Merge pull request #5966 from oscardelben/fix_secure_password_setter

Fix secure_password setter

2 files changed, 7 insertions, 1 deletions

diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 8ab0bccc11..ff2213231f 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -60,8 +60,8 @@ module ActiveModel
 
       # Encrypts the password into the password_digest attribute.
       def password=(unencrypted_password)
-        @password = unencrypted_password
         unless unencrypted_password.blank?
+          @password = unencrypted_password
           self.password_digest = BCrypt::Password.create(unencrypted_password)
         end
       end
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
index 4338a3fc53..c451cc1aca 100644
--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -19,6 +19,12 @@ class SecurePasswordTest < ActiveModel::TestCase
     assert !@user.valid?, 'user should be invalid'
   end
 
+  test "blank password doesn't override previous password" do
+    @user.password = 'test'
+    @user.password = ''
+    assert_equal @user.password, 'test'
+  end
+
   test "password must be present" do
     assert !@user.valid?
     assert_equal 1, @user.errors.size