"Confirmation" succeeds when the *_confirmation attribute was neglected from the Model.


# Oops! I forgot to add the :password_confirmation attribute!

class User < ActiveRecord::Base
  attr_accessor :password
  attr_accessible :password #, :password_confirmation

            :confirmation => true,
            :presence => true)


  3 # == Active Model Confirmation Validator
  4 module Validations
  5 class ConfirmationValidator < EachValidator
  6 def validate_each(record, attribute, value)
  7 if (confirmed = record.send("#{attribute}_confirmation"))
&& (value != confirmed)
  8 record.errors.add(attribute, :confirmation, options)
  9 end
10 end

At line 7, since the attribute does not exist, no error is recorded.
That's wrong. If password_confirmation does not exist, then it was
certainly *not* confirmed. Sure, I would find the mistake later,
probably ... or maybe not, if I type 'password' instead of
'password_confirmation' elsewhere in my code.

I think that :confirmation=>true should *require* the *_confirmation
attribute, and it validate_each should issue a *different* error
message when missing (since otherwise this would be hard for a
developer to debug).