Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

validates_confirmation_of :password doesn't get triggered

I have a very basic Admin model:

class Admin < ActiveRecord::Base
  has_secure_password
  validates_uniqueness_of :email
  attr_accessible :email, :password, :password_confirmation
end

According to the manual has_secure_password also adds a validates_confirmation_of :password. If I'm correct validates_confirmation_of should always error if :password and :password_confirmation do not match - even if :password_confirmation is nil.

I'm testing with RSpec and this test fails and tells me that admin is valid:

admin = Admin.new
admin.email = '[email protected]'
admin.password = 'secret'
admin.should be_invalid

This one passes:

admin = Admin.new
admin.email = '[email protected]'
admin.password = 'secret'
admin.password_confirmation = ''
admin.should be_invalid

So, what the heck am I doing wrong?

like image 511
Wukerplank Avatar asked Sep 24 '11 11:09

Wukerplank


1 Answers

Here's the code for has_secure_password:

# File activemodel/lib/active_model/secure_password.rb, line 32
def has_secure_password
  attr_reader :password

  validates_confirmation_of :password
  validates_presence_of     :password_digest

  include InstanceMethodsOnActivation

  if respond_to?(:attributes_protected_by_default)
    def self.attributes_protected_by_default
      super + ['password_digest']
    end
  end
end

As you can see it never ensures that a password confirmation is sent. You could add that yourself however, and as long as you have the form field on your page an empty string will be sent if it is unfilled.

like image 194
thomasfedb Avatar answered Sep 25 '22 14:09

thomasfedb