Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialCHI WAI YIP
10,438 PointsWhy not password_digest but :password and :password_confirmation?
Hi all,
in this course, Jason changed the strong parameters password_digest
to :password, :password_confirmation
in user_controller.rb.
What's that mean? Doesn't password_digest
include presence and confirmation of password ?
1 Answer
Maciej Czuchnowski
36,441 PointsBasically, when using bcrypt gem and has_secure_password method, you need a database column password_digest (it does not store the password, just a digest), but in your interface with the user, you need password and password_confirmation (in your form and strong parameters). More documentation:
http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html
CHI WAI YIP
10,438 PointsCHI WAI YIP
10,438 PointsI think I figure out that.. because he add the
"password" => "pasword1234", "password_confirmation" => "pasword1234"
in users_controller_spec.rb