has_secure_password should not raise a 'digest missing' error if the …

…calling class has specified for validations to be skipped.

activemodel/lib/active_model/secure_password.rb

@@ -43,9 +43,9 @@ def has_secure_password(options = {})
         if options.fetch(:validations, true)
           validates_confirmation_of :password
           validates_presence_of     :password, :on => :create
+
+          before_create { raise "Password digest missing on new record" if password_digest.blank? }
         end
-
-        before_create { raise "Password digest missing on new record" if password_digest.blank? }
 
         include InstanceMethodsOnActivation
 

activemodel/test/cases/secure_password_test.rb

@@ -1,5 +1,6 @@
 require 'cases/helper'
 require 'models/user'
+require 'models/oauthed_user'
 require 'models/visitor'
 require 'models/administrator'
 
@@ -8,6 +9,7 @@ class SecurePasswordTest < ActiveModel::TestCase
   setup do
     @user = User.new
     @visitor = Visitor.new
+    @oauthed_user = OauthedUser.new
   end
 
   test "blank password" do
@@ -73,4 +75,10 @@ class SecurePasswordTest < ActiveModel::TestCase
       @user.run_callbacks :create
     end
   end
+
+  test "Oauthed user can be created with blank digest" do
+    assert_nothing_raised do
+      @oauthed_user.run_callbacks :create
+    end
+  end
 end

activemodel/test/models/oauthed_user.rb

@@ -0,0 +1,11 @@
+class OauthedUser
+  extend ActiveModel::Callbacks
+  include ActiveModel::Validations
+  include ActiveModel::SecurePassword
+
+  define_model_callbacks :create
+
+  has_secure_password(validations: false)
+
+  attr_accessor :password_digest, :password_salt
+end