From 3e237522366e4b5b5811f9436a58de99d8b12542 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Thu, 14 Apr 2011 14:54:25 -0700
Subject: bcrypt will encrypt anything, so validate_presence_of would not catch
 nil / blank passwords.  Thank you to Aleksander Kamil Modzelewski for
 reporting this

---
 activemodel/lib/active_model/secure_password.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'activemodel/lib/active_model')

diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index d6f0456698..ee94ad66cf 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -58,7 +58,9 @@ module ActiveModel
       # Encrypts the password into the password_digest attribute.
       def password=(unencrypted_password)
         @password = unencrypted_password
-        self.password_digest = BCrypt::Password.create(unencrypted_password)
+        unless unencrypted_password.blank?
+          self.password_digest = BCrypt::Password.create(unencrypted_password)
+        end
       end
     end
   end
-- 
cgit v1.2.3