Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

remove password confirmation

  • Loading branch information...
commit 4c455ec9f20872838efc5eabb875839d2fd84433 1 parent c656d44
@croaky croaky authored
View
5 CHANGELOG.md
@@ -1,3 +1,8 @@
+0.11.0 (unreleased)
+-------------------
+
+* Removing password confirmation
+
0.10.5
-------------------
View
3  app/controllers/clearance/passwords_controller.rb
@@ -31,8 +31,7 @@ def update
@user = ::User.find_by_id_and_confirmation_token(
params[:user_id], params[:token])
- if @user.update_password(params[:user][:password],
- params[:user][:password_confirmation])
+ if @user.update_password(params[:user][:password])
sign_in(@user)
flash_success_after_update
redirect_to(url_after_update)
View
4 app/controllers/clearance/users_controller.rb
@@ -10,7 +10,7 @@ def new
end
def create
- @user = ::User.new params[:user]
+ @user = ::User.new(params[:user])
if @user.save
flash_notice_after_create
sign_in(@user)
@@ -23,7 +23,7 @@ def create
private
def flash_notice_after_create
- flash[:notice] = translate(:deliver_confirmation,
+ flash[:notice] = translate(:signed_up,
:scope => [:clearance, :controllers, :users],
:default => "You are now signed up.")
end
View
4 app/views/passwords/edit.html.erb
@@ -12,10 +12,6 @@
<%= form.label :password, "Choose password" %>
<%= form.password_field :password %>
</div>
- <div class="password_field">
- <%= form.label :password_confirmation, "Confirm password" %>
- <%= form.password_field :password_confirmation %>
- </div>
<div class="submit_field">
<%= form.submit "Save this password" %>
</div>
View
4 app/views/users/_form.html.erb
@@ -7,7 +7,3 @@
<%= form.label :password %>
<%= form.password_field :password %>
</div>
-<div class="password_field">
- <%= form.label :password_confirmation, "Confirm password" %>
- <%= form.password_field :password_confirmation %>
-</div>
View
6 app/views/users/_inputs.html.erb
@@ -1,6 +0,0 @@
-<%= form.inputs do %>
- <%= form.input :email %>
- <%= form.input :password %>
- <%= form.input :password_confirmation, :label => "Confirm password" %>
-<% end %>
-
View
18 features/engine/visitor_resets_password.feature
@@ -15,24 +15,14 @@ Feature: Password reset
Then I should see "instructions for changing your password"
And a password reset message should be sent to "email@example.com"
- Scenario: User is signed up updated his password and tries blank password and confirmation
+ Scenario: User tries to reset his password with a blank password
Given I signed up with "email@example.com/password"
And I go to the password reset request page
Then I should see an email field
And I fill in "Email address" with "email@example.com"
And I press "Reset password"
When I follow the password reset link sent to "email@example.com"
- And I update my password with "/"
- Then I should see an error message
- And I should be signed out
-
- Scenario: User is signed up updated his password and types wrong confirmation
- Given I signed up with "email@example.com/password"
- And I go to the password reset request page
- And I fill in "Email address" with "email@example.com"
- And I press "Reset password"
- When I follow the password reset link sent to "email@example.com"
- And I update my password with "newpassword/wrongconfirmation"
+ And I update my password with ""
Then I should see an error message
And I should be signed out
@@ -42,7 +32,7 @@ Feature: Password reset
And I fill in "Email address" with "email@example.com"
And I press "Reset password"
When I follow the password reset link sent to "email@example.com"
- And I update my password with "newpassword/newpassword"
+ And I update my password with "newpassword"
Then I should be signed in
When I sign out
Then I should be signed out
@@ -55,6 +45,6 @@ Feature: Password reset
And I fill in "Email address" with "email@example.com"
And I press "Reset password"
When I follow the password reset link sent to "email@example.com"
- And I update my password with "newpassword/newpassword"
+ And I update my password with "newpassword"
Then I should be signed in
View
14 features/engine/visitor_signs_up.feature
@@ -8,16 +8,20 @@ Feature: Sign up
When I go to the sign up page
Then I should see an email field
- Scenario: Visitor signs up with invalid data
+ Scenario: Visitor signs up with invalid email
When I fill in "Email" with "invalidemail"
And I fill in "Password" with "password"
- And I fill in "Confirm password" with ""
And I press "Sign up"
- Then I should see error messages
+ Then I should see "Email is invalid"
+
+ Scenario: Visitor signs up with blank password
+ When I fill in "Email" with "email@example.com"
+ And I fill in "Password" with ""
+ And I press "Sign up"
+ Then I should see "Password can't be blank"
Scenario: Visitor signs up with valid data
- When I fill in "Email" with "email@person.com"
+ When I fill in "Email" with "email@example.com"
And I fill in "Password" with "password"
- And I fill in "Confirm password" with "password"
And I press "Sign up"
Then I should see "signed up"
View
12 features/step_definitions/engine/clearance_steps.rb
@@ -24,9 +24,8 @@
Given /^(?:I am|I have|I) signed up (?:as|with) "(.*)\/(.*)"$/ do |email, password|
Factory(:user,
- :email => email,
- :password => password,
- :password_confirmation => password)
+ :email => email,
+ :password => password)
end
Given /^a user "([^"]*)" exists without a salt, remember token, or password$/ do |email|
@@ -71,9 +70,9 @@
assert !user.confirmation_token.blank?
