Changing password not validating_confirmation_of

student · January 11, 2008, 7:30pm

Cargo-culting isn’t working…

User:
attr_reader :password # Virtual attribute

validates_presence_of :username
validates_uniqueness_of :username

attr_accessor :password_confirmation
validates_confirmation_of :password

& etc from AWDR with use of a hashed password

UserController:
def change_password
user = User.find(session[:user_id])
if request.post?
opw = params[:user][:old_password]
npw = params[:user][:password]
if user.verify_password(opw) and opw != npw
user.password = npw
user.save
else
flash.now[:notice] = “Bad Password”
end
end
end

change_password.rhtml:

<%= error_messages_for 'user' %> Changing Password

<% form_for :user do |form| %>
  <p>
    <label for="user_old_password">Old Password:</label>
    <%= form.text_field :old_password, :size => 40 %>
  </p>

  <p>
    <label for="user_password">Password:</label>
    <%= form.text_field :password, :size => 40 %>
  </p>

  <p>
    <label for="user_password_confirmation">Confirm:</label>
    <%= form.text_field :password_confirmation, :size => 40 %>
  </p>

  <%= submit_tag "Change Password", :class => "submit" %>
<% end %>

I’m reasonably certain that validates_confirmation_of is not being
invoked, but I have no idea why. Assigning user.password_confirmation
does not help. The parameters are coming in just fine.

student · January 11, 2008, 9:34pm

I’m not sure if this will fix your particular issue, but you may want
to remove your own attr_accessor for the password_confirmation
attribute, since validates_confirmation_of provides its own
implementation.

student · January 11, 2008, 10:34pm

The book has it & discussions here seem to confirm that it is
required. I’ll check, though.