11 files changed, 51 insertions, 20 deletions

diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
index 8d22e3ac46..c14b0688c7 100644
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -1,3 +1,9 @@
+*   Passwords with spaces only allowed in `ActiveModel::SecurePassword`.
+
+    Presence validation can be used to restore old behavior.
+
+    *Yevhene Shemet*
+
 *   Validate options passed to `ActiveModel::Validations.validate`.
 
     Preventing, in many cases, the simple mistake of using `validate` instead of `validates`.
diff --git a/activemodel/lib/active_model/dirty.rb b/activemodel/lib/active_model/dirty.rb
index d11243c4c0..ca04f48c1c 100644
--- a/activemodel/lib/active_model/dirty.rb
+++ b/activemodel/lib/active_model/dirty.rb
@@ -219,7 +219,7 @@ module ActiveModel
         rescue TypeError, NoMethodError
         end
 
-        changed_attributes[attr] = value
+        set_attribute_was(attr, value)
       end
 
       # Handle <tt>reset_*!</tt> for +method_missing+.
@@ -233,8 +233,22 @@ module ActiveModel
       def restore_attribute!(attr)
         if attribute_changed?(attr)
           __send__("#{attr}=", changed_attributes[attr])
-          changed_attributes.delete(attr)
+          clear_attribute_changes([attr])
         end
       end
+
+      # This is necessary because `changed_attributes` might be overridden in
+      # other implemntations (e.g. in `ActiveRecord`)
+      alias_method :attributes_changed_by_setter, :changed_attributes # :nodoc:
+
+      # Force an attribute to have a particular "before" value
+      def set_attribute_was(attr, old_value)
+        attributes_changed_by_setter[attr] = old_value
+      end
+
+      # Remove changes information for the provided attributes.
+      def clear_attribute_changes(attributes)
+        attributes_changed_by_setter.except!(*attributes)
+      end
   end
 end
diff --git a/activemodel/lib/active_model/errors.rb b/activemodel/lib/active_model/errors.rb
index 1d025beeef..fc8034f9c7 100644
--- a/activemodel/lib/active_model/errors.rb
+++ b/activemodel/lib/active_model/errors.rb
@@ -434,7 +434,7 @@ module ActiveModel
 
       options = {
         default: defaults,
-        model: @base.class.model_name.human,
+        model: @base.model_name.human,
         attribute: @base.class.human_attribute_name(attribute),
         value: value
       }.merge!(options)
diff --git a/activemodel/lib/active_model/forbidden_attributes_protection.rb b/activemodel/lib/active_model/forbidden_attributes_protection.rb
index 7468f95548..b4fa378601 100644
--- a/activemodel/lib/active_model/forbidden_attributes_protection.rb
+++ b/activemodel/lib/active_model/forbidden_attributes_protection.rb
@@ -23,5 +23,6 @@ module ActiveModel
           attributes
         end
       end
+      alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment
   end
 end
diff --git a/activemodel/lib/active_model/lint.rb b/activemodel/lib/active_model/lint.rb
index c6bc18b008..38087521a2 100644
--- a/activemodel/lib/active_model/lint.rb
+++ b/activemodel/lib/active_model/lint.rb
@@ -73,16 +73,19 @@ module ActiveModel
 
       # == \Naming
       #
-      # Model.model_name must return a string with some convenience methods:
-      # <tt>:human</tt>, <tt>:singular</tt> and <tt>:plural</tt>. Check
-      # ActiveModel::Naming for more information.
+      # Model.model_name and Model#model_name must return a string with some
+      # convenience methods: # <tt>:human</tt>, <tt>:singular</tt> and
+      # <tt>:plural</tt>. Check ActiveModel::Naming for more information.
       def test_model_naming
-        assert model.class.respond_to?(:model_name), "The model should respond to model_name"
+        assert model.class.respond_to?(:model_name), "The model class should respond to model_name"
         model_name = model.class.model_name
         assert model_name.respond_to?(:to_str)
         assert model_name.human.respond_to?(:to_str)
         assert model_name.singular.respond_to?(:to_str)
         assert model_name.plural.respond_to?(:to_str)
+
+        assert model.respond_to?(:model_name), "The model instance should respond to model_name"
+        assert_equal model.model_name, model.class.model_name
       end
 
