password_digest, has_secret_password and form validations in RoR 3.1

Question

If you haven't seen it yet, have a look at the latest railscast authentication in rails 3.1. He uses password_digest:string when generating the model and adds has_secret_password to the User model. He also adds some accessible_attributes, :password and :password_confirmation.

By using validates_confirmation_of :password we can make sure the password is confirmed before creating an instance. If I leave the password fields empty in my form I get this error message:

ruby-1.9.2-p180 :024 > u = User.new
 => #<User id: nil, name: nil, email: nil, password_digest: nil, created_at: nil, updated_at: nil> 
ruby-1.9.2-p180 :027 > u.save
   (0.4ms)  SELECT 1 FROM "users" WHERE "users"."email" = '' LIMIT 1
 => false 
ruby-1.9.2-p180 :028 > u.errors.full_messages
 => ["Password digest can't be blank"]

Of course we don't want to call the password field "Password digest" when communicating with our users. How do I change this error message?

Bonus question
When using validates_confirmation_of and using mismatching passwords I get two error messages telling me about it, and only the :password label and input tags are surrounded with fields_with_errors divs. If the passwords don't match I want to also highlight the password_confirmation input, if possible remove it altogether from the password part.

Should I write my own method for checking password confirmation? If so, could you provide some small guidelines?

Answer 1

The official way to solve this is to add the following to your locale file:

en:
  activerecord:
    attributes:
      user:
        password_digest: 'Password'

The English locale file is located at config/locales/en.yml. You may have to restart your server for the changes to be loaded in your environment.

Answer 2

To get rid of password_digest message, you can modify the view:

<% @user.errors.messages.delete(:password_digest) -%>