password validation breaks devise confirmation

2
votes

I am using devise to manage the user accounts of my app. So far everything has been working pretty good but I stumbled upon what I find very strange behaviour. Basically what happened is that I added the following code to my user model:

validates :password, { confirmation: true, length: { in: 6..20 } } 
validates :username, { uniqueness: true, length: { in: 3..25 } }

On first glance this seemed to work fine. Failing to enter valid information would keep the user information from being saved to the database. Unfortunately it somehow broke the e-mail confirmation of devise. Devise still sends the email on registration but the confirmation link doesn't work as it used to. Suddenly what happens is that he sends me to the page where I can re-request confirmation info (despite not being told to do so at all). He also complains (via flash message) that my password can't be "blank" and that the user hasn't been saved. This makes zero sense as the user has already been saved before the confirmation link was even clicked (with a valid pw too). And it did in fact get saved as I have found inspecting the database table manually.

What I gather from this is that he is probably trying to change certain columns in the user table like confirmed_email and confirmed_at etc. But somehow he also tries to supply a new pw at the same time which is absolutely not what he should be doing. Why he redirects me to that page where I can resend the confirmation mail is also completely beyond me.

What can I do to solve my problem? I don't want to use :validatable but rather do my own validation without completely wrecking my devise. Here is some additional info:

rails 3.2.12
ruby 1.9.3p392 devise 2.2.3

log:

Started GET "/users/confirmation?confirmation_token=ojx35QawQdHSWi655mru" for 127.0.0.1 at 2013-06-20 17:01:12 +0200 Processing by Devise::ConfirmationsController#show as HTML Parameters: {"confirmation_token"=>"ojx35QawQdHSWi655mru"} User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."confirmation_token" = 'ojx35QawQdHSWi655mru' LIMIT 1 (0.1ms) BEGIN User Exists (0.2ms) SELECT 1 AS one FROM "users" WHERE ("users"."username" = 'what the heck' AND "users"."id" != 22) LIMIT 1 (0.1ms) ROLLBACK Rendered devise/shared/_links.erb (0.4ms) Rendered devise/confirmations/new.html.erb within layouts/application (2.1ms) Completed 200 OK in 14ms (Views: 9.0ms | ActiveRecord: 0.8ms)

3
ruby-on-railsrubydeviseconfirmation

3 Answers

7
votes

It might not be your problem, but devise already validates the password for you in

config/initializers/devise.rb

with

config.password_length = 8..128

Try changing that instead of adding it to the user model first. (or remove it)

0
votes

edit this line in your devise.rb 

 config.password_length = 6..20

This above line is the built in configuration of devise.The password length is set to 8 to 128 in orignal.The devise user no need to write custom validators about user authentication.For eg, for email format we can set 

config.email_regexp = /\A[^@]+@[^@]+\z/
0
votes

forgot to entry in application_controller.rb in rails 4

before_action :configure_permitted_parameters, if: :devise_controller? protected
def configure_permitted_parameters
  devise_parameter_sanitizer.for(:sign_up {|u|u.permit(:email,:password,:password_confirmation)}
end