 +48,8 @@ def has_secure_password(options = {})
attr_reader :password
+ include InstanceMethodsOnActivation
+
if options.fetch(:validations, true)
validates_confirmation_of :password
validates_presence_of :password, :on => :create
@@ -55,8 +57,6 @@ def has_secure_password(options = {})
before_create { raise "Password digest missing on new record" if password_digest.blank? }
end
- include InstanceMethodsOnActivation
-
if respond_to?(:attributes_protected_by_default)
def self.attributes_protected_by_default #:nodoc:
super + ['password_digest']
@@ -99,6 +99,12 @@ def password=(unencrypted_password)
self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)
end
end
+
+ def password_confirmation=(unencrypted_password)
+ unless unencrypted_password.blank?
+ @password_confirmation = unencrypted_password
+ end
+ end
end
end
end
View
6 activemodel/test/cases/secure_password_test.rb
@@ -88,4 +88,10 @@ class SecurePasswordTest < ActiveModel::TestCase
@user.password = "secret"
assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
end
+
+ test "blank password_confirmation does not result in a confirmation error" do
+ @user.password = ""
+ @user.password_confirmation = ""
+ assert @user.valid?(:update), "user should be valid"
+ end
end

1 comment on commit 8c1687b

@steveklabnik
Collaborator
Please sign in to comment.
Something went wrong with that request. Please try again.