#157 new
Tom Wilson

Password reset fails if password_confirmation not included in model

Reported by Tom Wilson | December 6th, 2009 @ 01:33 PM

It seems that the intent of the
require_password_confirmation = false setting is to allow an implementation where the password_confirmation field is not used at all. (Quite reasonable... for many applications it's just unnecessary and annoying to hide the pw and then make the user enter it twice to verify.)

However, when I set
require_password_confirmation = false and remove password_confirmation from the User model, I get this error:
NoMethodError (undefined method password_confirmation=' for #<User:0xxxxxx>) when using the reset_password method.

Code source for the method is:

      def reset_password
        friendly_token = Authlogic::Random.friendly_token
        self.password = friendly_token
        self.password_confirmation = friendly_token
      end

There is probably more to this issue, but I propose it might be appropriate to skip trying to set the password_confirmation value whenever password confirmation is not required, for example:

      def reset_password
        friendly_token = Authlogic::Random.friendly_token
        self.password = friendly_token
        self.password_confirmation = friendly_token if require_password_confirmation
      end

A workaround is to add
attr_accessor :password_confirmation to the User model.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Pages