Julian D
Reputation: 73
Ruby on Rails 4: has_secure_password is not asking for a password confirmation when creating new user
I am currently writing an app using RoR4 and am having trouble with authentication. Even though I've added has_secure_password to the User model, I still seem to be able to create a new user without having to provide a password confirmation.
2.1.2 :012 > me = User.create(:institution_id => 1, :email => "[email protected]", :password => "mypassword")
(0.1ms) BEGIN
User Exists (0.3ms) SELECT 1 AS one FROM `users` WHERE `users`.`email` = BINARY '[email protected]' LIMIT 1
SQL (0.2ms) INSERT INTO `users` (`created_at`, `email`, `institution_id`, `password_digest`, `updated_at`) VALUES ('2014-07-14 20:02:34', '[email protected]', 1, '$2a$10$sD2N.2nxhYO7egzzWxfF5.cdIZ4ds41.sU93Ja3E9Q0qAOaABdZb6', '2014-07-14 20:02:34')
(8.2ms) COMMIT
=> #<User id: 5, institution_id: 1, first_name: nil, last_name: nil, email: "[email protected]", blurb: nil, facebook_link: nil, facebook_token: nil, password_digest: "$2a$10$sD2N.2nxhYO7egzzWxfF5.cdIZ4ds41.sU93Ja3E9Q0...", api_key: nil, active: false, created_at: "2014-07-14 20:02:34", updated_at: "2014-07-14 20:02:34", authentication_token: nil>
Why is this happening? Shouldn't has_secure_password always require a password confirmation as well??
Thanks for the help
Upvotes: 1
Views: 557
Answers (1)
Abdul Baig
Reputation: 3721
Make sure you followed these things:
add gem 'bcrypt' to gem file.
Next:
have a password_digest attribute
Next:
class User < ActiveRecord::Base
has_secure_password
end
Then you can test it:
user = User.new(name: 'david', password: '', password_confirmation: 'nomatch')
user.save # => false, password required
user.password = 'mUc3m00RsqyRe'
user.save # => false, confirmation doesn't match
user.password_confirmation = 'mUc3m00RsqyRe'
user.save # => true
user.authenticate('notright') # => false
user.authenticate('mUc3m00RsqyRe') # => user
User.find_by(name: 'david').try(:authenticate, 'notright') # => false
User.find_by(name: 'david').try(:authenticate, 'mUc3m00RsqyRe') # => user
Upvotes: 3
Related Questions
- Disable the has_secure_password password_confirmation check in Rails 4
- Ruby - ActiveModel::SecurePassword not working
- How to disable password/confirmation validations when using has_secure_password in Rails 3.2?
- rails4 authentication with has_secure_password not working
- rails 4 has_secure_password render password confirmation optional
- Password can't be blank in Rails (Using has_secure_password)
- Rails: has_secure_password not performing validation
- has_secure_password insisting password is not being sent when it is
- Password Confirmation with has_secure_password
- How can I make the user confirm their current password when using has_secure_password?