设计和password_confirmation验证

Question

我在设计和密码确认方面有困难。我在rails4中创建了一个模型测试，如下所示：

test "user requires a password_confirmation" do
  user = FactoryGirl.build(:user)
  assert user.valid?, "FactoryGirl should return a valid user"

  user.password_confirmation = nil

  # These are just some outputs to verify what's going on.
  # This is the condition in devises's password_required? method
  puts !user.persisted? || !user.password.nil? || !user.password_confirmation.nil? #=> true
  puts user.valid? #=> true

  assert user.invalid?, "Password confirmation should be required" # Fails here
  assert_equal 1, user.errors.size, "Only one error should have occured. #{user.errors.full_messages}"
end

此测试在第二个断言("Password confirmation should be required")中失败。

以下是我的完整用户模型：

class User < ActiveRecord::Base
  has_one :user_entity

  has_one :manager,through: :user_entity, source: :entity, source_type: 'Manager'
  has_one :client, through: :user_entity, source: :entity, source_type: 'Client'

  # Adds default behavior. See: https://github.com/stanislaw/simple_roles#many-strategy
  simple_roles

  validates :username,
    presence: true,
    length: { minimum: 4, allow_blank: true, if: :username_changed? },
    uniqueness: { allow_blank: true, if: :username_changed? },
    format: { with: /\A[A-z_0-9]+\z/, allow_blank: true, if: :username_changed? }

  # Include default devise modules. Others available are:
  # :token_authenticatable, :timeoutable, :omniauthable, :registerable
  devise  :database_authenticatable, :recoverable, :rememberable,
          :trackable, :validatable, :confirmable, :lockable

  # Virtual attribute for authenticating by either username or email
  # This is in addition to a real persisted field like 'username'
  attr_accessor :login

  def self.find_first_by_auth_conditions(warden_conditions)
    conditions = warden_conditions.dup

    # User need to be active
    conditions[:active] = true

    if login = conditions.delete(:login)
      where(conditions).where(["lower(username) = :value OR lower(email) = :value", { :value => login.downcase }]).first
    else
      where(conditions).first
    end
  end

  def entity
    self.user_entity.try(:entity)
  end

  def entity=(newEntity)
    self.build_user_entity(entity: newEntity)
  end

end

我尝试过添加我的用户模型：

validates :password,    confirmation: true

在此之后，测试通过了，但是在下一个测试中我得到了一个错误：

  1) Failure:
UserTest#test_user_requires_a_password [/my/project/test/models/user_test.rb:52]:
Two errors should have occured. ["Password confirmation doesn't match confirmation", "Password confirmation doesn't match confirmation", "Password can't be blank"].
Expected: 2
  Actual: 3

正如您所看到的，这就像确认验证发生了两次，两次都失败了。

我使用rails4 (edge)和rails4分支来设计。

编辑:我试过设置

user.password_confirmation = "#{user.password}_diff"

测试就通过了。那么，为什么在设置nil时忽略确认呢？由于对象尚未持久化，我假设必须提供密码确认。

Answer 1

我知道这是个老问题，但我也有同样的问题。

首先，将其从模型中删除，这样就不会得到重复的验证检查：

validates :password, confirmation: true

然后添加以下内容。我将其更改为只用于创建：

validates :password_confirmation, presence: true, on: :create

请参阅validates_confirmation_of关于这一页的部分

注意:只有当password_confirmation不是零时才执行此检查。若要要求确认，请确保为确认属性添加一个存在检查： validates_presence_of :password_confirmation，if：:password_changed？