kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Fix secure_password password_confirmation validations

Browse source
This commit is contained in:
Vladimir Kiselev 2013-06-26 04:46:21 +04:00
parent f38b544442
commit 3be0cdfa55
3 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
activemodel/CHANGELOG.md
View file

@ -1,3 +1,8 @@
* Fix has_secure_password. `password_confirmation` validations are triggered
even if no `password_confirmation` is set.
*Vladimir Kiselev*
* `inclusion` / `exclusion` validations with ranges will only use the faster * `inclusion` / `exclusion` validations with ranges will only use the faster
`Range#cover` for numerical ranges, and the more accurate `Range#include?` `Range#cover` for numerical ranges, and the more accurate `Range#include?`
for non-numerical ones. for non-numerical ones.

10
activemodel/lib/active_model/secure_password.rb
View file

@ -56,9 +56,9 @@ module ActiveModel
include InstanceMethodsOnActivation include InstanceMethodsOnActivation
if options.fetch(:validations, true) if options.fetch(:validations, true)
validates_confirmation_of :password, if: lambda { |m| m.password.present? } validates_confirmation_of :password, if: :should_confirm_password?
validates_presence_of :password, on: :create validates_presence_of :password, on: :create
validates_presence_of :password_confirmation, if: lambda { |m| m.password.present? } validates_presence_of :password_confirmation, if: :should_confirm_password?
before_create { raise "Password digest missing on new record" if password_digest.blank? } before_create { raise "Password digest missing on new record" if password_digest.blank? }
end end
@ -109,6 +109,12 @@ module ActiveModel
def password_confirmation=(unencrypted_password) def password_confirmation=(unencrypted_password)
@password_confirmation = unencrypted_password @password_confirmation = unencrypted_password
end end
private
def should_confirm_password?
password_confirmation && password.present?
end
end end
end end
end end

5
activemodel/test/cases/secure_password_test.rb
View file

@ -95,6 +95,11 @@ class SecurePasswordTest < ActiveModel::TestCase
assert @user.valid?(:update), "user should be valid" assert @user.valid?(:update), "user should be valid"
end end
test "password_confirmation validations will not be triggered if password_confirmation is not sent" do
@user.password = "password"
assert @user.valid?(:create)
end
test "will not save if confirmation is blank but password is not" do test "will not save if confirmation is blank but password is not" do
@user.password = "password" @user.password = "password"
@user.password_confirmation = "" @user.password_confirmation = ""