assert !ActionMailer::Base.deliveries.empty?
result = ActionMailer::Base.deliveries.any? do |email|
- email.to == [user.email] &&
+ email.to == [user.email] &&
email.subject =~ /password/i &&
- email.body =~ /#{user.confirmation_token}/
+ email.body =~ /#{user.confirmation_token}/
end
assert result
end
@@ -111,9 +110,8 @@
And %{I press "Reset password"}
end
-When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
+When /^I update my password with "(.*)"$/ do |password|
And %{I fill in "Choose password" with "#{password}"}
- And %{I fill in "Confirm password" with "#{confirmation}"}
And %{I press "Save this password"}
end
View
2  lib/clearance/engine.rb
@@ -4,7 +4,7 @@
module Clearance
class Engine < Rails::Engine
initializer "clearance.filter" do |app|
- app.config.filter_parameters += [:token, :password, :password_confirmation]
+ app.config.filter_parameters += [:token, :password]
end
end
end
View
30 lib/clearance/user.rb
@@ -31,10 +31,10 @@ def self.included(model)
module AttrAccessor
# Hook for attr_accessor virtual attributes.
#
- # :password, :password_confirmation
+ # :password
def self.included(model)
model.class_eval do
- attr_accessor :password, :password_confirmation
+ attr_accessor :password
private
attr_accessor :password_changing
end
@@ -50,12 +50,11 @@ module Validations
# :password must be present, confirmed
def self.included(model)
model.class_eval do
- validates_presence_of :email, :unless => :email_optional?
- validates_uniqueness_of :email, :case_sensitive => false, :allow_blank => true
- validates_format_of :email, :with => %r{^[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$}i, :allow_blank => true
+ validates_presence_of :email, :unless => :email_optional?
+ validates_uniqueness_of :email, :allow_blank => true
+ validates_format_of :email, :with => %r{^[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$}i, :allow_blank => true
- validates_presence_of :password, :unless => :password_optional?
- validates_confirmation_of :password
+ validates_presence_of :password, :unless => :password_optional?
end
end
end
@@ -67,9 +66,9 @@ module Callbacks
def self.included(model)
model.class_eval do
before_validation :downcase_email
- before_save :initialize_salt,
- :encrypt_password
- before_create :generate_remember_token
+ before_save :initialize_salt,
+ :encrypt_password
+ before_create :generate_remember_token
end
end
end
@@ -77,7 +76,6 @@ def self.included(model)
module InstanceMethods
# Am I authenticated with given password?
#
- # @param [String] plain-text password
# @return [true, false]
# @example
# user.authenticated?('password')
@@ -113,14 +111,12 @@ def forgot_password!
