Changing password not validating_confirmation_of

Cargo-culting isn't working...

User:   attr_reader :password # Virtual attribute

  validates_presence_of :username   validates_uniqueness_of :username

  attr_accessor :password_confirmation   validates_confirmation_of :password

& etc from AWDR with use of a hashed password

UserController:   def change_password     user = User.find(session[:user_id])     if request.post?       opw = params[:user][:old_password]       npw = params[:user][:password]       if user.verify_password(opw) and opw != npw         user.password = npw         user.save       else         flash.now[:notice] = "Bad Password"       end     end   end

change_password.rhtml:

<div class="CapPlanner-form"> <%= error_messages_for 'user' %>

  <fieldset>     <legend>Changing Password</legend>

    <% form_for :user do |form| %>       <p>         <label for="user_old_password">Old Password:</label>         <%= form.text_field :old_password, :size => 40 %>       </p>

      <p>         <label for="user_password">Password:</label>         <%= form.text_field :password, :size => 40 %>       </p>

      <p>         <label for="user_password_confirmation">Confirm:</label>         <%= form.text_field :password_confirmation, :size => 40 %>       </p>

      <%= submit_tag "Change Password", :class => "submit" %>     <% end %>   </fieldset> </div>

I'm reasonably certain that validates_confirmation_of is not being invoked, but I have no idea why. Assigning user.password_confirmation does not help. The parameters are coming in just fine.

I'm not sure if this will fix your particular issue, but you may want to remove your own attr_accessor for the password_confirmation attribute, since validates_confirmation_of provides its own implementation.

The book has it & discussions here seem to confirm that it is required. I'll check, though.