All geek questions in one place

Rails 4 has_secure_password visualization of password confirmation is optional

with rails 4, I use has_secure_password in my user model, the trick says that if I do not set: password_confirmation, it will never be started, but why when I run the test I get the error: Password confirmation cannot be empty as follows:

Failures: 1) User Failure/Error: it { should be_valid } expected #<User id: nil, name: "joe", email: " joe@mail.com ", created_at: nil, updated_at: nil, password_digest: "$2a$04$mcRr/msgYQR3kBVc3kv/m.UotBJuJuSXZKMw /eHTvU87..."> to be valid, but got errors: Password confirmation can't be blank

my test file looks like this:

 require 'spec_helper' describe User do before { @user = User.new(name: 'joe', email: ' joe@mail.com ', password: 'foo') } subject { @user } #.... #.... describe "when password is not present" do before { @user.password = "" } it { should_not be_valid } end end

Why am I getting this error, is there a solution for this? thank you's

+6
source share
3 answers

Change the test string before to this:

 before { @user = User.new( name: 'joe', email: ' joe@mail.com ', password: 'foo', password_confirmation: 'foo') #<== this line! }

That should fix it.

What it is:

Do you know how, when creating a new account on any website, they ask you to enter a password and enter it twice? What it is. When you create a new user, has_secure_password wants a password twice to make sure that you did not make a typo.

If password ! = password_confirmation , it will throw an exception and the user will not be created.

Again, this is used only for user creation . You do not need to enter two passwords in the form of login or something else. You do not need to add this field to your model or database.

If you have a user creation form, and you do not want to have a password_confirmation field, then you do not need this. You can set password_confirmation = password in your controller before you call save or something else.

But for the creation user, password_confirmation should be present.

+5
source

Shortly speaking

 has_secure_password validations: false # This is the key to the solution validates :password, presence: true, length: { minimum: 6 } # Or an length you want

Long story

  • docs and source code say:

    If you do not need verification verification, just do not set any value in the password_confirmation attribute, and verification will not start.

  • But they also say:

    Checking the password when creating, confirming the password (using the + password_confirmation + attribute). If you want to disable checks, pass checks: false as an argument. You can add additional checks manually if necessary.

  • Paragraph No. 1 is not a complete description. We need to disable all checks and add our own verification rules to make this work, as described in paragraph 2.

I spent some time on this and learned a lesson: find the source code when you mess up. It seems a painful or difficult way, but once upon a time it is the right way.

+21
source

I did this as a temporary measure until I get this application from Rails 4.0.13 to 4.1 and higher:

 class User < ActiveRecord::Base has_secure_password # Tempfix until Rails 4.1 https://github.com/rails/rails/pull/11107#issuecomment-21850919 raise "Get rid of this on Rails 4.1+" if Rails::VERSION::STRING != "4.0.13" before_validation { self.password_confirmation ||= password } end
+1
source

Source: https://habr.com/ru/post/950653/

More articles:


All Articles