Don't clear password fields if the password is ok

Hi,

I’ve done a registration form with password and password_confirmation fields and the fields are being cleared if there is an error with another form input, e.g. invalid email. I find it annoying that password has to be reentered when there is a problem with another field, actually, there can be many iterations until the user gets input right. All this time having to reenter password and confirmation is clearly annoying.

So, I would like the password and confirmation fields not to be cleared if the password is ok and confirmation matches it. However, I have no idea where to start. Any ideas?

Thanks.

Hi,

I've done a registration form with password and password_confirmation fields and the fields are being cleared if there is an error with another form input, e.g. invalid email. I find it annoying that password has to be reentered when there is a problem with another field, actually, there can be many iterations until the user gets input right. All this time having to reenter password and confirmation is clearly annoying.

So, I would like the password and confirmation fields not to be cleared if the password is ok and confirmation matches it. However, I have no idea where to start. Any ideas?

Are you using an authentication engine, like Devise? This may be happening in a mixin in the model in that case, and you'll have to open that up and change the behavior. Otherwise, what does your view look like for the form?

Walter

No, I’m not using auth engine, I only use has_secure_password'. I've tried removing that and adding attr_accessor :password, :password_confirmation’ and it didn’t change a thing, so it seems to be the default Rails behaviour.

My view: http://pastebin.com/s7tpwN4D

Dmitry Maksyoma wrote in post #1081303:

No, I'm not using auth engine, I only use `has_secure_password'. I've
tried
removing that and adding `attr_accessor :password,
:password_confirmation'
and it didn't change a thing, so it seems to be the default Rails
behaviour.

My view: http://pastebin.com/s7tpwN4D

I'm not 100% sure about this, but I have a feeling that behavior exists
for security reasons. The primary concern about providing a password to
a server is limiting the amount of time the cleartext version exists.

In fact I'd be willing to wager that the hashing occurs in the RACK
middleware, which means your Rails application never sees the cleartext
password, and therefore would not have it to send back in the response.