form_for validation it doesn't work

Hello Guys I have the following problem. I made a controller to reset the password of a user.

Here is the controller:

class PasswordResetsController < ApplicationController

layout "sessions"

def new

end

def create

user = User.find_by_email!(params[:password_resets][:email] )

user.send_password_reset if user

redirect_to root_url, :notice => "Las instrucciones para reestrablecer la contrasena fueron enviadas."

end

def edit

@user = User.find_by_password_reset_token!(params[:id])

end

def update

@user = User.find_by_password_reset_token!(params[:id])

if @user.password_reset_at < (2.hours.ago).to_date

	redirect_to new_password_reset_path, :alert => "El link para actualizar la contrasena ha expirado."

elsif @user.update_attributes(params[:user])

	@user.reset_password_token

	redirect_to root_url, :notice => "La contrasena ha sido cambiada."

else

	render :edit

end

end

end

Here is the model:

class User < ActiveRecord::Base

attr_accessible :email, :password, :password_confirmation

has_secure_password

before_save { |user| user.email = email.downcase }

before_save :create_remember_token

VALID_EMAIL_REGEX = /\A[\w+-.]+@[a-z\d-.]+.[a-z]+\z/i

validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }

validates :password, presence: true, length: { minimum: 6 }, confirmation: true, unless: Proc.new { |a| !a.new_record? && a.password.blank? }

def send_password_reset

	self.password_reset_token = SecureRandom.urlsafe_base64

	self.password_reset_at = Time.zone.now

	save!

	UserMailer.password_reset(self).deliver

end

def reset_password_token

	self.password_reset_token = nil

	self.password_reset_at = nil

	save!

end

private

def create_remember_token

	self.remember_token = SecureRandom.urlsafe_base64

end

end

Basically this is my problem:

the user click on the link that he receive in his email, then user, use the form of the edit password_reset form to reset his password, everything works great, except the following issues; if the user leave the password field and the password_confirmation field in blank, the form_for didn’t validate and save the user with a blank password. I don’t know how to fix this. Does anybody has an idea?

validates :password, presence: true, length: { minimum: 6 }, confirmation: true, unless: Proc.new { |a| !a.new_record? && a.password.blank? }

because of this .. unless: .... so you have to modify that

tom

Tom, could you help me please. I tried this way:

validates :password, presence: true, length: { minimum: 6 }, confirmation: true, unless: Proc.new { |a| !a.new_record? && a.password.blank? && a.password_reset_token.blank? }

or this

validates :password, presence: true, length: { minimum: 6 }, confirmation: true, unless: Proc.new { |a| !a.new_record? && a.password.blank? && !a.password_reset_token.blank? }

But I can find I way to validate the presence password in my reset password form.

Thanks

you can add some other attribute and set, eg in user model

attr_accessor :reset_password

then set it as true

def update
user = User.find...
user.reset_password = true
...
end

and then you can change your validates to use reset_password

validates :password ... , if: Proc.new{|r| r.new_record? || r.reset_password || r.password.present?}

tom