remove password confirmation

CHANGELOG.md

@@ -1,3 +1,8 @@
+0.11.0 (unreleased)
+-------------------
+
+* Removing password confirmation
+
 0.10.5
 -------------------
 

app/controllers/clearance/passwords_controller.rb

@@ -31,8 +31,7 @@ def update
     @user = ::User.find_by_id_and_confirmation_token(
                    params[:user_id], params[:token])
 
-    if @user.update_password(params[:user][:password],
-                             params[:user][:password_confirmation])
+    if @user.update_password(params[:user][:password])
       sign_in(@user)
       flash_success_after_update
       redirect_to(url_after_update)

app/controllers/clearance/users_controller.rb

@@ -10,7 +10,7 @@ def new
   end
 
   def create
-    @user = ::User.new params[:user]
+    @user = ::User.new(params[:user])
     if @user.save
       flash_notice_after_create
       sign_in(@user)
@@ -23,7 +23,7 @@ def create
   private
 
   def flash_notice_after_create
-    flash[:notice] = translate(:deliver_confirmation,
+    flash[:notice] = translate(:signed_up,
       :scope   => [:clearance, :controllers, :users],
       :default => "You are now signed up.")
   end

app/views/passwords/edit.html.erb

@@ -12,10 +12,6 @@
     <%= form.label :password, "Choose password" %>
     <%= form.password_field :password %>
   </div>
-  <div class="password_field">
-    <%= form.label :password_confirmation, "Confirm password" %>
-    <%= form.password_field :password_confirmation %>
-  </div>
   <div class="submit_field">
     <%= form.submit "Save this password" %>
   </div>

app/views/users/_form.html.erb

@@ -7,7 +7,3 @@
   <%= form.label :password %>
   <%= form.password_field :password %>
 </div>
-<div class="password_field">
-  <%= form.label :password_confirmation, "Confirm password" %>
-  <%= form.password_field :password_confirmation %>
-</div>

features/engine/visitor_resets_password.feature

@@ -15,24 +15,14 @@ Feature: Password reset
     Then I should see "instructions for changing your password"
     And a password reset message should be sent to "email@example.com"
 
-  Scenario: User is signed up updated his password and tries blank password and confirmation
+  Scenario: User tries to reset his password with a blank password
     Given I signed up with "email@example.com/password"
     And I go to the password reset request page
     Then I should see an email field
     And I fill in "Email address" with "email@example.com"
     And I press "Reset password"
     When I follow the password reset link sent to "email@example.com"
-    And I update my password with "/"
-    Then I should see an error message
-    And I should be signed out
-
-  Scenario: User is signed up updated his password and types wrong confirmation
-    Given I signed up with "email@example.com/password"
-    And I go to the password reset request page
-    And I fill in "Email address" with "email@example.com"
-    And I press "Reset password"
-    When I follow the password reset link sent to "email@example.com"
-    And I update my password with "newpassword/wrongconfirmation"
+    And I update my password with ""
     Then I should see an error message
     And I should be signed out
 
@@ -42,7 +32,7 @@ Feature: Password reset
     And I fill in "Email address" with "email@example.com"
     And I press "Reset password"
     When I follow the password reset link sent to "email@example.com"
-    And I update my password with "newpassword/newpassword"
+    And I update my password with "newpassword"
     Then I should be signed in
     When I sign out
     Then I should be signed out
@@ -55,6 +45,6 @@ Feature: Password reset
     And I fill in "Email address" with "email@example.com"
     And I press "Reset password"
     When I follow the password reset link sent to "email@example.com"
-    And I update my password with "newpassword/newpassword"
+    And I update my password with "newpassword"
     Then I should be signed in
 

features/engine/visitor_signs_up.feature

@@ -8,16 +8,20 @@ Feature: Sign up
     When I go to the sign up page
     Then I should see an email field
 
-  Scenario: Visitor signs up with invalid data
+  Scenario: Visitor signs up with invalid email
     When I fill in "Email" with "invalidemail"
     And I fill in "Password" with "password"
-    And I fill in "Confirm password" with ""
     And I press "Sign up"
-    Then I should see error messages
+    Then I should see "Email is invalid"
+
+  Scenario: Visitor signs up with blank password
+    When I fill in "Email" with "email@example.com"
+    And I fill in "Password" with ""
+    And I press "Sign up"
+    Then I should see "Password can't be blank"
 
   Scenario: Visitor signs up with valid data
-    When I fill in "Email" with "email@person.com"
+    When I fill in "Email" with "email@example.com"
     And I fill in "Password" with "password"
-    And I fill in "Confirm password" with "password"
     And I press "Sign up"
     Then I should see "signed up"

features/step_definitions/engine/clearance_steps.rb

@@ -24,9 +24,8 @@
 
 Given /^(?:I am|I have|I) signed up (?:as|with) "(.*)\/(.*)"$/ do |email, password|
   Factory(:user,
-          :email                 => email,
-          :password              => password,
-          :password_confirmation => password)
+          :email    => email,
+          :password => password)
 end
 
