Validates :confirmation don't work

dubstep · April 10, 2011, 1:29pm

Hello, I have an ruby 1.9.2 with rails 3.0.5. I’m doing
railstutorial.org, but have a problem: validations of confirmation don’t
work! What’s matter?

Here is my user.rb model file:

== Schema Information

Schema version: 20110408112831

Table name: users

id :integer not null, primary key

name :string(255)

email :string(255)

created_at :datetime

updated_at :datetime

encrypted_password :string(255)

salt :string(255)

require ‘digest’
class User < ActiveRecord::Base
attr_accessible :name, :email, :encrypted_password, :salt, :password
attr_accessor :password, :password_confirmation

email_regex = /\A[\w+-.]+@[a-z\d-.]+.[a-z]+\z/i

validates :name, :presence => true,
:length => { :maximum => 50 }
validates :email, :presence => true,
:format => { :with => email_regex },
:uniqueness => { :case_sensitive => false }
validates :password, :presence => true, :length => {:within => 6…40},
:confirmation => true

#def has_password?(submitted_password)

encrypted_password == encrypt(submitted_password)

#end

#def self.authenticate(email, submitted_password)

user = find_by_email(email)

#user && user.has_password?(submitted_password) ? user : nil

#end

private

def encrypt_password
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(self.password)
end

def encrypt(string)
secure_hash(“#{string}–#{self.salt}”)
end

def make_salt
secure_hash(“#{Time.now.utc}–#{self.password}”)
end

def secure_hash(string)
Digest::SHA2.hexdigest(string)
end
end

When I try to save with small password, it’s error, but when I forget,
it isn’t. Why?

ruby-1.9.2-p180 :001 > User.create!(:name => “misha”, :email =>
“[email protected]”, :password => “ghgh”)
ActiveRecord::RecordInvalid: Validation failed: Password is too short
(minimum is 6 characters)
from
/usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/validations.rb:49:in
save!' from /usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/attribute_methods/dirty.rb:30:in save!’
from
/usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/transactions.rb:245:in
block in save!' from /usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/transactions.rb:292:in block in with_transaction_returning_status’
from
/usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/connection_adapters/abstract/database_statements.rb:139:in
transaction' from /usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/transactions.rb:207:in transaction’
from
/usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/transactions.rb:290:in
with_transaction_returning_status' from /usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/transactions.rb:245:in save!’
from
/usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/activerecord-3.0.5/lib/active_record/validations.rb:34:in
create!' from (irb):1 from /usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/railties-3.0.5/lib/rails/commands/console.rb:44:in start’
from
/usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/railties-3.0.5/lib/rails/commands/console.rb:8:in
start' from /usr/local/rvm/gems/ruby-1.9.2-p180@basicdev/gems/railties-3.0.5/lib/rails/commands.rb:23:in <top (required)>’
from script/rails:6:in require' from script/rails:6:in ’
ruby-1.9.2-p180 :002 > User.create!(:name => “misha”, :email =>
“[email protected]”, :password => “radjahhhh”)
=> #<User id: 1, name: “misha”, email: “[email protected]”, created_at:
“2011-04-10 11:29:13”, updated_at: “2011-04-10 11:29:13”,
encrypted_password: nil, salt: nil>

Thanks in advance, Misha

rarstd · April 10, 2011, 3:33pm

Sent from my iPhone

On Apr 10, 2011, at 6:29 AM, Misha O. [email protected] wrote:

attr_accessible :name, :email, :encrypted_password, :salt, :password
:confirmation => true
private
def make_salt

I don’t understand your question. What do you mean “when you forget it
isn’t”?

ruby-1.9.2-p180 :001 > User.create!(:name => “misha”, :email =>
“[email protected]”, :password => “ghgh”)
ActiveRecord::RecordInvalid: Validation failed: Password is too short
(minimum is 6 characters)

This is correct. You only have 4 characters in your password.

ruby-1.9.2-p180 :002 > User.create!(:name => “misha”, :email =>
“[email protected]”, :password => “radjahhhh”)
=> #<User id: 1, name: “misha”, email: “[email protected]”, created_at:
“2011-04-10 11:29:13”, updated_at: “2011-04-10 11:29:13”,
encrypted_password: nil, salt: nil>

This is correct. Your password is 9 characters long.

What exactly is the issue here? It appears that validation is working
exactly as it is supposed to.

B.

rarstd · April 10, 2011, 6:38pm

Bryan, I mean: why rails don’t need confirmation of password?

Misha

rarstd · April 10, 2011, 7:30pm

On Sun, Apr 10, 2011 at 11:38 AM, Misha O. [email protected]
wrote:

Bryan, I mean: why rails don’t need confirmation of password?

http://edgeguides.rubyonrails.org/active_record_validations_callbacks.html#validates_confirmation_of

You are already asking in your model for it to validate the presence of
the
password, it’s length between 6-40 characters, and that it matches the
password in the password_confirmation field. It’s all on this one line.

validates :password, :presence => true, :length => {:within => 6…40},
:confirmation => true

It only runs that validation if password_confirmation is not nil. Since
you
aren’t supplying a :password_confirmation in your create statement it is
treated as nil therefore no check is run. You need to require the that
the
user give you password_confirmation. Add the following right after the
above
code line and that should fix your issue.

validates :password_confirmation, :presence => true

B.

rarstd · April 11, 2011, 7:37am

Thanks! It works!