mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Ensure password confirmation is always required, closes #228
This commit is contained in:
parent
41311eb38d
commit
708fe78d86
2 changed files with 17 additions and 3 deletions
|
@ -58,8 +58,10 @@ module Devise
|
||||||
def update_with_password(params={})
|
def update_with_password(params={})
|
||||||
current_password = params.delete(:current_password)
|
current_password = params.delete(:current_password)
|
||||||
|
|
||||||
params.delete(:password) if params[:password].blank?
|
if params[:password].blank?
|
||||||
params.delete(:password_confirmation) if params[:password_confirmation].blank?
|
params.delete(:password)
|
||||||
|
params.delete(:password_confirmation) if params[:password_confirmation].blank?
|
||||||
|
end
|
||||||
|
|
||||||
result = if valid_password?(current_password)
|
result = if valid_password?(current_password)
|
||||||
update_attributes(params)
|
update_attributes(params)
|
||||||
|
|
|
@ -113,7 +113,6 @@ class RegistrationTest < ActionController::IntegrationTest
|
||||||
assert_equal "user@test.com", User.first.email
|
assert_equal "user@test.com", User.first.email
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
test 'a signed in user should be able to edit his password' do
|
test 'a signed in user should be able to edit his password' do
|
||||||
sign_in_as_user
|
sign_in_as_user
|
||||||
get edit_user_registration_path
|
get edit_user_registration_path
|
||||||
|
@ -129,6 +128,19 @@ class RegistrationTest < ActionController::IntegrationTest
|
||||||
assert User.first.valid_password?('pas123')
|
assert User.first.valid_password?('pas123')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'a signed in user should not be able to edit his password with invalid confirmation' do
|
||||||
|
sign_in_as_user
|
||||||
|
get edit_user_registration_path
|
||||||
|
|
||||||
|
fill_in 'password', :with => 'pas123'
|
||||||
|
fill_in 'password confirmation', :with => ''
|
||||||
|
fill_in 'current password', :with => '123456'
|
||||||
|
click_button 'Update'
|
||||||
|
|
||||||
|
assert_contain "Password doesn't match confirmation"
|
||||||
|
assert_not User.first.valid_password?('pas123')
|
||||||
|
end
|
||||||
|
|
||||||
test 'a signed in user should be able to cancel his account' do
|
test 'a signed in user should be able to cancel his account' do
|
||||||
sign_in_as_user
|
sign_in_as_user
|
||||||
get edit_user_registration_path
|
get edit_user_registration_path
|
||||||
|
|
Loading…
Reference in a new issue