Fixed bug where password length validations were not being run

wayneeseguin · Dec 24, 2008 · 5ee3be0 · 5ee3be0
1 parent 79938e1
commit 5ee3be0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -2,6 +2,7 @@
 
 * Only change persistence token if the password is not blank
 * Normalize the last_request_at_threshold so that you can pass an integer or a date/time range.
+* Fixed bug where password length validations were not being run because the password value was not blank. It should be run if it is a new record, the password has changed, or the password is blank.
 
 == 1.3.7 released 2008-11-30
 

diff --git a/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb b/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb
@@ -116,12 +116,12 @@ def reset_#{options[:password_field]}!
               def validate_#{options[:password_field]}?
                 case #{options[:password_field_validates_length_of_options][:if].inspect}
                 when String
-                  return false unless eval('#{options[:password_field_validates_length_of_options][:if]}')
+                  return false if !eval('#{options[:password_field_validates_length_of_options][:if]}')
                 when Symbol
-                  return false unless send(#{options[:password_field_validates_length_of_options][:if].inspect})
+                  return false if !send(#{options[:password_field_validates_length_of_options][:if].inspect})
                 end
                 
-                #{options[:crypted_password_field]}.blank?
+                new_record? || #{options[:password_salt_field]}_changed? || #{options[:crypted_password_field]}.blank?
               end
               
               private