From 5d93ef8f459254f075616d37763611ad87d86b30 Mon Sep 17 00:00:00 2001
From: Phil Calvin <pncalvin@gmail.com>
Date: Mon, 20 May 2013 12:13:21 -0700
Subject: Fix regression in has_secure_password.

If the confirmation was blank, but the password wasn't, it would still save.
---
 activemodel/lib/active_model/secure_password.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'activemodel/lib')

diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 750fd723a0..e553590671 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -56,8 +56,9 @@ module ActiveModel
         include InstanceMethodsOnActivation
 
         if options.fetch(:validations, true)
-          validates_confirmation_of :password
+          validates_confirmation_of :password, if: lambda { |m| m.password.present? }
           validates_presence_of     :password, on: :create
+          validates_presence_of     :password_confirmation, if: lambda { |m| m.password.present? }
 
           before_create { raise "Password digest missing on new record" if password_digest.blank? }
         end
@@ -106,9 +107,7 @@ module ActiveModel
       end
 
       def password_confirmation=(unencrypted_password)
-        unless unencrypted_password.blank?
-          @password_confirmation = unencrypted_password
-        end
+        @password_confirmation = unencrypted_password
       end
     end
   end
-- 
cgit v1.2.3