Do not care blank passwords on update

CHANGELOG.rdoc

@@ -1,3 +1,6 @@
+* enhancements
+  * Do not care about blank passwords on update
+
 == 0.7.2
 
 * deprecation

lib/devise/models/authenticatable.rb

@@ -62,11 +62,19 @@ module Devise
         end
       end
 
-      # Verifies whether an incoming_password (ie from login) is the user password.
+      # Verifies whether an incoming_password (ie from sign in) is the user password.
       def valid_password?(incoming_password)
         password_digest(incoming_password) == encrypted_password
       end
 
+      # Overwrite update_attributes to not care for blank passwords.
+      def update_attributes(attributes)
+        [:password, :password_confirmation].each do |k|
+          attributes.delete(k) unless attributes[k].present?
+        end
+        super
+      end
+
       protected
 
         # Digests the password using the configured encryptor.

test/models/authenticatable_test.rb

@@ -27,6 +27,13 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert_equal salt, user.password_salt
   end
 
+  test 'should not care about empty password on update' do
+    user = create_user
+    user.update_attributes(:email => "jose.valim+updated@gmail.com", :password => "")
+    user.reload
+    assert_equal user.email, "jose.valim+updated@gmail.com"
+  end
+
   test 'should generate a base64 hash using SecureRandom for password salt' do
     ActiveSupport::SecureRandom.expects(:base64).with(15).returns('friendly_token')
     assert_equal 'friendly_token', new_user.password_salt