       # == \Errors Testing
diff --git a/activemodel/lib/active_model/naming.rb b/activemodel/lib/active_model/naming.rb
index 86f5c96af9..4e6b02c246 100644
--- a/activemodel/lib/active_model/naming.rb
+++ b/activemodel/lib/active_model/naming.rb
@@ -215,10 +215,8 @@ module ActiveModel
   # provided method below, or rolling your own is required.
   module Naming
     def self.extended(base) #:nodoc:
-      base.class_eval do
-        remove_possible_method(:model_name)
-        delegate :model_name, to: :class
-      end
+      base.remove_possible_method :model_name
+      base.delegate :model_name, to: :class
     end
 
     # Returns an ActiveModel::Name object for module. It can be
@@ -306,12 +304,10 @@ module ActiveModel
     end
 
     def self.model_name_from_record_or_class(record_or_class) #:nodoc:
-      if record_or_class.respond_to?(:model_name)
-        record_or_class.model_name
-      elsif record_or_class.respond_to?(:to_model)
-        record_or_class.to_model.class.model_name
+      if record_or_class.respond_to?(:to_model)
+        record_or_class.to_model.model_name
       else
-        record_or_class.class.model_name
+        record_or_class.model_name
       end
     end
     private_class_method :model_name_from_record_or_class
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 7e179cf4b7..f6ad35769f 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -105,7 +105,7 @@ module ActiveModel
       attr_reader :password
 
       # Encrypts the password into the +password_digest+ attribute, only if the
-      # new password is not blank.
+      # new password is not empty.
       #
       #   class User < ActiveRecord::Base
       #     has_secure_password validations: false
@@ -119,7 +119,7 @@ module ActiveModel
       def password=(unencrypted_password)
         if unencrypted_password.nil?
           self.password_digest = nil
-        elsif unencrypted_password.present?
+        elsif !unencrypted_password.empty?
           @password = unencrypted_password
           cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
           self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)
diff --git a/activemodel/lib/active_model/serializers/json.rb b/activemodel/lib/active_model/serializers/json.rb
index c58e73f6a7..77f2a64b11 100644
--- a/activemodel/lib/active_model/serializers/json.rb
+++ b/activemodel/lib/active_model/serializers/json.rb
@@ -93,7 +93,7 @@ module ActiveModel
         end
 
         if root
-          root = self.class.model_name.element if root == true
+          root = model_name.element if root == true
           { root => serializable_hash(options) }
         else
           serializable_hash(options)
diff --git a/activemodel/lib/active_model/serializers/xml.rb b/activemodel/lib/active_model/serializers/xml.rb
index 7f99536dbb..3ad3bf30ad 100644
--- a/activemodel/lib/active_model/serializers/xml.rb
+++ b/activemodel/lib/active_model/serializers/xml.rb
@@ -84,7 +84,7 @@ module ActiveModel
           @builder = options[:builder]
           @builder.instruct! unless options[:skip_instruct]
 
-          root = (options[:root] || @serializable.class.model_name.element).to_s
+          root = (options[:root] || @serializable.model_name.element).to_s
           root = ActiveSupport::XmlMini.rename_key(root, options)
 
           args = [root]
diff --git a/activemodel/lib/active_model/validations.rb b/activemodel/lib/active_model/validations.rb
index f67a3be5c1..7ee033ba5f 100644
--- a/activemodel/lib/active_model/validations.rb
+++ b/activemodel/lib/active_model/validations.rb
@@ -39,6 +39,7 @@ module ActiveModel
     extend ActiveSupport::Concern
 
     included do
+      extend ActiveModel::Naming
       extend ActiveModel::Callbacks
       extend ActiveModel::Translation
 
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
index 6b21bc68fa..6d56c8344a 100644
--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -40,6 +40,11 @@ class SecurePasswordTest < ActiveModel::TestCase
     assert @user.valid?(:create), 'user should be valid'
   end
 
+  test "create a new user with validation and a spaces only password" do
+    @user.password = ' ' * 72
+    assert @user.valid?(:create), 'user should be valid'
+  end
+
   test "create a new user with validation and a blank password" do
     @user.password = ''
     assert !@user.valid?(:create), 'user should be invalid'
@@ -105,6 +110,11 @@ class SecurePasswordTest < ActiveModel::TestCase
     assert @existing_user.valid?(:update), 'user should be valid'
   end
 
+  test "updating an existing user with validation and a spaces only password" do
+    @user.password = ' ' * 72
+    assert @user.valid?(:update), 'user should be valid'
+  end
+
   test "updating an existing user with validation and a blank password and password_confirmation" do
     @existing_user.password = ''
     @existing_user.password_confirmation = ''