Home/ Questions/Q 6602947
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T18:56:27+00:00

I have a very basic Admin model: class Admin < ActiveRecord::Base has_secure_password validates_uniqueness_of :email

  • 0

I have a very basic Admin model:

class Admin < ActiveRecord::Base
  has_secure_password
  validates_uniqueness_of :email
  attr_accessible :email, :password, :password_confirmation
end

According to the manual has_secure_password also adds a validates_confirmation_of :password. If I’m correct validates_confirmation_of should always error if :password and :password_confirmation do not match – even if :password_confirmation is nil.

I’m testing with RSpec and this test fails and tells me that admin is valid:

admin = Admin.new
admin.email = 'test@example.info'
admin.password = 'secret'
admin.should be_invalid

This one passes:

admin = Admin.new
admin.email = 'test@example.info'
admin.password = 'secret'
admin.password_confirmation = ''
admin.should be_invalid

So, what the heck am I doing wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here’s the code for has_secure_password:

    # File activemodel/lib/active_model/secure_password.rb, line 32
def has_secure_password
  attr_reader :password

  validates_confirmation_of :password
  validates_presence_of     :password_digest

  include InstanceMethodsOnActivation

  if respond_to?(:attributes_protected_by_default)
    def self.attributes_protected_by_default
      super + ['password_digest']
    end
  end
end

    As you can see it never ensures that a password confirmation is sent. You could add that yourself however, and as long as you have the form field on your page an empty string will be sent if it is unfilled.

    • 0