Reset Password Validation Error: Password is too short error even though password is within range

Question

Recently, I changed my code for password validation to the code below so that I could create a form that doesn't require password and password confirmation How to only change one attribute in a model using form_for in Rails.

Please note that I did not user has_secure_password to generate my encrypted password. I used SHA2.hexdigest per Hartl in RailsTutorial.

user.rb

before_save :encrypt_password, :unless => Proc.new { |u| u.password.blank? }
validates_presence_of :password, :if => :should_validate_password?
validates_confirmation_of :password, :if => :should_validate_password?
validates_length_of :password, :minimum => 6, :maximum => 40, :allow_blank => true
#changing :allow_blank from false to true above fixed my problem.

def should_validate_password?
  updating_password || new_record?
end

I followed this Railscast on Remember Me/Reset Password http://railscasts.com/episodes/274-remember-me-reset-password, and I keep getting this error:

ActiveRecord::RecordInvalid in PasswordResetsController#create

Validation failed: Password is too short (minimum is 6 characters)

This occured when I tried to generate auth_tokens for existing users and again when I tried to submit my email for a reset link. I was able temporarily remove this validation by commenting out the piece of code and everything worked fine.

I tried signing back in to the user account to change the password so that it was within the range (9 characters long), but I'm still getting the same length validation error message.

Any tips?

I have no idea where the problem stems from. I don't understand why my password is being validated.

Here is my create action in my Password Resets controller:

def create
  user = User.find_by_email(params[:email])
  user.send_password_reset if user
  redirect_to root_path, :notice => "Email sent with password reset"
end

Here is my password reset form:

<%= form_tag password_resets_path, :method => :post do %>
  <div class="field">
    <%= label_tag :email %>
    <%= text_field_tag :email, params[:email] %>
  </div>
  <div class="actions"><%= submit_tag "Reset Password" %></div>
<% end %>

Let me know if you guys need any additional files.

Edit: Made changes in code with working solution.

Thanks.

solved it. `:allow_blank => true` will make this work. – Huy May 16 '12 at 04:41 — Huy, May 16 '12 at 04:41

score 1 · Answer 1 · answered Jun 13 '12 at 09:04

The error comes up because you validate for password_confirmation. This means that it will expect a value within range in that too.

You can fix that by doing something like:

validates :password,  length:     { minimum: 8, allow_nil: true },
                      confirmation: true

score 1 · Answer 2 · edited Jan 21 '16 at 09:18

1

You don't need :should_validate_password?

I just added a Proc as follows:

validates :password, length: { minimum: 6 }, unless: Proc.new { |user| user.password.nil? }
validates :password_confirmation, presence: true, unless: Proc.new { |user| user.password.nil? }

Or you could group this using with_options

See: http://guides.rubyonrails.org/v3.2.13/active_record_validations_callbacks.html

edited Jan 21 '16 at 09:18

John Creamer

9,704
1
14
8

answered Jul 04 '12 at 15:07

railser

453
1
5
19

Reset Password Validation Error: Password is too short error even though password is within range

2 Answers2