Merge pull request #16412 from yevhene/master

Fix in has_secure_password for passwords containing only spaces.

Merge pull request #16412 from yevhene/master
Fix in has_secure_password for passwords containing only spaces.
e2689d1d · Santiago Pastorino · f0fdba8b · f8dcb365 · e2689d1d · e2689d1d
3 changed file
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
+*   Passwords with spaces only allowed in `ActiveModel::SecurePassword`.
+
+    Presence validation can be used to resore old behavior.
+
+    *Yevhene Shemet*
+
 *   Validate options passed to `ActiveModel::Validations.validate`.

    Preventing, in many cases, the simple mistake of using `validate` instead of `validates`.

--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -105,7 +105,7 @@ def authenticate(unencrypted_password)
      attr_reader :password

      # Encrypts the password into the +password_digest+ attribute, only if the
-      # new password is not blank.
+      # new password is not empty.
      #
      #   class User < ActiveRecord::Base
      #     has_secure_password validations: false
@@ -119,7 +119,7 @@ def authenticate(unencrypted_password)
      def password=(unencrypted_password)
        if unencrypted_password.nil?
          self.password_digest = nil
-        elsif unencrypted_password.present?
+        elsif !unencrypted_password.empty?
          @password = unencrypted_password
          cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
          self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)

--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -40,6 +40,11 @@ class SecurePasswordTest < ActiveModel::TestCase
    assert @user.valid?(:create), 'user should be valid'
  end

+  test "create a new user with validation and a spaces only password" do
+    @user.password = ' ' * 72
+    assert @user.valid?(:create), 'user should be valid'
+  end
+
  test "create a new user with validation and a blank password" do
    @user.password = ''
    assert !@user.valid?(:create), 'user should be invalid'
@@ -105,6 +110,11 @@ class SecurePasswordTest < ActiveModel::TestCase
    assert @existing_user.valid?(:update), 'user should be valid'
  end

+  test "updating an existing user with validation and a spaces only password" do
+    @user.password = ' ' * 72
+    assert @user.valid?(:update), 'user should be valid'
+  end
+
  test "updating an existing user with validation and a blank password and password_confirmation" do
    @existing_user.password = ''
    @existing_user.password_confirmation = ''