mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
has_secure_password
is not invalid when assigning empty Strings.
Closes #9535.
With 692b3b6
the `password=` setter does no longer set blank passwords.
This triggered validation errors when assigning empty Strings to `password`
and `password_confirmation`.
This patch only sets the confirmation if it is not `blank?`.
This commit is contained in:
parent
b501ee47fa
commit
8c1687bbf8
3 changed files with 24 additions and 2 deletions
|
@ -1,5 +1,15 @@
|
|||
## Rails 4.0.0 (unreleased) ##
|
||||
|
||||
* `has_secure_password` does not fail the confirmation validation
|
||||
when assigning empty String to `password` and `password_confirmation`.
|
||||
|
||||
Example:
|
||||
|
||||
# given User has_secure_password.
|
||||
@user.password = ""
|
||||
@user.password_confirmation = ""
|
||||
@user.valid?(:update) # used to be false
|
||||
|
||||
* `validates_confirmation_of` does not override writer methods for
|
||||
the confirmation attribute if no reader is defined.
|
||||
|
||||
|
|
|
@ -48,6 +48,8 @@ module ActiveModel
|
|||
|
||||
attr_reader :password
|
||||
|
||||
include InstanceMethodsOnActivation
|
||||
|
||||
if options.fetch(:validations, true)
|
||||
validates_confirmation_of :password
|
||||
validates_presence_of :password, :on => :create
|
||||
|
@ -55,8 +57,6 @@ module ActiveModel
|
|||
before_create { raise "Password digest missing on new record" if password_digest.blank? }
|
||||
end
|
||||
|
||||
include InstanceMethodsOnActivation
|
||||
|
||||
if respond_to?(:attributes_protected_by_default)
|
||||
def self.attributes_protected_by_default #:nodoc:
|
||||
super + ['password_digest']
|
||||
|
@ -99,6 +99,12 @@ module ActiveModel
|
|||
self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)
|
||||
end
|
||||
end
|
||||
|
||||
def password_confirmation=(unencrypted_password)
|
||||
unless unencrypted_password.blank?
|
||||
@password_confirmation = unencrypted_password
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -88,4 +88,10 @@ class SecurePasswordTest < ActiveModel::TestCase
|
|||
@user.password = "secret"
|
||||
assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
|
||||
end
|
||||
|
||||
test "blank password_confirmation does not result in a confirmation error" do
|
||||
@user.password = ""
|
||||
@user.password_confirmation = ""
|
||||
assert @user.valid?(:update), "user should be valid"
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue