Merge remote-tracking branch 'origin/master'

2 files changed, 17 insertions, 0 deletions

diff --git a/activemodel/lib/active_model/locale/en.yml b/activemodel/lib/active_model/locale/en.yml
index ba49c6beaa..1842ba002f 100644
--- a/activemodel/lib/active_model/locale/en.yml
+++ b/activemodel/lib/active_model/locale/en.yml
@@ -1,4 +1,8 @@
 en:
+  attributes:
+    # Prevent confusion in form errors due to 'has_secure_password'
+    password_digest: "Password"
+
   errors:
     # The default format to use in full error messages.
     format: "%{attribute} %{message}"
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index e7a57cf691..7c529cb67b 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -10,6 +10,19 @@ module ActiveModel
       # a "password_confirmation" attribute) are automatically added.
       # You can add more validations by hand if need be.
       #
+      # Note: the implementation of <tt>has_secure_password</tt> enforces presence validation
+      # on the <tt>:password_digest</tt> attribute rather than on <tt>:password</tt>, which is
+      # in fact a virtual reader attribute.  However, <tt>validates_confirmation_of</tt> ensures
+      # an indirect means of presence validation of <tt>:password</tt> if the
+      # <tt>:password_confirmation</tt> attribute is not nil.
+      #
+      # You may want to add presence validation on <tt>:password</tt> for the benefit of your forms
+      #
+      #   class User < ActiveRecord::Base
+      #     has_secure_password
+      #     validates :password, :presence => { :on => :create }
+      #   end
+      #
       # You need to add bcrypt-ruby (~> 3.0.0) to Gemfile to use has_secure_password:
       #
       #   gem 'bcrypt-ruby', '~> 3.0.0'