 Given /^a user "([^"]*)" exists without a salt, remember token, or password$/ do |email|
@@ -71,9 +70,9 @@
   assert !user.confirmation_token.blank?
   assert !ActionMailer::Base.deliveries.empty?
   result = ActionMailer::Base.deliveries.any? do |email|
-    email.to == [user.email] &&
+    email.to      == [user.email] &&
     email.subject =~ /password/i &&
-    email.body =~ /#{user.confirmation_token}/
+    email.body    =~ /#{user.confirmation_token}/
   end
   assert result
 end
@@ -111,9 +110,8 @@
   And %{I press "Reset password"}
 end
 
-When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
+When /^I update my password with "(.*)"$/ do |password|
   And %{I fill in "Choose password" with "#{password}"}
-  And %{I fill in "Confirm password" with "#{confirmation}"}
   And %{I press "Save this password"}
 end
 

lib/clearance/engine.rb

@@ -4,7 +4,7 @@
 module Clearance
   class Engine < Rails::Engine
     initializer "clearance.filter" do |app|
-      app.config.filter_parameters += [:token, :password, :password_confirmation]
+      app.config.filter_parameters += [:token, :password]
     end
   end
 end

lib/clearance/user.rb

@@ -31,10 +31,10 @@ def self.included(model)
     module AttrAccessor
       # Hook for attr_accessor virtual attributes.
       #
-      # :password, :password_confirmation
+      # :password
       def self.included(model)
         model.class_eval do
-          attr_accessor :password, :password_confirmation
+          attr_accessor :password
           private
           attr_accessor :password_changing
         end
@@ -50,12 +50,11 @@ module Validations
       # :password must be present, confirmed
       def self.included(model)
         model.class_eval do
-          validates_presence_of     :email, :unless => :email_optional?
-          validates_uniqueness_of   :email, :case_sensitive => false, :allow_blank => true
-          validates_format_of       :email, :with => %r{^[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$}i, :allow_blank => true
+          validates_presence_of   :email, :unless => :email_optional?
+          validates_uniqueness_of :email, :allow_blank => true
+          validates_format_of     :email, :with => %r{^[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$}i, :allow_blank => true
 
-          validates_presence_of     :password, :unless => :password_optional?
-          validates_confirmation_of :password
+          validates_presence_of   :password, :unless => :password_optional?
         end
       end
     end
@@ -67,17 +66,16 @@ module Callbacks
       def self.included(model)
         model.class_eval do
           before_validation :downcase_email
-          before_save   :initialize_salt,
-                        :encrypt_password
-          before_create :generate_remember_token
+          before_save       :initialize_salt,
+                            :encrypt_password
+          before_create     :generate_remember_token
         end
       end
     end
 
     module InstanceMethods
       # Am I authenticated with given password?
       #
-      # @param [String] plain-text password
       # @return [true, false]
       # @example
       #   user.authenticated?('password')
@@ -113,14 +111,12 @@ def forgot_password!
 
       # Update my password.
       #
-      # @param [String, String] password and password confirmation
       # @return [true, false] password was updated or not
       # @example
-      #   user.update_password('new-password', 'new-password')
-      def update_password(new_password, new_password_confirmation)
-        self.password_changing     = true
-        self.password              = new_password
-        self.password_confirmation = new_password_confirmation
+      #   user.update_password('new-password')
+      def update_password(new_password)
+        self.password_changing = true
+        self.password          = new_password
         if valid?
           self.confirmation_token = nil
           generate_remember_token

spec/controllers/passwords_controller_spec.rb

@@ -101,18 +101,17 @@
       it { should render_template(:new) }
     end
 
-    describe "on PUT to #update with matching password and password confirmation" do
+    describe "on PUT to #update with password" do
       before do
         new_password = "new_password"
         @encrypted_new_password = @user.send(:encrypt, new_password)
         @user.encrypted_password.should_not == @encrypted_new_password
 
         put(:update,
-            :user_id  => @user,
-            :token    => @user.confirmation_token,
-            :user     => {
-              :password              => new_password,
-              :password_confirmation => new_password
+            :user_id => @user,
+            :token   => @user.confirmation_token,
+            :user    => {
+              :password => new_password
             })
         @user.reload
       end
@@ -133,17 +132,13 @@
       it { should redirect_to_url_after_update }
     end
 
-    describe "on PUT to #update with password but blank password confirmation" do
+    describe "on PUT to #update with blank password" do
       before do
-        new_password = "new_password"
-        @encrypted_new_password = @user.send(:encrypt, new_password)
-
         put(:update,
             :user_id => @user.to_param,
             :token   => @user.confirmation_token,
             :user    => {
-              :password => new_password,
-              :password_confirmation => ''
+              :password => ''
             })
         @user.reload
       end
@@ -173,5 +168,4 @@
       sign_in_as @user_one
     end
   end
-
 end

spec/factories.rb

@@ -3,9 +3,8 @@
 end
 
 Factory.define :user do |user|
-  user.email                 { Factory.next :email }
-  user.password              { "password" }
-  user.password_confirmation { |instance| instance.password }
+  user.email    { Factory.next :email }
+  user.password { "password" }
 end
 
 Factory.define :email_confirmed_user, :parent => :user do |user|