Has_secure_password: how to require a minimum length

Question

Has_secure_password: how to require a minimum length

How do I require the password to be as short as possible when using has_secure_password in Rails 3.1? I have tried:

class User < ActiveRecord::Base
    ... 
    validates :password, presence: { on: create }, length { minimum: 8 }
    ...
end

but then the check is not performed with the password "too short" when updating, if the password is not specified in the form parameters. For other attributes, length is only checked if a value is provided for the field. Is this a bug in the implementation of has_secure_password or am I doing something wrong?

+5

activerecord ruby-on-rails-3

Peder Jun 26 '11 at 19:47

source share

1 answer

apneadiving · Accepted Answer · 2011-06-26T19:55:17+0000

You should do something like:

validates :password, presence: { on: create }, length { minimum: 8 }, :if => :password_changed?

Has_secure_password: how to require a minimum length

More articles: