Fix in has_secure_password for passwords containing only spaces.

[yevhene]

Steps:

1. Existing model with has_secure_password. With encrypted_password stored.
2. User try to update password with password containing only spaces.
3. Password is discarded. Model is valid and stored. Password is not changed but no error massage given.

[chancancode]

Why do we need this?

[yevhene]

To forbid passwords contains only spaces, and give relevant error message.

[chancancode]

Not sure if we need actually want to block blank passwords. It seems like the original code was written this way to catch the nil case (3e23752), since we have a different branch for that we probably can just switch from checking blank -> empty? If people want to block empty passwords as well, they can just add another validation rule... what do you think?

[yevhene]

I think it would be reasonable behavior, if we accept spaces as any other char.

[chancancode]

seems good to me! can you add a changelog along the lines of "Fixed (what wasn't working). (Offer suggestion for those who preferred the original behavior)."? 😄

[chancancode]

Also, can you squash your commits?

[reichertm]

Not sure if this is the commit to blame as I migrated from rails 4.0.11.1 straight to 4.2 but there seems to be a side effect to this change. It is possible now to create a new record with password set and password_confirmation being nil. In the previous version the validation was failing with the two values not matching.