kotovalexarian-likes-github
/
rails--rails
mirror of https://github.com/rails/rails.git
1
0
Fork 0
Code Releases Activity

Merge pull request #9545 from senny/9535_secure_password_blank 

`has_secure_password` is not invalid when assigning empty Strings
This commit is contained in:
Rafael Mendonça França 2013-03-07 08:05:05 -08:00
parent 7039fdd836 8c1687bbf8
commit cf09ac380e
5 changed files with 75 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
activemodel/CHANGELOG.md
View File

@ -1,5 +1,30 @@
## Rails 4.0.0 (unreleased) ##
* `has_secure_password` does not fail the confirmation validation
when assigning empty String to `password` and `password_confirmation`.
Example:
# given User has_secure_password.
@user.password = ""
@user.password_confirmation = ""
@user.valid?(:update) # used to be false
* `validates_confirmation_of` does not override writer methods for
the confirmation attribute if no reader is defined.
Example:
class Blog
def title=(new_title)
@title = new_title.downcase
end
# previously this would override the setter above.
validates_confirmation_of :title
end
*Yves Senn*
## Rails 4.0.0.beta1 (February 25, 2013) ##

10
activemodel/lib/active_model/secure_password.rb
View File

@ -48,6 +48,8 @@ module ActiveModel
attr_reader :password
include InstanceMethodsOnActivation
if options.fetch(:validations, true)
validates_confirmation_of :password
validates_presence_of :password, :on => :create
@ -55,8 +57,6 @@ module ActiveModel
before_create { raise "Password digest missing on new record" if password_digest.blank? }
end
include InstanceMethodsOnActivation
if respond_to?(:attributes_protected_by_default)
def self.attributes_protected_by_default #:nodoc:
super + ['password_digest']
@ -99,6 +99,12 @@ module ActiveModel
self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)
end
end
def password_confirmation=(unencrypted_password)
unless unencrypted_password.blank?
@password_confirmation = unencrypted_password
end
end
end
end
end

6
activemodel/lib/active_model/validations/confirmation.rb
View File

@ -10,9 +10,13 @@ module ActiveModel
end
def setup(klass)
klass.send(:attr_accessor, *attributes.map do |attribute|
klass.send(:attr_reader, *attributes.map do |attribute|
:"#{attribute}_confirmation" unless klass.method_defined?(:"#{attribute}_confirmation")
end.compact)
klass.send(:attr_writer, *attributes.map do |attribute|
:"#{attribute}_confirmation" unless klass.method_defined?(:"#{attribute}_confirmation=")
end.compact)
end
end

6
activemodel/test/cases/secure_password_test.rb
View File

@ -88,4 +88,10 @@ class SecurePasswordTest < ActiveModel::TestCase
@user.password = "secret"
assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
end
test "blank password_confirmation does not result in a confirmation error" do
@user.password = ""
@user.password_confirmation = ""
assert @user.valid?(:update), "user should be valid"
end
end

31
activemodel/test/cases/validations/confirmation_validation_test.rb
View File

@ -71,4 +71,35 @@ class ConfirmationValidationTest < ActiveModel::TestCase
I18n.backend = @old_backend
end
test "does not override confirmation reader if present" do
klass = Class.new do
include ActiveModel::Validations
def title_confirmation
"expected title"
end
validates_confirmation_of :title
end
assert_equal "expected title", klass.new.title_confirmation,
"confirmation validation should not override the reader"
end
test "does not override confirmation writer if present" do
klass = Class.new do
include ActiveModel::Validations
def title_confirmation=(value)
@title_confirmation = "expected title"
end
validates_confirmation_of :title
end
model = klass.new
model.title_confirmation = "new title"
assert_equal "expected title", model.title_confirmation,
"confirmation validation should not override the writer"
end
end