diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index d0ba6b4a..09345f1f 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,6 @@ +* enhancements + * Do not care about blank passwords on update + == 0.7.2 * deprecation diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index aa86448e..e9a1f843 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -62,11 +62,19 @@ module Devise end end - # Verifies whether an incoming_password (ie from login) is the user password. + # Verifies whether an incoming_password (ie from sign in) is the user password. def valid_password?(incoming_password) password_digest(incoming_password) == encrypted_password end + # Overwrite update_attributes to not care for blank passwords. + def update_attributes(attributes) + [:password, :password_confirmation].each do |k| + attributes.delete(k) unless attributes[k].present? + end + super + end + protected # Digests the password using the configured encryptor. diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index c61e61e7..627c04f8 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -27,6 +27,13 @@ class AuthenticatableTest < ActiveSupport::TestCase assert_equal salt, user.password_salt end + test 'should not care about empty password on update' do + user = create_user + user.update_attributes(:email => "jose.valim+updated@gmail.com", :password => "") + user.reload + assert_equal user.email, "jose.valim+updated@gmail.com" + end + test 'should generate a base64 hash using SecureRandom for password salt' do ActiveSupport::SecureRandom.expects(:base64).with(15).returns('friendly_token') assert_equal 'friendly_token', new_user.password_salt