`has_secure_password` is not invalid when assigning empty Strings.

Closes #9535. With 692b3b6 the `password=` setter does no longer set blank passwords. This triggered validation errors when assigning empty Strings to `password` and `password_confirmation`. This patch only sets the confirmation if it is not `blank?`.
2013-03-04 18:56:05 +01:00 · 2013-03-04 18:56:05 +01:00 · 8c1687bbf8
parent b501ee47fa
commit 8c1687bbf8
3 changed files with 24 additions and 2 deletions
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@ -1,5 +1,15 @@
 ## Rails 4.0.0 (unreleased) ##

+*   `has_secure_password` does not fail the confirmation validation
+    when assigning empty String to `password` and `password_confirmation`.
+
+    Example:
+
+        # given User has_secure_password.
+        @user.password = ""
+        @user.password_confirmation = ""
+        @user.valid?(:update) # used to be false
+
 *   `validates_confirmation_of` does not override writer methods for
    the confirmation attribute if no reader is defined.

--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@ -48,6 +48,8 @@ module ActiveModel

        attr_reader :password

+        include InstanceMethodsOnActivation
+
        if options.fetch(:validations, true)
          validates_confirmation_of :password
          validates_presence_of     :password, :on => :create
@ -55,8 +57,6 @@ module ActiveModel
          before_create { raise "Password digest missing on new record" if password_digest.blank? }
        end

-        include InstanceMethodsOnActivation
-
        if respond_to?(:attributes_protected_by_default)
          def self.attributes_protected_by_default #:nodoc:
            super + ['password_digest']
@ -99,6 +99,12 @@ module ActiveModel
          self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)
        end
      end
+
+      def password_confirmation=(unencrypted_password)
+        unless unencrypted_password.blank?
+          @password_confirmation = unencrypted_password
+        end
+      end
    end
  end
 end
--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@ -88,4 +88,10 @@ class SecurePasswordTest < ActiveModel::TestCase
    @user.password = "secret"
    assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
  end
+
+  test "blank password_confirmation does not result in a confirmation error" do
+    @user.password = ""
+    @user.password_confirmation = ""
+    assert @user.valid?(:update), "user should be valid"
+  end
 end