Reputation: 4256
I'm having trouble with devise and password confirmation. I've created a model test in rails4 which looks like this:
test "user requires a password_confirmation" do
user =
assert user.valid?, "FactoryGirl should return a valid user"
user.password_confirmation = nil
# These are just some outputs to verify what's going on.
# This is the condition in devises's password_required? method
puts !user.persisted? || !user.password.nil? || !user.password_confirmation.nil? #=> true
puts user.valid? #=> true
assert user.invalid?, "Password confirmation should be required" # Fails here
assert_equal 1, user.errors.size, "Only one error should have occured. #{user.errors.full_messages}"
This test fails at second assert ("Password confirmation should be required"
Here's my full User model :
class User < ActiveRecord::Base
has_one :user_entity
has_one :manager,through: :user_entity, source: :entity, source_type: 'Manager'
has_one :client, through: :user_entity, source: :entity, source_type: 'Client'
# Adds default behavior. See:
validates :username,
presence: true,
length: { minimum: 4, allow_blank: true, if: :username_changed? },
uniqueness: { allow_blank: true, if: :username_changed? },
format: { with: /\A[A-z_0-9]+\z/, allow_blank: true, if: :username_changed? }
# Include default devise modules. Others available are:
# :token_authenticatable, :timeoutable, :omniauthable, :registerable
devise :database_authenticatable, :recoverable, :rememberable,
:trackable, :validatable, :confirmable, :lockable
# Virtual attribute for authenticating by either username or email
# This is in addition to a real persisted field like 'username'
attr_accessor :login
def self.find_first_by_auth_conditions(warden_conditions)
conditions = warden_conditions.dup
# User need to be active
conditions[:active] = true
if login = conditions.delete(:login)
where(conditions).where(["lower(username) = :value OR lower(email) = :value", { :value => login.downcase }]).first
def entity
def entity=(newEntity)
self.build_user_entity(entity: newEntity)
I've tried adding in my user model :
validates :password, confirmation: true
After that the test passes but i get an error on the next one:
1) Failure:
UserTest#test_user_requires_a_password [/my/project/test/models/user_test.rb:52]:
Two errors should have occured. ["Password confirmation doesn't match confirmation", "Password confirmation doesn't match confirmation", "Password can't be blank"].
Expected: 2
Actual: 3
As you can see, it's like the confirmation validation occurs two times and fails both time.
I'm using rails4 (edge) and the rails4 branch for devise.
EDIT: I tried setting
user.password_confirmation = "#{user.password}_diff"
And the test passes. So why is confirmation ignored when nil
is set ? As the object is not yet persisted i would assume a password confirmation has to be provided.
Upvotes: 2
Views: 5214
Reputation: 2175
I know this is an old question but I was having the same problem.
First, remove this from your model so you don't get duplicate validation checks:
validates :password, confirmation: true
Then add the following. I changed it to only work on create:
validates :password_confirmation, presence: true, on: :create
See the validates_confirmation_of section on this apidock page:
NOTE: This check is performed only if password_confirmation is not nil. To require confirmation, make sure to add a presence check for the confirmation attribute:
validates_presence_of :password_confirmation, if: :password_changed?
Upvotes: 6