Validating password: when empty, don't save it!

Hi,

Users can edit their own passwords in my app. But when they leave both
password-fields (_confirmation) empty, they get “” as their password.
Is their a way to get around this problem? This is my userobject when
I try to save it:

— !ruby/object:User
attributes:
updated_at: 2007-07-16 21:54:27
id: “2”
firstname: Leon
lastname: Bogaert
password: “”
account_number: 53.76.68.829
email: [email protected]
created_at: 2007-03-29 00:24:21
password_confirmation: “”

Thanks in advance!

Add this in your User model:

validates_presence_of :password
validates_presence_of :password_confirmation
validates_confirmation_of :password

p.s. I would use the restful_authentication or act_as_authenticated
plugins for logins :slight_smile:

PatRoy,

Thanks for your quick reply.
I don’t use a standard plugin for educational purposes.

When an user does not fill in his or her password it shouldn’t give an
error. The system should just not update the password.
This is (a part of) my usermodel:

MINIMUM_PASSPHRASE_LENGTH = 8
MAXIMUM_PASSPHRASE_LENGTH = 64

validates_presence_of :password,
:on => :create,
:message => “^Geen wachtwoord ingevuld”

validates_length_of :password,
:in =>
MINIMUM_PASSPHRASE_LENGTH…MAXIMUM_PASSPHRASE_LENGTH,
:if => Proc.new { |u| !
u.password.blank? },
:too_long => “Het wachtwoord mag maximaal %d tekens
lang
zijn”,
:too_short => “^Het wachtwoord moet minimaal %d tekens
lang
zijn”

validates_confirmation_of :password,
:if => Proc.new { |u| !
u.password.blank? },
:message => “^De wachtwoorden komen niet overeen”

when you save your object …


oldPassword = userObject.password

if params[:password] == “”
userObject.password = oldPassword
end


Thanks Patroy! But I would like to implement the code in my model.
It’s kind of business logic so I would like to implement it in the
proper place.

Or just use:

validates_confirmation_of :password,
:message => “must match confirm password”,
:if => Proc.new { |u| !u.password.blank? }

Wim

Meng wrote:

end


NEW on aXs GUARD: SSL VPN !! (contact your reseller for more info)


aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)

Able NV: ond.nr 0457.938.087
RPR Mechelen

Thanks PayRoy!

But I would rather not do that in my controller. It’s kind of business
logic. So it would be more suitable to place it in my model.

Hi I just stumbled on to this

heres my solution:

validates_presence_of :password, :password_confirmation,
:on => :update,
:if => :req_password?

def req_password?
!password.blank?
end

hope this helps.

Thanks Meng and Wim! But if the password is empty it will be saved to
the database (empty).
I think I’ll use the empty? function to set the password to the old
value.

Thanks for the help!
I found a topic on tweakers.net that handles this same problem:
[ruby on rails] wie gebruikt het? - Softwareontwikkeling - GoT

Mhhh… just thought about something. Maybe I can use before_save() to
set the original password when empty or nil.

Is there a way to extract a single value from the database? Without
using a query ofcourse :slight_smile: That’s something I do in php. Not RoR.