# Update my password.
#
- # @param [String, String] password and password confirmation
# @return [true, false] password was updated or not
# @example
- # user.update_password('new-password', 'new-password')
- def update_password(new_password, new_password_confirmation)
- self.password_changing = true
- self.password = new_password
- self.password_confirmation = new_password_confirmation
+ # user.update_password('new-password')
+ def update_password(new_password)
+ self.password_changing = true
+ self.password = new_password
if valid?
self.confirmation_token = nil
generate_remember_token
View
20 spec/controllers/passwords_controller_spec.rb
@@ -101,18 +101,17 @@
it { should render_template(:new) }
end
- describe "on PUT to #update with matching password and password confirmation" do
+ describe "on PUT to #update with password" do
before do
new_password = "new_password"
@encrypted_new_password = @user.send(:encrypt, new_password)
@user.encrypted_password.should_not == @encrypted_new_password
put(:update,
- :user_id => @user,
- :token => @user.confirmation_token,
- :user => {
- :password => new_password,
- :password_confirmation => new_password
+ :user_id => @user,
+ :token => @user.confirmation_token,
+ :user => {
+ :password => new_password
})
@user.reload
end
@@ -133,17 +132,13 @@
it { should redirect_to_url_after_update }
end
- describe "on PUT to #update with password but blank password confirmation" do
+ describe "on PUT to #update with blank password" do
before do
- new_password = "new_password"
- @encrypted_new_password = @user.send(:encrypt, new_password)
-
put(:update,
:user_id => @user.to_param,
:token => @user.confirmation_token,
:user => {
- :password => new_password,
- :password_confirmation => ''
+ :password => ''
})
@user.reload
end
@@ -173,5 +168,4 @@
sign_in_as @user_one
end
end
-
end
View
5 spec/factories.rb
@@ -3,9 +3,8 @@
end
Factory.define :user do |user|
- user.email { Factory.next :email }
- user.password { "password" }
- user.password_confirmation { |instance| instance.password }
+ user.email { Factory.next :email }
+ user.password { "password" }
end
Factory.define :email_confirmed_user, :parent => :user do |user|
View
50 spec/models/user_spec.rb
@@ -20,20 +20,6 @@
it { should_not allow_value("foo").for(:email) }
it { should_not allow_value("example.com").for(:email) }
- it "should require password confirmation on create" do
- user = Factory.build(:user, :password => 'blah',
- :password_confirmation => 'boogidy')
- (user.save).should_not be
- user.errors[:password].should be_any
- end
-
- it "should require non blank password confirmation on create" do
- user = Factory.build(:user, :password => 'blah',
- :password_confirmation => '')
- (user.save).should_not be
- user.errors[:password].should be_any
- end
-
it "should initialize salt" do
Factory(:user).salt.should_not be_nil
end
@@ -112,9 +98,9 @@ def @user.initialize_salt; end
@old_encrypted_password = @user.encrypted_password
end
- describe "who updates password with confirmation" do
+ describe "who updates password" do
before do
- @user.update_password("new_password", "new_password")
+ @user.update_password("new_password")
end
it "should change encrypted password" do
@@ -126,12 +112,8 @@ def @user.initialize_salt; end
it "should not generate the same remember token for users with the same password at the same time" do
Time.stubs(:now => Time.now)
password = 'secret'
- first_user = Factory(:user,
- :password => password,
- :password_confirmation => password)
- second_user = Factory(:user,
- :password => password,
- :password_confirmation => password)
+ first_user = Factory(:user, :password => password)
+ second_user = Factory(:user, :password => password)
second_user.remember_token.should_not == first_user.remember_token
end
@@ -155,9 +137,9 @@ def @user.initialize_salt; end
end
describe "and then updates password" do
- describe 'with confirmation' do
+ describe 'with password' do
before do
- @user.update_password("new_password", "new_password")
+ @user.update_password("new_password")
end
it "should change encrypted password" do
@@ -169,23 +151,9 @@ def @user.initialize_salt; end
end
end
- describe 'without confirmation' do
- before do
- @user.update_password("new_password", "")
- end
-
- it "should not change encrypted password" do
- @old_encrypted_password.should == @user.encrypted_password
- end
-
- it "should not clear confirmation token" do
- @user.confirmation_token.should_not be_nil
- end
- end
-
- describe 'with blank password and confirmation' do
+ describe 'with blank password' do
before do
- @user.update_password("", "")
+ @user.update_password("")
end
it "does not change encrypted password" do
@@ -251,7 +219,7 @@ def password_optional?
end
it "should initialize salt, generate remember token, and save encrypted password on update_password" do
- @user.update_password('password', 'password')
+ @user.update_password('password')
@user.salt.should_not be_nil
@user.encrypted_password.should_not be_nil
@user.remember_token.should_not be_nil
Please sign in to comment.
Something went wrong with that request. Please try again.