bcrypt will encrypt anything, so validate_presence_of would not catch nil / blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this

author: Aaron Patterson <aaron.patterson@gmail.com> 2011-04-14 14:54:25 -0700
committer: Aaron Patterson <aaron.patterson@gmail.com> 2011-04-14 14:54:25 -0700
commit: 3e237522366e4b5b5811f9436a58de99d8b12542 (patch)
tree: 43329d0760f64d6b1f6c3f9b8bfb0fdee714b02e /activemodel/lib/active_model
parent: 9951af02891f889cbc8de818adb6b50ceb31e7bf (diff)
download: rails-3e237522366e4b5b5811f9436a58de99d8b12542.tar.gz
rails-3e237522366e4b5b5811f9436a58de99d8b12542.tar.bz2
rails-3e237522366e4b5b5811f9436a58de99d8b12542.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index d6f0456698..ee94ad66cf 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -58,7 +58,9 @@ module ActiveModel
       # Encrypts the password into the password_digest attribute.
       def password=(unencrypted_password)
         @password = unencrypted_password
-        self.password_digest = BCrypt::Password.create(unencrypted_password)
+        unless unencrypted_password.blank?
+          self.password_digest = BCrypt::Password.create(unencrypted_password)
+        end
       end
     end
   end
author	Aaron Patterson <aaron.patterson@gmail.com>	2011-04-14 14:54:25 -0700
committer	Aaron Patterson <aaron.patterson@gmail.com>	2011-04-14 14:54:25 -0700
commit	3e237522366e4b5b5811f9436a58de99d8b12542 (patch)
tree	43329d0760f64d6b1f6c3f9b8bfb0fdee714b02e /activemodel/lib/active_model
parent	9951af02891f889cbc8de818adb6b50ceb31e7bf (diff)
download	rails-3e237522366e4b5b5811f9436a58de99d8b12542.tar.gz rails-3e237522366e4b5b5811f9436a58de99d8b12542.tar.bz2 rails-3e237522366e4b5b5811f9436a58de99d8b12542.zip