ruby-on-rails - 设计和 password_confirmation 验证

Question

我在设计和密码确认方面遇到了问题。我在 rails4 中创建了一个模型测试，如下所示:

test "user requires a password_confirmation" do
  user = FactoryGirl.build(:user)
  assert user.valid?, "FactoryGirl should return a valid user"

  user.password_confirmation = nil

  # These are just some outputs to verify what's going on.
  # This is the condition in devises's password_required? method
  puts !user.persisted? || !user.password.nil? || !user.password_confirmation.nil? #=> true
  puts user.valid? #=> true

  assert user.invalid?, "Password confirmation should be required" # Fails here
  assert_equal 1, user.errors.size, "Only one error should have occured. #{user.errors.full_messages}"
end

此测试在第二次断言时失败(“需要密码确认”)。

这是我的完整用户模型:

class User < ActiveRecord::Base
  has_one :user_entity

  has_one :manager,through: :user_entity, source: :entity, source_type: 'Manager'
  has_one :client, through: :user_entity, source: :entity, source_type: 'Client'

  # Adds default behavior. See: https://github.com/stanislaw/simple_roles#many-strategy
  simple_roles

  validates :username,
    presence: true,
    length: { minimum: 4, allow_blank: true, if: :username_changed? },
    uniqueness: { allow_blank: true, if: :username_changed? },
    format: { with: /\A[A-z_0-9]+\z/, allow_blank: true, if: :username_changed? }

  # Include default devise modules. Others available are:
  # :token_authenticatable, :timeoutable, :omniauthable, :registerable
  devise  :database_authenticatable, :recoverable, :rememberable,
          :trackable, :validatable, :confirmable, :lockable

  # Virtual attribute for authenticating by either username or email
  # This is in addition to a real persisted field like 'username'
  attr_accessor :login

  def self.find_first_by_auth_conditions(warden_conditions)
    conditions = warden_conditions.dup

    # User need to be active
    conditions[:active] = true

    if login = conditions.delete(:login)
      where(conditions).where(["lower(username) = :value OR lower(email) = :value", { :value => login.downcase }]).first
    else
      where(conditions).first
    end
  end

  def entity
    self.user_entity.try(:entity)
  end

  def entity=(newEntity)
    self.build_user_entity(entity: newEntity)
  end

end

我尝试在我的用户模型中添加:

validates :password,    confirmation: true

之后测试通过，但我在下一个测试中遇到错误:

  1) Failure:
UserTest#test_user_requires_a_password [/my/project/test/models/user_test.rb:52]:
Two errors should have occured. ["Password confirmation doesn't match confirmation", "Password confirmation doesn't match confirmation", "Password can't be blank"].
Expected: 2
  Actual: 3

如您所见，确认验证发生了两次，但都失败了。

我正在使用 rails4 (edge) 和 rails4 分支进行设计。

编辑:我试过设置

user.password_confirmation = "#{user.password}_diff"

测试通过。那么为什么在设置 nil 时忽略确认呢？由于该对象尚未保留，我认为必须提供密码确认。

Answer 1

我知道这是一个老问题，但我遇到了同样的问题。

首先，从您的模型中删除它，这样您就不会得到重复的验证检查:

validates :password, confirmation: true

然后添加以下内容。我将其更改为仅适用于创建:

validates :password_confirmation, presence: true, on: :create

请参阅 this apidock page 上的validates_confirmation_of 部分| :

NOTE: This check is performed only if password_confirmation is not nil. To require confirmation, make sure to add a presence check for the confirmation attribute:

validates_presence_of :password_confirmation, if: :password_changed?