I am currently writing an app using RoR4 and am having trouble with authentication. Even though I've added has_secure_password to the User model, I still seem to be able to create a new user without having to provide a password confirmation.
2.1.2 :012 > me = User.create(:institution_id => 1, :email => "[email protected]", :password => "mypassword")
(0.1ms) BEGIN
User Exists (0.3ms) SELECT 1 AS one FROM `users` WHERE `users`.`email` = BINARY '[email protected]' LIMIT 1
SQL (0.2ms) INSERT INTO `users` (`created_at`, `email`, `institution_id`, `password_digest`, `updated_at`) VALUES ('2014-07-14 20:02:34', '[email protected]', 1, '$2a$10$sD2N.2nxhYO7egzzWxfF5.cdIZ4ds41.sU93Ja3E9Q0qAOaABdZb6', '2014-07-14 20:02:34')
(8.2ms) COMMIT
=> #<User id: 5, institution_id: 1, first_name: nil, last_name: nil, email: "[email protected]", blurb: nil, facebook_link: nil, facebook_token: nil, password_digest: "$2a$10$sD2N.2nxhYO7egzzWxfF5.cdIZ4ds41.sU93Ja3E9Q0...", api_key: nil, active: false, created_at: "2014-07-14 20:02:34", updated_at: "2014-07-14 20:02:34", authentication_token: nil>
Why is this happening? Shouldn't has_secure_password always require a password confirmation as well??
Thanks for the help
gem 'bcrypt'? and what does you user model contains ? – Abdul Baig'bcrypt'installed. I actually decided to use custom validations as I needed to treat some aspects of the authentication in a special way. I am now using bcrypt to generate a password_salt and password_hash for an extra layer of security. Thanks for the help though! – Julian D