Validation failed: Password digest can't be blank

Question

I have seen other threads with similar problems but they don't seem to fix my problem. I am following along with with the tutorial on http://ruby.railstutorial.org/ to get a basic user sign up and login or a different project then that sample one.

Basically when I run rspec I keep getting this error. I have run all my migrations and test prepare. Really stumped with this.

1) User should reject duplicate email addresses
 Failure/Error: User.create!(@attr)
 ActiveRecord::RecordInvalid:
   Validation failed: Password digest can't be blank, Password can't be blank, Password is too short (minimum is 6 characters), Password confirmation can't be blank
 # ./spec/models/user_spec.rb:60:in `block (2 levels) in <top (required)>'

2) User should accept valid email addresses
 Failure/Error: valid_email_user.should be_valid end
   expected #<User id: nil, name: "Example User", email: "[email protected]", created_at: nil, updated_at: nil, password_digest: nil> to be valid, but got errors: Password digest can't be blank, Password can't be blank, Password is too short (minimum is 6 characters), Password confirmation can't be blank
 # ./spec/models/user_spec.rb:48:in `block (3 levels) in <top (required)>'
 # ./spec/models/user_spec.rb:46:in `each'
 # ./spec/models/user_spec.rb:46:in `block (2 levels) in <top (required)>'

3) User should create a new instance given valid attributes
 Failure/Error: User.create!(@attr)
 ActiveRecord::RecordInvalid:
   Validation failed: Password digest can't be blank, Password can't be blank, Password is too short (minimum is 6 characters), Password confirmation can't be blank
 # ./spec/models/user_spec.rb:25:in `block (2 levels) in <top (required)>' 

4) User should reject email addresses identical up to case
 Failure/Error: User.create!(@attr.merge(:email => upcased_email))
 ActiveRecord::RecordInvalid:
   Validation failed: Password digest can't be blank, Password can't be blank, Password is too short (minimum is 6 characters), Password confirmation can't be blank
 # ./spec/models/user_spec.rb:67:in `block (2 levels) in <top (required)>'

Here is my user_spec

require 'spec_helper'

describe User do
  before(:each) do
    @attr = { :name => "Example User", :email => "[email protected]" }
  end

  before do
    @user = User.new(name: "Example User", email: "[email protected]",
                     password: "foobar", password_confirmation: "foobar")
  end

  subject { @user }

  it { should respond_to(:name) }
  it { should respond_to(:email) }
  it { should respond_to(:password_digest) }
  it { should respond_to(:password) }
  it { should respond_to(:password_confirmation) }
  it { should respond_to(:authenticate) }

  it { should be_valid }

  it "should create a new instance given valid attributes" do
    User.create!(@attr)
  end

  it "should require a name"  do
    no_name_user = User.new(@attr.merge(:name => ""))
    no_name_user.should_not be_valid
  end

  it "should require an email address" do
    no_email_user = User.new(@attr.merge(:email => ""))
    no_email_user.should_not be_valid
  end

  it "should reject names that are too long" do
    long_name = "a" * 51
    long_name_user = User.new(@attr.merge(:name => long_name))
    long_name_user.should_not be_valid
  end

  it "should accept valid email addresses" do
    addresses = %w[[email protected] [email protected] [email protected]]
    addresses.each do |address|
      valid_email_user = User.new(@attr.merge(:email => address))
      valid_email_user.should be_valid end
  end

  it "should reject invalid email addresses" do
    addresses = %w[user@foo,com user_at_foo.org example.user@foo.]
    addresses.each do |address|
      invalid_email_user = User.new(@attr.merge(:email => address))
      invalid_email_user.should_not be_valid end
  end

  it "should reject duplicate email addresses" do
    # Put a user with given email address into the database.
    User.create!(@attr)
    user_with_duplicate_email = User.new(@attr)
    user_with_duplicate_email.should_not be_valid
  end

  it "should reject email addresses identical up to case" do
    upcased_email = @attr[:email].upcase
    User.create!(@attr.merge(:email => upcased_email))
    user_with_duplicate_email = User.new(@attr)
    user_with_duplicate_email.should_not be_valid
  end

  describe "when password is not present" do
    before { @user.password = @user.password_confirmation = " " }
    it { should_not be_valid }
  end

  describe "when password doesn't match confirmation" do
    before { @user.password_confirmation = "mismatch" }
    it { should_not be_valid }
  end

  describe "when password confirmation is nil" do
    before { @user.password_confirmation = nil }
    it { should_not be_valid }
  end

  describe "with a password that's too short" do
    before { @user.password = @user.password_confirmation = "a" * 5 }
    it { should be_invalid }
  end

  describe "return value of authenticate method" do
    before { @user.save }
    let(:found_user) { User.find_by_email(@user.email) }

    describe "with valid password" do
      it { should == found_user.authenticate(@user.password) }
    end

    describe "with invalid password" do
      let(:user_for_invalid_password) { found_user.authenticate("invalid") }

      it { should_not == user_for_invalid_password }
      specify { user_for_invalid_password.should be_false }
    end
  end

end

here is my user model

class User < ActiveRecord::Base

  attr_accessible :name, :email, :password, :password_confirmation
  has_secure_password

  before_save { |user| user.email = email.downcase }

  validates :name, presence: true, length: { maximum: 50 }
  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
  validates :email, presence:   true,
            format:     { with: VALID_EMAIL_REGEX },
            uniqueness: { case_sensitive: false }
  validates :password, presence: true, length: { minimum: 6 }
  validates :password_confirmation, presence: true
end

Answer 1

your validation is broken too, a password and password_confirmation should be required if the user is created but not thereafter

validates :password, presence: true, length: { minimum: 6 }
validates :password_confirmation, presence: true

you will run into problems if you try to update the user later on, say changing its Name, because then it will check for both password and password_confirmation but the user already has a password set stored usually in the password_digist field encrypted by bcrypt but not stored along with password and confirmation in plain text.

I recommend this only to be validated for new records:

validates :password, presence: true, length: { minimum: 6 } if new?
validates :password_confirmation, presence: true if new?