How do I require that a password has a minimum length when using has_secure_password

Question

0

Asked: May 23, 20262026-05-23T09:30:02+00:00 2026-05-23T09:30:02+00:00

How do I require that a password has a minimum length when using has_secure_password

0

How do I require that a password has a minimum length when using has_secure_password in Rails 3.1? I tried to do:

class User < ActiveRecord::Base
    ... 
    validates :password, presence: { on: create }, length { minimum: 8 }
    ...
end

but then the validation fails with password “too short” on update when password is not provided in form params. For other attributes length is only validated if the value for the field is provided. Is this a bug in the has_secure_password implementation or am I doing something wrong?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T09:30:03+00:00

Editorial Team

2026-05-23T09:30:03+00:00Added an answer on May 23, 2026 at 9:30 am

You should do something like:

validates :password, presence: { on: create }, length { minimum: 8 }, :if => :password_changed?

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How do I require that a password has a minimum length when using has_secure_password

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply