Restful_authentication falling tests, allowing blank passwords

All, I’m a bit of a journeyman when it comes to RoR, and I’ve been
having one issue setting up restful_authentication that’s making me
batty. I got most of my direction from the README and Ryan B.’
railscast1, but every time I set up an authentication system with
rails 2.0.2, users are failing one of their unit tests:

1) Failure:
test_should_require_password(UserTest)
    [test/unit/user_test.rb:31:in `test_should_require_password'
     /Applications/Locomotive2/Bundles/

rmagickRailsDec2007_i386.locobundle/framework/lib/ruby/gems/1.8/gems/
activesupport-2.0.2/lib/active_support/core_ext/test/unit/
assertions.rb:39:in assert_difference' /Applications/Locomotive2/Bundles/ rmagickRailsDec2007_i386.locobundle/framework/lib/ruby/gems/1.8/gems/ activesupport-2.0.2/lib/active_support/core_ext/test/unit/ assertions.rb:58:in assert_no_difference’
test/unit/user_test.rb:29:in `test_should_require_password’]:
is not true.

This basically allows a you to create a new user with a blank
password. I threw some logger statements into my model, and this is
what I’m seeing when the test runs:

=== called password_required?
crypted: 'NULL'
crypted blank: false
password:
password blank: true
password nil: true
result: false
====

password_required? looks like this usually:

def password_required?
  crypted_password.blank? || !password.blank?
end

and it’s used with:

validates_presence_of  :password, :if => :password_required?

so I’m guessing that with a new user who tries to sign up with a blank
password, crypted_password.blank? is not returning true, and so it
skips this validation. Am I on the right track? Any advice?

On Feb 11, 9:43 pm, Ryan C. [email protected] wrote:

rmagickRailsDec2007_i386.locobundle/framework/lib/ruby/gems/1.8/gems/

so I’m guessing that with a new user who tries to sign up with a blank
password, crypted_password.blank? is not returning true, and so it
skips this validation. Am I on the right track? Any advice?

A bit of an update… changing password_required? to

def password_required?
  crypted_password.blank? || crypted_password == "'NULL'" || !

password.blank?
end

Allows all restful_authentication tests to pass, even the functional
tests. This still seems a bit odd. Anyone have any thoughts?