Weird "Password doesn't match confirmation" validation error when it shouldn't be there
768 views
Skip to first unread message
jonthewayne
Mar 26, 2011, 7:32:29 AM3/26/11
to Devise
I setup a separate controller to allow me to have a crud interface for
adding and editing users in my admin app.
On the edit user screen I show the pw and pw confirmation fields
without the current_password field since I don't think users should
have to fill in their old pw if they are already authenticated. The
form fields:
<p class="colx2-left">
<%= f.label :password %>
<%= f.password_field :password, :autocomplete => 'off', :class =>
"full-width" %>
</p>
<p class="colx2-right">
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation, :class => "full-width" %>
</p>
In my update method I load the user resource and then do (note I'm not
using Devise's update_with_password method):
respond_to do |format|
if @admin_tool_user.update_attributes(params[:admin_tool_user])
# set session['return-to'] to nil so user can go back to edit
their account and this session var will get reset as it should
previous_location = session['return-to']
session['return-to'] = nil
format.html { redirect_to(previous_location, :notice => "Admin
User was successfully updated.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @admin_tool_user.errors, :status
=> :unprocessable_entity }
end
end
In my model I'm doing:
class AdminToolUser < ActiveRecord::Base
# Setup accessible (or protected) attributes for the model
attr_accessible :email, :password, :password_confirmation, :remember_me, :first_name, :last_name
validates_presence_of :first_name, :last_name
# I'm not using devise validation because I want users to be not
have to submit current pw on pw change
validates_presence_of :password, :if => :password_required?
validates_confirmation_of :password, :if => :password_required?
validates_length_of :password, :within => 6..30, :allow_blank =>
true, :if => :password_required?
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable, :registerable, :lockable
and :timeoutable
devise :database_authenticatable, :recoverable, :rememberable, :trackable
protected
def password_required?
!persisted? || (password.present? &&
password_confirmation.present?)
end
end
The problem is when I fill in the pw and pw confirm fields, the
validation fails saying pw can't be blank and doesn't match
confirmation. If I comment out those validations the user record is
saved and the updated encrypted pw and pw salt persisted. What's even
more crazy is the validates_length_of pw works just fine.
So why can the length validation see the pw and pass it, but the
presence and confirmation validation's fail? Blows my mind! Anyone
have any ideas? :)
Thanks!
adding and editing users in my admin app.
On the edit user screen I show the pw and pw confirmation fields
without the current_password field since I don't think users should
have to fill in their old pw if they are already authenticated. The
form fields:
<p class="colx2-left">
<%= f.label :password %>
<%= f.password_field :password, :autocomplete => 'off', :class =>
"full-width" %>
</p>
<p class="colx2-right">
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation, :class => "full-width" %>
</p>
In my update method I load the user resource and then do (note I'm not
using Devise's update_with_password method):
respond_to do |format|
if @admin_tool_user.update_attributes(params[:admin_tool_user])
# set session['return-to'] to nil so user can go back to edit
their account and this session var will get reset as it should
previous_location = session['return-to']
session['return-to'] = nil
format.html { redirect_to(previous_location, :notice => "Admin
User was successfully updated.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @admin_tool_user.errors, :status
=> :unprocessable_entity }
end
end
In my model I'm doing:
class AdminToolUser < ActiveRecord::Base
# Setup accessible (or protected) attributes for the model
attr_accessible :email, :password, :password_confirmation, :remember_me, :first_name, :last_name
validates_presence_of :first_name, :last_name
# I'm not using devise validation because I want users to be not
have to submit current pw on pw change
validates_presence_of :password, :if => :password_required?
validates_confirmation_of :password, :if => :password_required?
validates_length_of :password, :within => 6..30, :allow_blank =>
true, :if => :password_required?
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable, :registerable, :lockable
and :timeoutable
devise :database_authenticatable, :recoverable, :rememberable, :trackable
protected
def password_required?
!persisted? || (password.present? &&
password_confirmation.present?)
end
end
The problem is when I fill in the pw and pw confirm fields, the
validation fails saying pw can't be blank and doesn't match
confirmation. If I comment out those validations the user record is
saved and the updated encrypted pw and pw salt persisted. What's even
more crazy is the validates_length_of pw works just fine.
So why can the length validation see the pw and pass it, but the
presence and confirmation validation's fail? Blows my mind! Anyone
have any ideas? :)
Thanks!
jonthewayne
May 19, 2011, 5:25:12 AM5/19/11
to Devise
In the end I got around this problem by creating my own custom
validation:
https://gist.github.com/980468
validation:
https://gist.github.com/980468
Reply all
Reply to author
Forward
0 new messages