password_required? should not affect length validation, closes #1037.

CHANGELOG.rdoc

@@ -1,6 +1,9 @@
 * enhancements
   * Improve e-mail regexp (by github.com/rodrigoflores)
 
+* bug fix
+  * password_required? should not affect length validation
+
 == 1.3.3
 
 * bug fix

lib/devise/models/validatable.rb

@@ -26,11 +26,9 @@ module Devise
           validates_uniqueness_of :email, :case_sensitive => (case_insensitive_keys != false), :allow_blank => true
           validates_format_of     :email, :with  => email_regexp, :allow_blank => true
 
-          with_options :if => :password_required? do |v|
-            v.validates_presence_of     :password
-            v.validates_confirmation_of :password
-            v.validates_length_of       :password, :within => password_length, :allow_blank => true
-          end
+          validates_presence_of     :password, :if => :password_required?
+          validates_confirmation_of :password, :if => :password_required?
+          validates_length_of       :password, :within => password_length, :allow_blank => true
         end
       end
 

test/models/validatable_test.rb

@@ -91,6 +91,13 @@ class ValidatableTest < ActiveSupport::TestCase
     assert_not (user.errors[:password].join =~ /is too long/)
   end
 
+  test 'should complain about length even if possword is not required' do
+    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
+    user.stubs(:password_required?).returns(false)
+    assert user.invalid?
+    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+  end
+
   test 'shuold not be included in objects with invalid API' do
     assert_raise RuntimeError do
       Class.new.send :include, Devise::Models::Validatable